利用acunetix-api进行扫描
来源:互联网 发布:淘宝上出售游戏账号 编辑:程序博客网 时间:2024/04/29 16:28
自从Acunetix Web Vulnerability Scanner 11.x被52的大大Hmily破解以后,被它的界面惊艳到了。想着这玩意如果分布式的部署起来扫描应该会很爽。找了资料,发现api从官方获取好像需要联系他们。网速的相关东西很少。
主要依靠https://github.com/jenkinsci/acunetix-plugin/blob/master/src/main/java/com/acunetix/Engine.java里面所提供的api改写而来.
全局依赖于获取到的api-key
headers = {"X-Auth":apikey,"content-type": "application/json"}
1.添加任务
post /api/v1/targets
data = {"address":url,"description":url,"criticality":"10"}
2.扫描任务
post /api/v1/scans
data = {"target_id":target_id,"profile_id":"11111111-1111-1111-1111-111111111111","schedule": {"disable": False,"start_date":None,"time_sensitive": False}}
target_id 为第一步添加任务返回的结果
3.获取任务概要
get /api/v1/scans
4.获取任务详情
get /api/v1/scans/+scan_id
5.生成报告
post /api/v1/reports
data = {"template_id":"11111111-1111-1111-1111-111111111111","source":{"list_type":"scans","id_list":[scan_id]}}
转换了python格式的。添加的时候检测是否重复,获取全部的扫描查看状态是否结束,结束就输出报告
感觉排版有点问题.原文件在https://github.com/0xa-saline/acunetix-api/blob/master/acunetix.py
详情参考
http://0cx.cc/about_awvs11_api.jspx
无耻的打了个广告
last:有人问咋个可以远程访问
[attachment=5443]
主要依靠https://github.com/jenkinsci/acunetix-plugin/blob/master/src/main/java/com/acunetix/Engine.java里面所提供的api改写而来.
全局依赖于获取到的api-key
headers = {"X-Auth":apikey,"content-type": "application/json"}
1.添加任务
post /api/v1/targets
data = {"address":url,"description":url,"criticality":"10"}
2.扫描任务
post /api/v1/scans
data = {"target_id":target_id,"profile_id":"11111111-1111-1111-1111-111111111111","schedule": {"disable": False,"start_date":None,"time_sensitive": False}}
target_id 为第一步添加任务返回的结果
3.获取任务概要
get /api/v1/scans
4.获取任务详情
get /api/v1/scans/+scan_id
5.生成报告
post /api/v1/reports
data = {"template_id":"11111111-1111-1111-1111-111111111111","source":{"list_type":"scans","id_list":[scan_id]}}
转换了python格式的。添加的时候检测是否重复,获取全部的扫描查看状态是否结束,结束就输出报告
复制代码
- #!/usr/bin/python
- # -*- coding: utf-8 -*-
- import json
- import requests
- import requests.packages.urllib3
- '''
- import requests.packages.urllib3.util.ssl_
- requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'ALL'
- or
- pip install requests[security]
- '''
- requests.packages.urllib3.disable_warnings()
- tarurl = "https://127.0.0.1:3443/"
- apikey="yourapikey"
- headers = {"X-Auth":apikey,"content-type": "application/json"}
- def addtask(url=''):
- #添加任务
- data = {"address":url,"description":url,"criticality":"10"}
- try:
- response = requests.post(tarurl+"/api/v1/targets",data=json.dumps(data),headers=headers,timeout=30,verify=False)
- result = json.loads(response.content)
- return result['target_id']
- except Exception as e:
- print(str(e))
- return
- def startscan(url):
- # 先获取全部的任务.避免重复
- # 添加任务获取target_id
- # 开始扫描
- targets = getscan()
- if url in targets:
- return "repeat"
- else:
- target_id = addtask(url)
- data = {"target_id":target_id,"profile_id":"11111111-1111-1111-1111-111111111111","schedule": {"disable": False,"start_date":None,"time_sensitive": False}}
- try:
- response = requests.post(tarurl+"/api/v1/scans",data=json.dumps(data),headers=headers,timeout=30,verify=False)
- result = json.loads(response.content)
- return result['target_id']
- except Exception as e:
- print(str(e))
- return
- def getstatus(scan_id):
- # 获取scan_id的扫描状况
- try:
- response = requests.get(tarurl+"/api/v1/scans/"+str(scan_id),headers=headers,timeout=30,verify=False)
- result = json.loads(response.content)
- status = result['current_session']['status']
- #如果是completed 表示结束.可以生成报告
- if status == "completed":
- return getreports(scan_id)
- else:
- return result['current_session']['status']
- except Exception as e:
- print(str(e))
- return
- def getreports(scan_id):
- # 获取scan_id的扫描报告
- data = {"template_id":"11111111-1111-1111-1111-111111111111","source":{"list_type":"scans","id_list":[scan_id]}}
- try:
- response = requests.post(tarurl+"/api/v1/reports",data=json.dumps(data),headers=headers,timeout=30,verify=False)
- result = response.headers
- report = result['Location'].replace('/api/v1/reports/','/reports/download/')
- return tarurl.rstrip('/')+report
- except Exception as e:
- print(str(e))
- return
- def getscan():
- #获取全部的扫描状态
- targets = []
- try:
- response = requests.get(tarurl+"/api/v1/scans",headers=headers,timeout=30,verify=False)
- results = json.loads(response.content)
- for result in results['scans']:
- targets.append(result['target']['address'])
- print result['scan_id'],result['target']['address'],getstatus(result['scan_id'])#,result['target_id']
- return list(set(targets))
- except Exception as e:
- raise e
- if __name__ == '__main__':
- print startscan('http://testhtml5.vulnweb.com/')
感觉排版有点问题.原文件在https://github.com/0xa-saline/acunetix-api/blob/master/acunetix.py
详情参考
http://0cx.cc/about_awvs11_api.jspx
无耻的打了个广告
last:有人问咋个可以远程访问
[attachment=5443]
阅读全文
0 0
- 利用acunetix-api进行扫描
- 利用Acunetix WVS进行批量网站漏洞评估
- Acunetix
- 利用Ossim系统进行主机漏洞扫描
- 计算机网络:利用Nmap进行网络扫描实验
- 【matlab】利用sortrows进行Z字形扫描
- Acunetix 网站漏洞扫描软件 检测您网站的安全性。
- 利用有道API进行翻译
- 利用Detours进行API拦截
- 利用zabbix API进行管理
- iOS7提供的API进行二维码扫描解码
- 使用IOS7原生API进行二维码条形码的扫描
- 使用IOS7原生API进行二维码条形码的扫描
- 使用IOS7原生API进行二维码条形码的扫描
- IOS7使用原生API进行二维码和条形码的扫描
- 使用IOS7原生API进行二维码条形码的扫描
- 使用IOS7原生API进行二维码条形码的扫描
- IOS7原生API进行二维码条形码的扫描
- 剑指offer 面试题35 第一个只出现一次的字符
- 【联想原创达人】简单几步,让你的桌面更酷炫(另有5.4G的4K壁纸相送)
- ACL 2016 Accepted Papers
- React学习笔记---双向数据流
- python中内置函数整理
- 利用acunetix-api进行扫描
- palabos安装
- [转] 分布式事务
- AWVS11提取规则文件
- NLP+VS︱深度学习数据集标注工具、图像语料数据库、实验室搜索ing...
- 问题解决:Sublime 乱码显示GBK编码文件解决
- 关于REST的基础知识
- 使用PDFBox读取pdf文件
- 51nod1289 大鱼吃小鱼 模拟