本文档介绍如何使用Python SDK获取域名报告。

域名报告包含了域名Whois信息、数字证书、威胁类型、相关攻击团伙或安全事件信息。详细内容,请参见DescribeDomainReport接口的返回数据。

前提条件

开始运行示例脚本前,请确保您已完成以下准备工作:
  • 已开通阿里云官网账号。
  • 已生成AccessKey(用于使用SDK时进行身份验证)。

    确保您当前账号下已创建了AccessKey ID和AccessKey Secret。

  • 已开通阿里云威胁情报服务。

操作步骤

  1. 安装Java SDK。更多详细内容请参见安装Alibaba Cloud SDK for Java
  2. 运行以下示例脚本,调用IP情报接口。
    import com.aliyuncs.CommonRequest;
    import com.aliyuncs.CommonResponse;
    import com.aliyuncs.DefaultAcsClient;
    import com.aliyuncs.IAcsClient;
    import com.aliyuncs.exceptions.ClientException;
    import com.aliyuncs.exceptions.ServerException;
    import com.aliyuncs.profile.DefaultProfile;
    public class Sample {
        public static void main(String[] args) {
            // 创建DefaultAcsClient实例并初始化
            DefaultProfile profile = DefaultProfile.getProfile(
                "cn-zhangjiakou",          // 您的地域ID
                "<your-access-key-id>",      // 您的AccessKey ID
                "<your-access-key-secret>"); // 您的AccessKey Secret
            IAcsClient client = new DefaultAcsClient(profile);
            // 创建API请求并设置参数
            CommonRequest request = new CommonRequest();
            request.setDomain("sasti.aliyuncs.com");
            request.setVersion("2020-05-12");
            request.setAction("DescribeDomainReport");
            request.putQueryParameter("Domain", "baidu.com");
            try {
                CommonResponse response = client.getCommonResponse(request);
                System.out.println(response.getData());
            } catch (ServerException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (ClientException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }
    }
    返回示例如下:
    {
        "RequestId": "718747A4-9A75-4130-88F9-C9B47350B7F5",
        "data": [
            {
                "AttackCntByThreatType": [
                    {
                        "event_cnt": 27,
                        "threat_type": "应用层入侵"
                    }
                ],
                "Whois": "",
                "ThreatLevel": "2",
                "Ip": {
                    "country": "中国",
                    "province": "内蒙古自治区",
                    "city": "呼和浩特市",
                    "ip": "1.180.*.*",
                    "isp": "电信",
                    "asn": "4134",
                    "asn_label": "CHINANET-BACKBONE - No.31,Jin-rong Street, CN"
                },
                "ThreatTypes": [
                    {
                        "threat_type_desc": "WEB攻击源",
                        "last_find_time": "2020-10-23 08:50:50",
                        "risk_type": 1,
                        "threat_type": "WEB Attack"
                    },
                    {
                        "threat_type_desc": "网络服务扫描",
                        "last_find_time": "2020-09-27 17:15:59",
                        "risk_type": 1,
                        "threat_type": "Network Service Scanning"
                    },
                    {
                        "threat_type_desc": "漏洞利用",
                        "last_find_time": "2020-10-27 15:00:28",
                        "risk_type": 1,
                        "threat_type": "Exploit"
                    }
                ],
                "Intelligences": [
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-05-18 15:41:46",
                        "threat_type_l3": "sqli",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 14:49:03",
                        "threat_type_l3": "xss",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-23 08:50:50",
                        "threat_type_l3": "code_exec",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-09-27 17:15:59",
                        "threat_type_l3": "SSH服务扫描",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-27 15:00:28",
                        "threat_type_l3": "ThinkPHP5 RCE",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 07:09:14",
                        "threat_type_l3": "webshell",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-15 11:02:09",
                        "threat_type_l3": "F5 RCE CVE-2020-5902",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 14:42:42",
                        "threat_type_l3": "lfilei",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-06-28 15:26:48",
                        "threat_type_l3": "Weblogic SSRF",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 07:10:07",
                        "threat_type_l3": "Weblogic RCE CVE-2019-2725",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-07-20 09:40:52",
                        "threat_type_l3": "Weblogic RCE CVE-2017-10271",
                        "source": "Aliyun"
                    }
                ],
                "AttackPreferenceTop5": [
                    {
                        "event_cnt": 2,
                        "industry_name": "媒体",
                        "gmt_last_attack": "2020-10-23 08:50:50"
                    },
                    {
                        "event_cnt": 89,
                        "industry_name": "金融",
                        "gmt_last_attack": "2020-10-13 14:49:03"
                    },
                    {
                        "event_cnt": 2,
                        "industry_name": "互联网",
                        "gmt_last_attack": "2020-10-23 08:49:20"
                    }
                ]
            }
        ]
    }