干货 | Python调AWVS接口新建扫描并导出扫描报告过程记录
2023-1-31 20:0:45 Author: 渗透安全团队(查看原文) 阅读量:24 收藏



本文详细介绍了利用python调用AWVS 14.x中提供的四个内置接口,验证的流程为:

1.将目标URL添加到targets队列,扫描准备;

2.将targets队列中任务添加到scans队列,进行扫描;

3.将scans队列中的任务通过generate添加到reports队列,生成扫描报告;

4.从reports队列中导出扫描报告。

验证的三个接口为:

/api/v1/targets

/api/v1/scans

/api/v1/reports

本人的B站讲解视频:https://www.bilibili.com/video/BV1NY4y1B7p2/

第二期实现批量扫描:https://blog.csdn.net/qq_45859826/article/details/124082529


import json
import time
from datetime import datetime
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
tarurl = "https://localhost:3443"
apikey = "1986ad8c0a5b3df4d7028d5f3c06e936c1fc7e549ff144a089c34a12b23d572fa"
headers = {"X-Auth": apikey, "Content-type": "application/json;charset=utf8"}

# 查看所有目标结果
def targets():
api_url = tarurl + '/api/v1/targets'
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json())

# 添加targets目标,获取target_id
def post_targets(url):
api_url = tarurl + '/api/v1/targets'
data = {
"address": url,
"description": "wyt_target",
"criticality": "10"
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
target_id = r.json().get("target_id")
print('target_id:', target_id)
return target_id

# 添加scans
def scans(url):
api_url = tarurl + '/api/v1/scans'
data = {
"target_id": url,
"profile_id": "11111111-1111-1111-1111-111111111112",
"schedule":
{"disable": False,
"start_date": None,
"time_sensitive": False
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
# target_id = r.json().get("target_id")
# print(r.json)

# 获取scan_id,通过start_date可知,最新生成的为第一个
def scan_id():
api_url = tarurl + '/api/v1/scans'
# print(api_url)
r = requests.get(url=api_url, headers=headers, verify=False)
scan_id = r.json().get("scans")[0].get("scan_id")
print('scan_id:', scan_id)
return scan_id

# 添加generate,并获取generate_id
def generate(url):
api_url = tarurl + '/api/v1/reports'
data = {
"template_id": "11111111-1111-1111-1111-111111111115",
"source": {
"list_type": "scans",
"id_list": [url]
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
# print(r.json)

# 生成扫描报告,每次新生成的都在第一个
def html():
api_url = tarurl + '/api/v1/reports'
# print(api_url)
r = requests.get(url=api_url, headers=headers, verify=False)
html = r.json().get("reports")[0].get("download")[0]
url_html = tarurl + html
print('报告地址:', url_html)
r_html = requests.get(url=url_html, headers=headers, verify=False)
time_now = datetime.now().strftime('%Y-%m-%d %H%M%S')
with open("report-" + time_now + ".html", "wb") as code:
code.write(r_html.content)
code.close()

def pdf():
api_url = tarurl + '/api/v1/reports'
# print(api_url)
r = requests.get(url=api_url, headers=headers, verify=False)
pdf = r.json().get("reports")[0].get("download")[1]
url_pdf = tarurl + pdf
print('报告地址:', url_pdf)
r_html = requests.get(url=url_pdf, headers=headers, verify=False)
time_now = datetime.now().strftime('%Y-%m-%d %H%M%S')
with open("report-" + time_now + ".pdf", "wb") as code:
code.write(r_html.content)
code.close()

if __name__ == '__main__':
# targets()
# 添加到targets队列
target_id = post_targets("http://8.8.8.8/")
time.sleep(5)
# 添加到scans队列
scans(target_id)
time.sleep(5)
# 获取scan_id,并生成generate
scan_id = scan_id()
generate(scan_id)
time.sleep(5)
# 生成扫描报告
# pdf()
html()

返回结果:

Acunetix是一个专业好用的漏洞扫描工具,提供一些内置API接口,可供调用。因毕业设计,对其中一些接口进行了测试,以下为测试文档。

1.获取 API-KEY

「Administrator」-「Profile」-「API Key」-「Copy」

API-KEY:1986ad8c0a5b3df4d7028d5f3c06e936c1fc7e549ff144a089c34a12b23d572fa

2.Header 设置

1.接口介绍

X-Auth:API-KEY
Content-type:application/json;charset=utf8

2.python代码

apikey = "1986ad8c0a5b3df4d7028d5f3c06e936c1fc7e549ff144a089c34a12b23d572fa"
headers = {"X-Auth": apikey, "Content-type": "application/json;charset=utf8"}
tarurl = "https://localhost:3443"

3.屏蔽警告

from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

1.查看Targets扫描队列

1.接口介绍

Method: GET 
URL: /api/v1/targets

2.python代码

api_url = tarurl + '/api/v1/targets'
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json()) #返回结果为json格式

3.返回结果

{
'targets': [
{
'address': 'http://192.168.137.129/',
'continuous_mode': False,
'criticality': 10,
'default_scanning_profile_id': None,
'deleted_at': None,
'description': 'http://192.168.137.129/',
'fqdn': '192.168.137.129',
'fqdn_hash': '4d9a6f1d9e94cce236acd2d397fdc5ce',
'fqdn_status': 'new',
'fqdn_tm_hash': 'f3c47dc4029759660937dd3f55c685c2',
'issue_tracker_id': None, 'last_scan_date': '2022-03-28T18:07:52.178043+08:00',
'last_scan_id': 'b7eab683-8708-4cfc-9d3a-2e3c989fbae5',
'last_scan_session_id': 'b3b15334-44ed-4dd7-8363-b874c7ec0947',
'last_scan_session_status': 'completed',
'manual_intervention': None,
'severity_counts': {
'high': 0,
'info': 0,
'low': 0,
'medium': 0
},
'target_id': '73e0d89a-6323-446a-a00c-691a884b286b',
'threat': 0,
'type': None,
'verification': None
},

'pagination':
{
'count': 11,
'cursor_hash': '8f629dd49f910b9202eb0da5d51fdb6e',
'cursors': [None],
'sort': None
}
}

4.参数说明

参数说明
targets目标详细信息
pagination分页信息

targets:

参数说明
address扫描目标网址
continuous_mode是否连续模式
criticality危险程度
description描述
last_scan_date最近扫描的日期
last_scan_id最近扫描的id
last_scan_session_id最近扫描的session id
last_scan_session_status最近的扫描状态
manual_intervention手动干预
severity_counts漏洞等级个数分布
target_id目标id
threat威胁等级
type类型
verification验证

2.添加任务到Targets扫描队列,并返回target_id

1.接口介绍

Method: POST 
URL: /api/v1/targets

2.python代码

api_url = tarurl + '/api/v1/targets'
data = {
"address": url,
"description": "wyt_target",
"criticality": "10"
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
target_id = r.json().get("target_id")
print(target_id)

3.返回结果

87527c66-665b-4920-bde7-c56e5297f8b0

3.添加targets队列中的任务到scans

1.接口介绍

Method: POST
URL: /api/v1/scans

2.data介绍

data = 
{
"target_id": "ec78d77d-6e26-4994-8d46-7fa8deae11b9",
"profile_id": "11111111-1111-1111-1111-111111111112",
"schedule":
{
"disable": False,
"start_date": None,
"time_sensitive": False
}
}

3.python代码

api_url = tarurl + '/api/v1/scans'
data = {
"target_id": url,
"profile_id": "11111111-1111-1111-1111-111111111112",
"schedule": {
"disable": False,
"start_date": None,
"time_sensitive": False
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)

4.发送参数说明

参数类型说明
profile_idstring扫描类型
ui_session_istring可不传
incrementalbool增加的
schedulejson扫描时间设置(默认即时)
report_template_idstring扫描报告类型(可不传)
target_idstring目标id

profile_id:

类型意义
Full Scan11111111-1111-1111-1111-111111111111完全扫描
High Risk Vulnerabilities11111111-1111-1111-1111-111111111112高风险漏洞
Cross-site Scripting Vulnerabilities11111111-1111-1111-1111-111111111116
XSS漏洞

SQL Injection Vulnerabilities11111111-1111-1111-1111-111111111113SQL注入漏洞
Weak Passwords11111111-1111-1111-1111-111111111115弱口令检测
Crawl Only11111111-1111-1111-1111-111111111117Crawl Only
Malware Scan11111111-1111-1111-1111-111111111120恶意软件扫描

4.获取scan_id

1.接口介绍

Method: GET 
URL: /api/v1/scans

2.代码

api_url = tarurl + '/api/v1/scans'
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json().get("scans")[0])
scan_id = r.json().get("scans")[0].get("scan_id")

3.返回结果

{
'criticality': 10,
'current_session': {
'event_level': 2,
'progress': 100,
'scan_session_id': '7be91fbd-f904-4c6f-a33c-909cddb7a9c8',
'severity_counts': {
'high': 0,
'info': 0,
'low': 0,
'medium': 0
},
'start_date': '2022-04-03T19:05:05.089001+08:00',
'status': 'completed',
'threat': 0
},
'incremental': False,
'max_scan_time': 0,
'next_run': None,
'profile_id': '11111111-1111-1111-1111-111111111112',
'profile_name': 'High Risk',
'report_template_id': None,
'scan_id': '5b9222cc-a21b-4b11-b1a5-6d6d5856d74a',
'schedule': {
'disable': False,
'history_limit': None,
'recurrence': None,
'start_date': None,
'time_sensitive': False,
'triggerable': False
},
'target': {
'address': 'http://6.6.6.6/',
'criticality': 10,
'description': 'wyt_target',
'type': 'default'
},
'target_id': '0944cef3-411e-4d4c-8647-4655f0b1e52b'
}

4.返回参数说明

参数说明
criticality危险程度
current_session当前会话
start_date开始扫描时间
status扫描状态
threat威胁性
incremental额外的?
manual_intervention人工干预
max_scan_time最大扫描时间
next_run下一轮
profile_id扫描类型
profile_name扫描类型名称
report_template_id扫描报告模板id
scan_id扫描id
schedule时间表
target目标相关的信息
target_id目标id

5.导出报告-生成gennerate

1.接口介绍

Method: POST 
URL: /api/v1/reports

2.data介绍

data = {
"template_id": "11111111-1111-1111-1111-111111111115",
"source": {
"list_type": "scans",
"id_list": ["87527c66-665b-4920-bde7-c56e5297f8b0"]
}
}

3.python代码

api_url = tarurl + '/api/v1/reports'
data = {
"template_id": "11111111-1111-1111-1111-111111111115",
"source": {
"list_type": "scans",
"id_list": [url]
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers,data=data_json, verify=False)
print(r.json)

4.返回结果

{
'pagination': {
'count': 5,
'cursor_hash': '8f629dd49f910b9202eb0da5d51fdb6e',
'cursors': [None],
'sort': None},
'reports': [
{
'download': [
'/api/v1/reports/download/4df097a941830e36be6665ab908e40a27c2d0528d503a70ce9b77f72592bc73e05bc9f8d624994d71482b153-bd3b-4c36-8d21-0886c07f4739.html',
'/api/v1/reports/download/1c3fa9b4f76396cedcda1e857e5bfe0053fcd9653bf55d1344a5e99bd1b53366fa10c36a624994d71482b153-bd3b-4c36-8d21-0886c07f4739.pdf'
],
'generation_date': '2022-04-03T19:33:46.118619+08:00',
'report_id': '1482b153-bd3b-4c36-8d21-0886c07f4739',
'source': {
'list_type': 'scans',
'description': 'http://6.6.6.6/;wyt_target',
'id_list': ['5b9222cc-a21b-4b11-b1a5-6d6d5856d74a']
},
'status': 'completed',
'template_id': '11111111-1111-1111-1111-111111111115',
'template_name': 'Affected Items',
'template_type': 0
}
]
}

5.发送参数说明

参数类型说明
template_idString扫描报名模板类型
list_typeString值为: scans
id_listString值为: scan_id

template_id:

类型
Affected Items11111111-1111-1111-1111-111111111115
CWE 201111111111-1111-1111-1111-111111111116
Developer11111111-1111-1111-1111-111111111111
Executive Summary11111111-1111-1111-1111-111111111113
HIPAA11111111-1111-1111-1111-111111111114
ISO 2700111111111-1111-1111-1111-111111111117
NIST SP800 5311111111-1111-1111-1111-111111111118
OWASP Top 10 201311111111-1111-1111-1111-111111111119
PCI DSS 3.211111111-1111-1111-1111-111111111120
Quick11111111-1111-1111-1111-111111111112
Sarbanes Oxley11111111-1111-1111-1111-111111111121
Scan Comparison11111111-1111-1111-1111-111111111124
STIG DISA11111111-1111-1111-1111-111111111122
WASC Threat Classification11111111-1111-1111-1111-111111111123

6.返回参数说明

参数说明
generation_date生成时间
template_type模板类型
report_id报告id
template_name模板名字
status状态
template_id模板id
download下载链接[html, pdf]
source来源
description备注

6.导出报告-html/pdf

1.接口介绍

Method: GET
URL: /api/v1/reports

2.python代码

api_url = tarurl + '/api/v1/reports'
r = requests.get(url=api_url, headers=headers, verify=False)
html = r.json().get("reports")[0].get("download")[0]
# pdf = r.json().get("reports")[0].get("download")[1]
url_html = tarurl + html
r_html = requests.get(url=url_html, headers=headers, verify=False)
with open("report.html", "wb") as code:
code.write(r_html.content)
code.close()

这篇文章缘起于我的本科毕业设计”漏洞分析系统设计“,首先感谢各位师傅的优秀博文分享,给了迷茫中的我许多灵感:

国光师傅的AWVS API文档:https://www.sqlsec.com/2020/04/awvsapi.html#toc-heading-32

h4rdy师傅的AWVS API文档:https://github.com/h4rdy/Acunetix11-API-Documentation

Recar师傅的AWVS测试文件:https://blog.csdn.net/qq_28295425/article/details/81051954

-https://blog.csdn.net/qq_45859826/article/details/123944724


付费圈子

欢 迎 加 入 星 球 !

代码审计+免杀+渗透学习资源+各种资料文档+各种工具+付费会员

进成员内部群

星球的最近主题和星球内部工具一些展示

关 注 有 礼

关注下方公众号回复“666”可以领取一套精品渗透测试工具集和百度云视频链接。

 还在等什么?赶紧点击下方名片关注学习吧!


群聊 | 技术交流群-群除我佬

干货|史上最全一句话木马

干货 | CS绕过vultr特征检测修改算法

实战 | 用中国人写的红队服务器搞一次内网穿透练习

实战 | 渗透某培训平台经历

实战 | 一次曲折的钓鱼溯源反制

免责声明
由于传播、利用本公众号渗透安全团队所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,公众号渗透安全团队及作者不为承担任何责任,一旦造成后果请自行承担!如有侵权烦请告知,我们会立即删除并致歉。谢谢!
好文分享收藏赞一下最美点在看哦

文章来源: http://mp.weixin.qq.com/s?__biz=MzkxNDAyNTY2NA==&mid=2247497125&idx=1&sn=97bdb4d1a15c885f11b5be879a995588&chksm=c176080af601811ca6e266f80937f8edf9f307b9b3a7f51d680afde13cfaac54cc559d2475df#rd
如有侵权请联系:admin#unsafe.sh