本文档介绍如何使用Python SDK获取域名报告。
域名报告包含了域名Whois信息、数字证书、威胁类型、相关攻击团伙或安全事件信息。详细内容,请参见DescribeDomainReport接口的返回数据。
前提条件
开始运行示例脚本前,请确保您已完成以下准备工作:
- 已开通阿里云官网账号。
- 已生成AccessKey(用于使用SDK时进行身份验证)。
确保您当前账号下已创建了AccessKey ID和AccessKey Secret。
- 已开通阿里云威胁情报服务。
操作步骤
- 安装Java SDK。更多详细内容请参见安装Alibaba Cloud SDK for Java。
- 运行以下示例脚本,调用IP情报接口。
import com.aliyuncs.CommonRequest; import com.aliyuncs.CommonResponse; import com.aliyuncs.DefaultAcsClient; import com.aliyuncs.IAcsClient; import com.aliyuncs.exceptions.ClientException; import com.aliyuncs.exceptions.ServerException; import com.aliyuncs.profile.DefaultProfile; public class Sample { public static void main(String[] args) { // 创建DefaultAcsClient实例并初始化 DefaultProfile profile = DefaultProfile.getProfile( "cn-zhangjiakou", // 您的地域ID "<your-access-key-id>", // 您的AccessKey ID "<your-access-key-secret>"); // 您的AccessKey Secret IAcsClient client = new DefaultAcsClient(profile); // 创建API请求并设置参数 CommonRequest request = new CommonRequest(); request.setDomain("sasti.aliyuncs.com"); request.setVersion("2020-05-12"); request.setAction("DescribeDomainReport"); request.putQueryParameter("Domain", "baidu.com"); try { CommonResponse response = client.getCommonResponse(request); System.out.println(response.getData()); } catch (ServerException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (ClientException e) { // TODO Auto-generated catch block e.printStackTrace(); } } }
返回示例如下:{ "RequestId": "718747A4-9A75-4130-88F9-C9B47350B7F5", "data": [ { "AttackCntByThreatType": [ { "event_cnt": 27, "threat_type": "应用层入侵" } ], "Whois": "", "ThreatLevel": "2", "Ip": { "country": "中国", "province": "内蒙古自治区", "city": "呼和浩特市", "ip": "1.180.*.*", "isp": "电信", "asn": "4134", "asn_label": "CHINANET-BACKBONE - No.31,Jin-rong Street, CN" }, "ThreatTypes": [ { "threat_type_desc": "WEB攻击源", "last_find_time": "2020-10-23 08:50:50", "risk_type": 1, "threat_type": "WEB Attack" }, { "threat_type_desc": "网络服务扫描", "last_find_time": "2020-09-27 17:15:59", "risk_type": 1, "threat_type": "Network Service Scanning" }, { "threat_type_desc": "漏洞利用", "last_find_time": "2020-10-27 15:00:28", "risk_type": 1, "threat_type": "Exploit" } ], "Intelligences": [ { "ip": "1.180.*.*", "gmt_last": "2020-05-18 15:41:46", "threat_type_l3": "sqli", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 14:49:03", "threat_type_l3": "xss", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-23 08:50:50", "threat_type_l3": "code_exec", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-09-27 17:15:59", "threat_type_l3": "SSH服务扫描", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-27 15:00:28", "threat_type_l3": "ThinkPHP5 RCE", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 07:09:14", "threat_type_l3": "webshell", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-15 11:02:09", "threat_type_l3": "F5 RCE CVE-2020-5902", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 14:42:42", "threat_type_l3": "lfilei", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-06-28 15:26:48", "threat_type_l3": "Weblogic SSRF", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 07:10:07", "threat_type_l3": "Weblogic RCE CVE-2019-2725", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-07-20 09:40:52", "threat_type_l3": "Weblogic RCE CVE-2017-10271", "source": "Aliyun" } ], "AttackPreferenceTop5": [ { "event_cnt": 2, "industry_name": "媒体", "gmt_last_attack": "2020-10-23 08:50:50" }, { "event_cnt": 89, "industry_name": "金融", "gmt_last_attack": "2020-10-13 14:49:03" }, { "event_cnt": 2, "industry_name": "互联网", "gmt_last_attack": "2020-10-23 08:49:20" } ] } ] }
在文档使用中是否遇到以下问题
更多建议
匿名提交