攻防演练目标资产名称自动纠错工具教学文档<\/h1>

一、背景与需求<\/h2>

在攻防演练过程中，经常遇到目标单位名称不准确的情况，例如：<\/p>

使用简称而非全称（如"浙江中医六院"代替完整名称）<\/li>
单位已更名但备案信息未更新<\/li>

各种命名不规范问题<\/li> <\/ul>

手动纠正在攻防演练前期阶段效率低下，影响资产搜集速度，需要自动化解决方案。<\/p>

二、技术方案选择<\/h2>

2.1 可用平台对比<\/h3>

爱企查\/天眼查<\/strong>：参数校验严格，难以实现自动化抓取<\/li>

Riskbird<\/strong>：参数校验相对宽松，适合自动化实现<\/li> <\/ul>
2.2 最终选择<\/h3>
选择 https:\/\/riskbird.com\/ 作为数据源，通过模拟API请求实现批量查询。<\/p>
三、核心代码实现<\/h2>
3.1 基础请求函数<\/h3>
import<\/span> requests <\/span><\/span>import<\/span> json <\/span><\/span> <\/span><\/span>def<\/span> req_riskbird<\/span>(company_name, token): <\/span><\/span> """ <\/span><\/span><\/span> 向Riskbird发送查询请求获取公司信息 <\/span><\/span><\/span> <\/span><\/span><\/span> 参数: <\/span><\/span><\/span> company_name: 要查询的公司名称 <\/span><\/span><\/span> token: 用户认证token <\/span><\/span><\/span> <\/span><\/span><\/span> 返回: <\/span><\/span><\/span> 公司名称列表或空列表 <\/span><\/span><\/span> """<\/span> <\/span><\/span> url =<\/span> "https:\/\/riskbird.com\/riskbird-api\/newSearch"<\/span> <\/span><\/span> <\/span><\/span> headers =<\/span> { <\/span><\/span> "Host"<\/span>: "riskbird.com"<\/span>, <\/span><\/span> "User-Agent"<\/span>: "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/140.0.0.0 Safari\/537.36"<\/span>, <\/span><\/span> "Accept"<\/span>: "application\/json"<\/span>, <\/span><\/span> "App-Device"<\/span>: "WEB"<\/span>, <\/span><\/span> "Content-Type"<\/span>: "application\/json"<\/span>, <\/span><\/span> "Origin"<\/span>: "https:\/\/riskbird.com"<\/span>, <\/span><\/span> "Referer"<\/span>: "https:\/\/riskbird.com\/search\/company"<\/span>, <\/span><\/span> "Accept-Language"<\/span>: "zh-CN,zh;q=0.9"<\/span>, <\/span><\/span> "Cookie"<\/span>: f<\/span>"token=<\/span>{<\/span>token}<\/span>; app-device=WEB;"<\/span> <\/span><\/span> } <\/span><\/span> <\/span><\/span> payload =<\/span> { <\/span><\/span> "queryType"<\/span>: "1"<\/span>, <\/span><\/span> "searchKey"<\/span>: company_name, <\/span><\/span> "pageNo"<\/span>: 1<\/span>, <\/span><\/span> "range"<\/span>: 10<\/span>, <\/span><\/span> "selectConditionData"<\/span>: "{<\/span>\"<\/span>status<\/span>\"<\/span>:<\/span>\"\"<\/span>,<\/span>\"<\/span>sort_field<\/span>\"<\/span>:<\/span>\"\"<\/span>}"<\/span> <\/span><\/span> } <\/span><\/span> <\/span><\/span> try<\/span>: <\/span><\/span> response =<\/span> requests.<\/span>post(url, headers=<\/span>headers, json=<\/span>payload) <\/span><\/span> response.<\/span>raise_for_status() <\/span><\/span> <\/span><\/span> data =<\/span> response.<\/span>json() <\/span><\/span> <\/span><\/span> if<\/span> data.<\/span>get("code"<\/span>) ==<\/span> 20000<\/span> and<\/span> data.<\/span>get("success"<\/span>): <\/span><\/span> company_names =<\/span> [] <\/span><\/span> for<\/span> company in<\/span> data.<\/span>get("data"<\/span>, {}).<\/span>get("list"<\/span>, []): <\/span><\/span> if<\/span> "entName"<\/span> in<\/span> company: <\/span><\/span> company_names.<\/span>append(company["entName"<\/span>]) <\/span><\/span> return<\/span> company_names <\/span><\/span> else<\/span>: <\/span><\/span> print(f<\/span>"Error: <\/span>{<\/span>data.<\/span>get('msg'<\/span>, 'Unknown error'<\/span>)}<\/span>"<\/span>) <\/span><\/span> return<\/span> [] <\/span><\/span> <\/span><\/span> except<\/span> requests.<\/span>exceptions.<\/span>RequestException as<\/span> e: <\/span><\/span> print(f<\/span>"Request failed: <\/span>{<\/span>e}<\/span>"<\/span>) <\/span><\/span> return<\/span> [] <\/span><\/span> except<\/span> json.<\/span>JSONDecodeError: <\/span><\/span> print("Failed to parse response as JSON"<\/span>) <\/span><\/span> return<\/span> [] <\/span><\/span><\/code><\/pre>3.2 公司名称匹配选择函数<\/h3> def<\/span> compare_company<\/span>(company_name, num, token): <\/span><\/span> """ <\/span><\/span><\/span> 根据用户选择模式返回匹配的公司名称 <\/span><\/span><\/span> <\/span><\/span><\/span> 参数: <\/span><\/span><\/span> company_name: 原始公司名称 <\/span><\/span><\/span> num: 选择模式(1-自动选择最高匹配, 2-手动选择) <\/span><\/span><\/span> token: 用户认证token <\/span><\/span><\/span> <\/span><\/span><\/span> 返回: <\/span><\/span><\/span> 选择后的公司名称列表 <\/span><\/span><\/span> """<\/span> <\/span><\/span> company_names =<\/span> req_riskbird(company_name, token) <\/span><\/span> <\/span><\/span> if<\/span> not<\/span> company_names: <\/span><\/span> print("未找到相关公司:"<\/span>, company_name) <\/span><\/span> return<\/span> [] <\/span><\/span> <\/span><\/span> if<\/span> num ==<\/span> 1<\/span>: <\/span><\/span> return<\/span> [company_names[0<\/span>]] <\/span><\/span> elif<\/span> num ==<\/span> 2<\/span>: <\/span><\/span> print("以下是搜索到的所有公司名称："<\/span>) <\/span><\/span> for<\/span> i, name in<\/span> enumerate(company_names, 1<\/span>): <\/span><\/span> print(f<\/span>"<\/span>{<\/span>i}<\/span>. <\/span>{<\/span>name}<\/span>"<\/span>) <\/span><\/span> <\/span><\/span> try<\/span>: <\/span><\/span> print("搜索单位:"<\/span>, company_name) <\/span><\/span> selected =<\/span> int(input("请输入选择的公司编号："<\/span>)) <\/span><\/span> if<\/span> 1<\/span> <=<\/span> selected <=<\/span> len(company_names): <\/span><\/span> return<\/span> [company_names[selected -<\/span> 1<\/span>]] <\/span><\/span> else<\/span>: <\/span><\/span> print("无效的选择"<\/span>) <\/span><\/span> return<\/span> [] <\/span><\/span> except<\/span> ValueError<\/span>: <\/span><\/span> print("无效的输入"<\/span>) <\/span><\/span> return<\/span> [] <\/span><\/span> else<\/span>: <\/span><\/span> print("无效的 num 参数"<\/span>) <\/span><\/span> return<\/span> [] <\/span><\/span><\/code><\/pre>3.3 文件读取函数<\/h3> def<\/span> read_file<\/span>(): <\/span><\/span> """ <\/span><\/span><\/span> 读取同目录下的tar.txt文件，将每行内容存入列表 <\/span><\/span><\/span> <\/span><\/span><\/span> 返回: <\/span><\/span><\/span> 包含所有公司名称的列表 <\/span><\/span><\/span> <\/span><\/span><\/span> 异常: <\/span><\/span><\/span> FileNotFoundError: 文件不存在 <\/span><\/span><\/span> IOError: 文件读取失败 <\/span><\/span><\/span> """<\/span> <\/span><\/span> company_list =<\/span> [] <\/span><\/span> <\/span><\/span> try<\/span>: <\/span><\/span> with<\/span> open('tar.txt'<\/span>, 'r'<\/span>, encoding=<\/span>'utf-8'<\/span>) as<\/span> file: <\/span><\/span> for<\/span> line in<\/span> file: <\/span><\/span> company_name =<\/span> line.<\/span>strip() <\/span><\/span> if<\/span> company_name: <\/span><\/span> company_list.<\/span>append(company_name) <\/span><\/span> return<\/span> company_list <\/span><\/span> <\/span><\/span> except<\/span> FileNotFoundError<\/span>: <\/span><\/span> raise<\/span> FileNotFoundError<\/span>("错误：tar.txt 文件不存在"<\/span>) <\/span><\/span> except<\/span> IOError<\/span>: <\/span><\/span> raise<\/span> IOError<\/span>("错误：无法读取 tar.txt 文件"<\/span>) <\/span><\/span> except<\/span> Exception<\/span> as<\/span> e: <\/span><\/span> raise<\/span> Exception<\/span>(f<\/span>"读取文件时发生错误: <\/span>{<\/span>str(e)}<\/span>"<\/span>) <\/span><\/span><\/code><\/pre>四、使用流程<\/h2> 4.1 准备工作<\/h3> 获取Riskbird账号并登录，从浏览器开发者工具获取token<\/li> 创建tar.txt文件，每行写入一个需要纠正的公司名称<\/li> <\/ol> 4.2 执行流程<\/h3> 调用read_file()读取目标公司列表<\/li> 遍历列表，对每个公司名称调用compare_company()函数<\/li> 根据需求选择自动模式(1)或手动模式(2)<\/li> 获取纠正后的准确公司名称<\/li> <\/ol> 4.3 实际应用示例<\/h3> 输入："浙江省中山医院" 输出："浙江中医药大学附属第三医院（浙江省中山医院）"<\/p> 五、关键技术要点<\/h2> 5.1 请求头设置<\/h3> 必须设置正确的User-Agent模拟浏览器行为<\/li> Cookie中需要包含有效的token认证信息<\/li> Content-Type必须设置为application\/json<\/li> <\/ul> 5.2 错误处理<\/h3> 网络请求异常处理<\/li> JSON解析异常处理<\/li> API返回错误码处理<\/li> 文件操作异常处理<\/li> <\/ul> 5.3 数据提取<\/h3> 从返回的JSON数据中提取entName字段<\/li> 处理分页数据（当前代码设置为10条\/页）<\/li> <\/ul> 六、优化建议<\/h2> 6.1 功能扩展<\/h3> 添加批量处理模式，支持大量公司名称一次性处理<\/li> 增加结果导出功能，支持导出为Excel或CSV格式<\/li> 添加相似度匹配算法，提高自动选择的准确性<\/li> <\/ul> 6.2 稳定性提升<\/h3> 添加请求重试机制<\/li> 实现token自动刷新功能<\/li> 添加速率限制，避免请求过于频繁被封禁<\/li> <\/ul> 6.3 用户体验<\/h3> 添加进度显示功能<\/li> 实现交互式命令行界面<\/li> 添加日志记录功能<\/li> <\/ul> 七、注意事项<\/h2> 遵守Riskbird平台的使用条款，避免过度频繁请求<\/li> 注意token的保密性，不要泄露在代码中<\/li> 该工具仅限合法授权的攻防演练使用<\/li> 平台API可能有变更，需要定期维护更新<\/li> <\/ol> 八、总结<\/h2> 本工具通过自动化查询Riskbird平台，有效解决了攻防演练中目标资产名称不准确的问题，显著提高了资产搜集阶段的效率。工具采用模块化设计，便于扩展和维护，可根据实际需求选择自动或手动匹配模式。<\/p>

攻防演练目标资产名称自动纠错工具教学文档<\/h1>

二、技术方案选择<\/h2>

2.2 最终选择<\/h3> 选择 https:\/\/riskbird.com\/ 作为数据源，通过模拟API请求实现批量查询。<\/p>

三、核心代码实现<\/h2>

四、使用流程<\/h2>

4.3 实际应用示例<\/h3> 输入："浙江省中山医院" 输出："浙江中医药大学附属第三医院（浙江省中山医院）"<\/p>

五、关键技术要点<\/h2>

六、优化建议<\/h2>

八、总结<\/h2> 本工具通过自动化查询Riskbird平台，有效解决了攻防演练中目标资产名称不准确的问题，显著提高了资产搜集阶段的效率。工具采用模块化设计，便于扩展和维护，可根据实际需求选择自动或手动匹配模式。<\/p>

2.2 最终选择<\/h3>
选择 https:\/\/riskbird.com\/ 作为数据源，通过模拟API请求实现批量查询。<\/p>

4.3 实际应用示例<\/h3>
输入："浙江省中山医院"
输出："浙江中医药大学附属第三医院（浙江省中山医院）"<\/p>

八、总结<\/h2>
本工具通过自动化查询Riskbird平台，有效解决了攻防演练中目标资产名称不准确的问题，显著提高了资产搜集阶段的效率。工具采用模块化设计，便于扩展和维护，可根据实际需求选择自动或手动匹配模式。<\/p>