本文档介绍如何使用Python SDK获取域名报告。
域名报告包含了域名Whois信息、数字证书、威胁类型、相关攻击团伙或安全事件信息。详细内容,请参见DescribeDomainReport接口的返回数据。
前提条件
开始运行示例脚本前,请确保您已完成以下准备工作:
- 已开通阿里云官网账号。
- 已生成AccessKey(用于使用SDK时进行身份验证)。
确保您当前账号下已创建了AccessKey ID和AccessKey Secret。
- 已开通阿里云威胁情报服务。
操作步骤
- 安装Python SDK。更多详细内容,请参见快速开始。
- 运行以下示例脚本,调用域名报告接口。
from aliyunsdkcore.client import AcsClient from aliyunsdkcore.request import CommonRequest client = AcsClient('{your_access_key_id}', '{your_access_key_secret}', 'cn-zhangjiakou') request = CommonRequest() request.set_domain('sasti.aliyuncs.com') request.set_version('2020-05-12') request.set_action_name('DescribeDomainReport') # or: # request = CommonRequest(domain='sasti.aliyuncs.com'', version='2020-05-12', action_name='DescribeDomainReport') request.add_query_param('Ip', '1.180.*.*') response = client.do_action_with_exception(request)
返回示例如下:{ "RequestId": "718747A4-9A75-4130-88F9-C9B47350B7F5", "data": [ { "AttackCntByThreatType": [ { "event_cnt": 27, "threat_type": "应用层入侵" } ], "Whois": "", "ThreatLevel": "2", "Ip": { "country": "中国", "province": "内蒙古自治区", "city": "呼和浩特市", "ip": "1.180.*.*", "isp": "电信", "asn": "4134", "asn_label": "CHINANET-BACKBONE - No.31,Jin-rong Street, CN" }, "ThreatTypes": [ { "threat_type_desc": "WEB攻击源", "last_find_time": "2020-10-23 08:50:50", "risk_type": 1, "threat_type": "WEB Attack" }, { "threat_type_desc": "网络服务扫描", "last_find_time": "2020-09-27 17:15:59", "risk_type": 1, "threat_type": "Network Service Scanning" }, { "threat_type_desc": "漏洞利用", "last_find_time": "2020-10-27 15:00:28", "risk_type": 1, "threat_type": "Exploit" } ], "Intelligences": [ { "ip": "1.180.*.*", "gmt_last": "2020-05-18 15:41:46", "threat_type_l3": "sqli", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 14:49:03", "threat_type_l3": "xss", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-23 08:50:50", "threat_type_l3": "code_exec", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-09-27 17:15:59", "threat_type_l3": "SSH服务扫描", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-27 15:00:28", "threat_type_l3": "ThinkPHP5 RCE", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 07:09:14", "threat_type_l3": "webshell", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-15 11:02:09", "threat_type_l3": "F5 RCE CVE-2020-5902", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 14:42:42", "threat_type_l3": "lfilei", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-06-28 15:26:48", "threat_type_l3": "Weblogic SSRF", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 07:10:07", "threat_type_l3": "Weblogic RCE CVE-2019-2725", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-07-20 09:40:52", "threat_type_l3": "Weblogic RCE CVE-2017-10271", "source": "Aliyun" } ], "AttackPreferenceTop5": [ { "event_cnt": 2, "industry_name": "媒体", "gmt_last_attack": "2020-10-23 08:50:50" }, { "event_cnt": 89, "industry_name": "金融", "gmt_last_attack": "2020-10-13 14:49:03" }, { "event_cnt": 2, "industry_name": "互联网", "gmt_last_attack": "2020-10-23 08:49:20" } ] } ] }