微步api之ip信誉批量查询脚本

Fredg0n

已于 2023-09-11 17:11:36 修改

阅读量714

点赞数 1

文章标签：网络网络安全

于 2023-08-11 14:26:32 首次发布

本文链接：https://blog.csdn.net/feigerger/article/details/132230362

版权

最近在当监控小子，每天就是查查ip封封ip，虽然不累但是异常枯燥，而且每天的日报整理起来也非常麻烦，于是利用微步的api接口，编写了批量查询和统计的脚本，再也不怕日报整理麻烦了。

直接从waf生成当天的告警记录的表格，利用python的csv模块进行文件读取，将ip过滤去重之后进行api请求，最后直接统计告警类型和危害程度高的ip

具体代码如下，纯原创


import csv
import requests
import time
from collections import Counter

# 文件路径
path = '文件路径'
# api
url = "https://api.threatbook.cn/v3/scene/ip_reputation"
# key
key = "自己的apikey"
context_list=[]

# 字典列表去重
def remove_duplicate_dicts(input_list):
    unique_list = []
    seen_dicts = set()
    for dictionary in input_list:
        dictionary_tuple = tuple(sorted(dictionary.items()))

        if dictionary_tuple not in seen_dicts:
            seen_dicts.add(dictionary_tuple)
            unique_list.append(dictionary)

    return unique_list

# 读取文件中的ip和安全类型
def ip_list():
    ListForIp = []
    # 文件读取，path是文件路径
    with open(path, 'r') as file:
        reader = csv.reader(file)
        # 遍历每行数据

        #需要修改表格中ip的列数，row[?]
        for row in reader:
            # 去表头
            if row[2] == "安全类型" or row[4] == "源IP":
                continue
            # 生成一个字典，其格式为{"type","攻击类型","ip","x.x.x.x"}
            dirt = {"type": row[2].replace(" ", ""), "ip": row[4].replace(" ", "")}
            # 将字典存储到列表中
            ListForIp.append(dirt)
            # 去重
            #ListForIp = remove_duplicate_dicts(ListForIp)
        #     因为微步限制，所以限制列表内超过50个数据
        if len(ListForIp) > 50:
            print(ListForIp)
            print("ip数量超过50")

            # return False
            # ListForIp = ListForIp[:20]

            # print(ListForIp)

        else:

            return ListForIp



# 攻击统计
def Type_statistics(ip):
    type_list = []
    try:
        print("流量ip统计")

        for item in ip:
            type_list.append(item["type"])


        counter = Counter(type_list)

        for element, count in counter.items():

            print(f"{element}出现了 {count} 次", end=",")

    except:
        print("Type_statistics模块异常")



# api访问
def API(Ip):

    Ip = remove_duplicate_dicts(Ip)
    try:
        for item in Ip:
            response = requests.request("GET", url, params={
                "apikey": key,
                "resource":item["ip"],
                "lang": "zh"
            })
            # 每一次访问后休息0.5秒
            time.sleep(0.5)
            # 如果response_code=0则返回正确数据
            if response.json()["response_code"] == 0:
                # 提取响应中的安全等级
                severity_value = response.json()["data"][item["ip"]]["severity"]
                if severity_value in ["中", "高", "严重"]:
                    print(item["type"]+":"+item["ip"] + ":" + severity_value)
                    context=item["type"]+":"+item["ip"] + ":" + severity_value
                    context_list.append(context)

            else:
                # 否则
                print(item["ip"])
                print(response.json())
                break
        return context_list

    except:
        # 抛出异常
        pass
# 封禁ip类型统计
def context_sum(data):
    type_counter = Counter()
    result_list = []

    for entry in data:
        parts = entry.split(':')
        attack_type = parts[0]
        type_counter[attack_type] += 1

    for attack_type, count in type_counter.items():
        result_list.append(f"{attack_type} 类型出现了 {count} 次")
    print("封禁ip统计")
    print(result_list)


if __name__ == '__main__':

    ip_list=ip_list()
    context_list=API(ip_list)
    context_sum(context_list)

    Type_statistics(ip_list)