本文档介绍如何使用Python SDK获取域名报告。

域名报告包含了域名Whois信息、数字证书、威胁类型、相关攻击团伙或安全事件信息。详细内容,请参见DescribeDomainReport接口的返回数据。

前提条件

开始运行示例脚本前,请确保您已完成以下准备工作:
  • 已开通阿里云官网账号。
  • 已生成AccessKey(用于使用SDK时进行身份验证)。

    确保您当前账号下已创建了AccessKey ID和AccessKey Secret。

  • 已开通阿里云威胁情报服务。

操作步骤

  1. 安装Python SDK。更多详细内容,请参见快速开始
  2. 运行以下示例脚本,调用域名报告接口。
    from aliyunsdkcore.client import AcsClient
    from aliyunsdkcore.request import CommonRequest
    client = AcsClient('{your_access_key_id}', '{your_access_key_secret}', 'cn-zhangjiakou')
    request = CommonRequest()
    request.set_domain('sasti.aliyuncs.com')
    request.set_version('2020-05-12')
    request.set_action_name('DescribeDomainReport')
    # or:
    # request = CommonRequest(domain='sasti.aliyuncs.com'', version='2020-05-12', action_name='DescribeDomainReport')
    request.add_query_param('Ip', '1.180.*.*')
    response = client.do_action_with_exception(request)
    返回示例如下:
    {
        "RequestId": "718747A4-9A75-4130-88F9-C9B47350B7F5",
        "data": [
            {
                "AttackCntByThreatType": [
                    {
                        "event_cnt": 27,
                        "threat_type": "应用层入侵"
                    }
                ],
                "Whois": "",
                "ThreatLevel": "2",
                "Ip": {
                    "country": "中国",
                    "province": "内蒙古自治区",
                    "city": "呼和浩特市",
                    "ip": "1.180.*.*",
                    "isp": "电信",
                    "asn": "4134",
                    "asn_label": "CHINANET-BACKBONE - No.31,Jin-rong Street, CN"
                },
                "ThreatTypes": [
                    {
                        "threat_type_desc": "WEB攻击源",
                        "last_find_time": "2020-10-23 08:50:50",
                        "risk_type": 1,
                        "threat_type": "WEB Attack"
                    },
                    {
                        "threat_type_desc": "网络服务扫描",
                        "last_find_time": "2020-09-27 17:15:59",
                        "risk_type": 1,
                        "threat_type": "Network Service Scanning"
                    },
                    {
                        "threat_type_desc": "漏洞利用",
                        "last_find_time": "2020-10-27 15:00:28",
                        "risk_type": 1,
                        "threat_type": "Exploit"
                    }
                ],
                "Intelligences": [
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-05-18 15:41:46",
                        "threat_type_l3": "sqli",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 14:49:03",
                        "threat_type_l3": "xss",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-23 08:50:50",
                        "threat_type_l3": "code_exec",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-09-27 17:15:59",
                        "threat_type_l3": "SSH服务扫描",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-27 15:00:28",
                        "threat_type_l3": "ThinkPHP5 RCE",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 07:09:14",
                        "threat_type_l3": "webshell",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-15 11:02:09",
                        "threat_type_l3": "F5 RCE CVE-2020-5902",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 14:42:42",
                        "threat_type_l3": "lfilei",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-06-28 15:26:48",
                        "threat_type_l3": "Weblogic SSRF",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 07:10:07",
                        "threat_type_l3": "Weblogic RCE CVE-2019-2725",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-07-20 09:40:52",
                        "threat_type_l3": "Weblogic RCE CVE-2017-10271",
                        "source": "Aliyun"
                    }
                ],
                "AttackPreferenceTop5": [
                    {
                        "event_cnt": 2,
                        "industry_name": "媒体",
                        "gmt_last_attack": "2020-10-23 08:50:50"
                    },
                    {
                        "event_cnt": 89,
                        "industry_name": "金融",
                        "gmt_last_attack": "2020-10-13 14:49:03"
                    },
                    {
                        "event_cnt": 2,
                        "industry_name": "互联网",
                        "gmt_last_attack": "2020-10-23 08:49:20"
                    }
                ]
            }
        ]
    }