前言
本文详细介绍了利用python调用AWVS 14.x中提供的四个内置接口,验证的流程为:
1.将目标URL添加到targets队列,扫描准备;
2.将targets队列中任务添加到scans队列,进行扫描;
3.将scans队列中的任务通过generate添加到reports队列,生成扫描报告;
4.从reports队列中导出扫描报告。
验证的三个接口为:
/api/v1/targets
/api/v1/scans
/api/v1/reports
本人的B站讲解视频:https://www.bilibili.com/video/BV1NY4y1B7p2/
第二期实现批量扫描:https://blog.csdn.net/qq_45859826/article/details/124082529
一、先上完整python代码
import json
import time
from datetime import datetime
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
tarurl = "https://localhost:3443"
apikey = "1986ad8c0a5b3df4d7028d5f3c06e936c1fc7e549ff144a089c34a12b23d572fa"
headers = {"X-Auth": apikey, "Content-type": "application/json;charset=utf8"}
# 查看所有目标结果
def targets():
api_url = tarurl + '/api/v1/targets'
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json())
# 添加targets目标,获取target_id
def post_targets(url):
api_url = tarurl + '/api/v1/targets'
data = {
"address": url,
"description": "wyt_target",
"criticality": "10"
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
target_id = r.json().get("target_id")
print('target_id:', target_id)
return target_id
# 添加scans
def scans(url):
api_url = tarurl + '/api/v1/scans'
data = {
"target_id": url,
"profile_id": "11111111-1111-1111-1111-111111111112",
"schedule":
{"disable": False,
"start_date": None,
"time_sensitive": False
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
# target_id = r.json().get("target_id")
# print(r.json)
# 获取scan_id,通过start_date可知,最新生成的为第一个
def scan_id():
api_url = tarurl + '/api/v1/scans'
# print(api_url)
r = requests.get(url=api_url, headers=headers, verify=False)
scan_id = r.json().get("scans")[0].get("scan_id")
print('scan_id:', scan_id)
return scan_id
# 添加generate,并获取generate_id
def generate(url):
api_url = tarurl + '/api/v1/reports'
data = {
"template_id": "11111111-1111-1111-1111-111111111115",
"source": {
"list_type": "scans",
"id_list": [url]
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
# print(r.json)
# 生成扫描报告,每次新生成的都在第一个
def html():
api_url = tarurl + '/api/v1/reports'
# print(api_url)
r = requests.get(url=api_url, headers=headers, verify=False)
html = r.json().get("reports")[0].get("download")[0]
url_html = tarurl + html
print('报告地址:', url_html)
r_html = requests.get(url=url_html, headers=headers, verify=False)
time_now = datetime.now().strftime('%Y-%m-%d %H%M%S')
with open("report-" + time_now + ".html", "wb") as code:
code.write(r_html.content)
code.close()
def pdf():
api_url = tarurl + '/api/v1/reports'
# print(api_url)
r = requests.get(url=api_url, headers=headers, verify=False)
pdf = r.json().get("reports")[0].get("download")[1]
url_pdf = tarurl + pdf
print('报告地址:', url_pdf)
r_html = requests.get(url=url_pdf, headers=headers, verify=False)
time_now = datetime.now().strftime('%Y-%m-%d %H%M%S')
with open("report-" + time_now + ".pdf", "wb") as code:
code.write(r_html.content)
code.close()
if __name__ == '__main__':
# targets()
# 添加到targets队列
target_id = post_targets("http://8.8.8.8/")
time.sleep(5)
# 添加到scans队列
scans(target_id)
time.sleep(5)
# 获取scan_id,并生成generate
scan_id = scan_id()
generate(scan_id)
time.sleep(5)
# 生成扫描报告
# pdf()
html()
返回结果:
二、AWVS介绍
Acunetix是一个专业好用的漏洞扫描工具,提供一些内置API接口,可供调用。因毕业设计,对其中一些接口进行了测试,以下为测试文档。
三、准备工作
1.获取 API-KEY
「Administrator」-「Profile」-「API Key」-「Copy」
API-KEY:1986ad8c0a5b3df4d7028d5f3c06e936c1fc7e549ff144a089c34a12b23d572fa
2.Header 设置
1.接口介绍
X-Auth:API-KEY
Content-type:application/json;charset=utf8
2.python代码
apikey = "1986ad8c0a5b3df4d7028d5f3c06e936c1fc7e549ff144a089c34a12b23d572fa"
headers = {"X-Auth": apikey, "Content-type": "application/json;charset=utf8"}
tarurl = "https://localhost:3443"
3.屏蔽警告
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
四、接口验证
1.查看Targets扫描队列
1.接口介绍
Method: GET
URL: /api/v1/targets
2.python代码
api_url = tarurl + '/api/v1/targets'
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json()) #返回结果为json格式
3.返回结果
{
'targets': [
{
'address': 'http://192.168.137.129/',
'continuous_mode': False,
'criticality': 10,
'default_scanning_profile_id': None,
'deleted_at': None,
'description': 'http://192.168.137.129/',
'fqdn': '192.168.137.129',
'fqdn_hash': '4d9a6f1d9e94cce236acd2d397fdc5ce',
'fqdn_status': 'new',
'fqdn_tm_hash': 'f3c47dc4029759660937dd3f55c685c2',
'issue_tracker_id': None, 'last_scan_date': '2022-03-28T18:07:52.178043+08:00',
'last_scan_id': 'b7eab683-8708-4cfc-9d3a-2e3c989fbae5',
'last_scan_session_id': 'b3b15334-44ed-4dd7-8363-b874c7ec0947',
'last_scan_session_status': 'completed',
'manual_intervention': None,
'severity_counts': {
'high': 0,
'info': 0,
'low': 0,
'medium': 0
},
'target_id': '73e0d89a-6323-446a-a00c-691a884b286b',
'threat': 0,
'type': None,
'verification': None
},
'pagination':
{
'count': 11,
'cursor_hash': '8f629dd49f910b9202eb0da5d51fdb6e',
'cursors': [None],
'sort': None
}
}
4.参数说明
| 参数 | 说明 |
|---|
| targets | 目标详细信息 |
| pagination | 分页信息 |
targets:
| 参数 | 说明 |
|---|
| address | 扫描目标网址 |
| continuous_mode | 是否连续模式 |
| criticality | 危险程度 |
| description | 描述 |
| last_scan_date | 最近扫描的日期 |
| last_scan_id | 最近扫描的id |
| last_scan_session_id | 最近扫描的session id |
| last_scan_session_status | 最近的扫描状态 |
| manual_intervention | 手动干预 |
| severity_counts | 漏洞等级个数分布 |
| target_id | 目标id |
| threat | 威胁等级 |
| type | 类型 |
| verification | 验证 |
2.添加任务到Targets扫描队列,并返回target_id
1.接口介绍
Method: POST
URL: /api/v1/targets
2.python代码
api_url = tarurl + '/api/v1/targets'
data = {
"address": url,
"description": "wyt_target",
"criticality": "10"
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
target_id = r.json().get("target_id")
print(target_id)
3.返回结果
87527c66-665b-4920-bde7-c56e5297f8b0
3.添加targets队列中的任务到scans
1.接口介绍
Method: POST
URL: /api/v1/scans
2.data介绍
data =
{
"target_id": "ec78d77d-6e26-4994-8d46-7fa8deae11b9",
"profile_id": "11111111-1111-1111-1111-111111111112",
"schedule":
{
"disable": False,
"start_date": None,
"time_sensitive": False
}
}
3.python代码
api_url = tarurl + '/api/v1/scans'
data = {
"target_id": url,
"profile_id": "11111111-1111-1111-1111-111111111112",
"schedule": {
"disable": False,
"start_date": None,
"time_sensitive": False
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
4.发送参数说明
| 参数 | 类型 | 说明 |
| profile_id | string | 扫描类型 |
| ui_session_i | string | 可不传 |
| incremental | bool | 增加的 |
| schedule | json | 扫描时间设置(默认即时) |
| report_template_id | string | 扫描报告类型(可不传) |
| target_id | string | 目标id |
profile_id:
| 类型 | 值 | 意义 |
|---|
| Full Scan | 11111111-1111-1111-1111-111111111111 | 完全扫描 |
| High Risk Vulnerabilities | 11111111-1111-1111-1111-111111111112 | 高风险漏洞 |
| Cross-site Scripting Vulnerabilities | 11111111-1111-1111-1111-111111111116 |
|
| XSS漏洞 |
|
|
| SQL Injection Vulnerabilities | 11111111-1111-1111-1111-111111111113 | SQL注入漏洞 |
| Weak Passwords | 11111111-1111-1111-1111-111111111115 | 弱口令检测 |
| Crawl Only | 11111111-1111-1111-1111-111111111117 | Crawl Only |
| Malware Scan | 11111111-1111-1111-1111-111111111120 | 恶意软件扫描 |
4.获取scan_id
1.接口介绍
Method: GET
URL: /api/v1/scans
2.代码
api_url = tarurl + '/api/v1/scans'
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json().get("scans")[0])
scan_id = r.json().get("scans")[0].get("scan_id")
3.返回结果
{
'criticality': 10,
'current_session': {
'event_level': 2,
'progress': 100,
'scan_session_id': '7be91fbd-f904-4c6f-a33c-909cddb7a9c8',
'severity_counts': {
'high': 0,
'info': 0,
'low': 0,
'medium': 0
},
'start_date': '2022-04-03T19:05:05.089001+08:00',
'status': 'completed',
'threat': 0
},
'incremental': False,
'max_scan_time': 0,
'next_run': None,
'profile_id': '11111111-1111-1111-1111-111111111112',
'profile_name': 'High Risk',
'report_template_id': None,
'scan_id': '5b9222cc-a21b-4b11-b1a5-6d6d5856d74a',
'schedule': {
'disable': False,
'history_limit': None,
'recurrence': None,
'start_date': None,
'time_sensitive': False,
'triggerable': False
},
'target': {
'address': 'http://6.6.6.6/',
'criticality': 10,
'description': 'wyt_target',
'type': 'default'
},
'target_id': '0944cef3-411e-4d4c-8647-4655f0b1e52b'
}
4.返回参数说明
| 参数 | 说明 |
|---|
| criticality | 危险程度 |
| current_session | 当前会话 |
| start_date | 开始扫描时间 |
| status | 扫描状态 |
| threat | 威胁性 |
| incremental | 额外的? |
| manual_intervention | 人工干预 |
| max_scan_time | 最大扫描时间 |
| next_run | 下一轮 |
| profile_id | 扫描类型 |
| profile_name | 扫描类型名称 |
| report_template_id | 扫描报告模板id |
| scan_id | 扫描id |
| schedule | 时间表 |
| target | 目标相关的信息 |
| target_id | 目标id |
5.导出报告-生成gennerate
1.接口介绍
Method: POST
URL: /api/v1/reports
2.data介绍
data = {
"template_id": "11111111-1111-1111-1111-111111111115",
"source": {
"list_type": "scans",
"id_list": ["87527c66-665b-4920-bde7-c56e5297f8b0"]
}
}
3.python代码
api_url = tarurl + '/api/v1/reports'
data = {
"template_id": "11111111-1111-1111-1111-111111111115",
"source": {
"list_type": "scans",
"id_list": [url]
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers,data=data_json, verify=False)
print(r.json)
4.返回结果
{
'pagination': {
'count': 5,
'cursor_hash': '8f629dd49f910b9202eb0da5d51fdb6e',
'cursors': [None],
'sort': None},
'reports': [
{
'download': [
'/api/v1/reports/download/4df097a941830e36be6665ab908e40a27c2d0528d503a70ce9b77f72592bc73e05bc9f8d624994d71482b153-bd3b-4c36-8d21-0886c07f4739.html',
'/api/v1/reports/download/1c3fa9b4f76396cedcda1e857e5bfe0053fcd9653bf55d1344a5e99bd1b53366fa10c36a624994d71482b153-bd3b-4c36-8d21-0886c07f4739.pdf'
],
'generation_date': '2022-04-03T19:33:46.118619+08:00',
'report_id': '1482b153-bd3b-4c36-8d21-0886c07f4739',
'source': {
'list_type': 'scans',
'description': 'http://6.6.6.6/;wyt_target',
'id_list': ['5b9222cc-a21b-4b11-b1a5-6d6d5856d74a']
},
'status': 'completed',
'template_id': '11111111-1111-1111-1111-111111111115',
'template_name': 'Affected Items',
'template_type': 0
}
]
}
5.发送参数说明
| 参数 | 类型 | 说明 |
|---|
| template_id | String | 扫描报名模板类型 |
| list_type | String | 值为: scans |
| id_list | String | 值为: scan_id |
template_id:
| 类型 | 值 |
|---|
| Affected Items | 11111111-1111-1111-1111-111111111115 |
| CWE 2011 | 11111111-1111-1111-1111-111111111116 |
| Developer | 11111111-1111-1111-1111-111111111111 |
| Executive Summary | 11111111-1111-1111-1111-111111111113 |
| HIPAA | 11111111-1111-1111-1111-111111111114 |
| ISO 27001 | 11111111-1111-1111-1111-111111111117 |
| NIST SP800 53 | 11111111-1111-1111-1111-111111111118 |
| OWASP Top 10 2013 | 11111111-1111-1111-1111-111111111119 |
| PCI DSS 3.2 | 11111111-1111-1111-1111-111111111120 |
| Quick | 11111111-1111-1111-1111-111111111112 |
| Sarbanes Oxley | 11111111-1111-1111-1111-111111111121 |
| Scan Comparison | 11111111-1111-1111-1111-111111111124 |
| STIG DISA | 11111111-1111-1111-1111-111111111122 |
| WASC Threat Classification | 11111111-1111-1111-1111-111111111123 |
6.返回参数说明
| 参数 | 说明 |
|---|
| generation_date | 生成时间 |
| template_type |
模板类型 |
| report_id | 报告id |
| template_name | 模板名字 |
| status | 状态 |
| template_id | 模板id |
| download | 下载链接[html, pdf] |
| source | 来源 |
| description | 备注 |
6.导出报告-html/pdf
1.接口介绍
Method: GET
URL: /api/v1/reports
2.python代码
api_url = tarurl + '/api/v1/reports'
r = requests.get(url=api_url, headers=headers, verify=False)
html = r.json().get("reports")[0].get("download")[0]
# pdf = r.json().get("reports")[0].get("download")[1]
url_html = tarurl + html
r_html = requests.get(url=url_html, headers=headers, verify=False)
with open("report.html", "wb") as code:
code.write(r_html.content)
code.close()
总结
这篇文章缘起于我的本科毕业设计”漏洞分析系统设计“,首先感谢各位师傅的优秀博文分享,给了迷茫中的我许多灵感:
国光师傅的AWVS API文档:https://www.sqlsec.com/2020/04/awvsapi.html#toc-heading-32
h4rdy师傅的AWVS API文档:https://github.com/h4rdy/Acunetix11-API-Documentation
Recar师傅的AWVS测试文件:https://blog.csdn.net/qq_28295425/article/details/81051954
-https://blog.csdn.net/qq_45859826/article/details/123944724
欢 迎 加 入 星 球 !
代码审计+免杀+渗透学习资源+各种资料文档+各种工具+付费会员
关注下方公众号回复“666”可以领取一套精品渗透测试工具集和百度云视频链接。
还在等什么?赶紧点击下方名片关注学习吧!
