def __init__(self, API_URL, API_KEY): super(AwvsModule, self).__init__() self.api_url = API_URL self.api_key = API_KEY self.targets = AwvsTargets(self.api_url, self.api_key) self.scans = AwvsScans(self.api_url, self.api_key) self.vulns = AwvsVulns(self.api_url, self.api_key) self.reports = AwvsReports(self.api_url, self.api_key)
class AwvsModule(object): """docstring for AwvsModule""" def __init__(self, API_URL, API_KEY): super(AwvsModule, self).__init__() self.api_url = API_URL self.api_key = API_KEY self.targets = AwvsTargets(self.api_url, self.api_key) self.scans = AwvsScans(self.api_url, self.api_key) self.vulns = AwvsVulns(self.api_url, self.api_key) self.reports = AwvsReports(self.api_url, self.api_key) def add_target(self, target, criticality="10", description="awvs_scan"): self.targets.add_target(target, criticality, description) def delete_target(self, target): target_id = self.targets.get_target_id(target) self.targets.delete_target(target_id) def add_scan(self, target, scan_type="FS"): target_id = self.targets.get_target_id(target) self.scans.add_scan(target_id, scan_type) def abort_scan(self, target): scan_id, scan_session_id = self.scans.get_scan_and_session_id(target) self.scans.abort_scan(scan_id) def delete_scan(self, target): scan_id, scan_session_id = self.scans.get_scan_and_session_id(target) self.scans.delete_scan(scan_id) def get_vulns(self, target, status="open"): target_id = self.targets.get_target_id(target) self.vulns.get_all_vulns(target_id, status) def download_report(self, target, template_type="AI"): scan_id, scan_session_id = self.scans.get_scan_and_session_id(target) scan_status, report_id = self.reports.create_report( template_type, scan_id) if report_id: self.reports.download_report(report_id) else: print("扫描状态不是 completed,是 {},不能导出报告!".format(scan_status))
def __init__(self, api_url, api_key): super(AwvsReports, self).__init__() self.api = api_url self.headers = { "X-Auth": api_key, "Content-type": "application/json; charset=utf8" } self.template_type = { "AI": "11111111-1111-1111-1111-111111111115", #Affected Items "C2": "11111111-1111-1111-1111-111111111116", #CWE 2011 "D": "11111111-1111-1111-1111-111111111111", #Developer "ES": "11111111-1111-1111-1111-111111111113", #Executive Summary "H": "11111111-1111-1111-1111-111111111114", #HIPAA "I2": "11111111-1111-1111-1111-111111111117", #ISO 27001 "NS5": "11111111-1111-1111-1111-111111111118", #NIST SP800 53 "OT12": "11111111-1111-1111-1111-111111111119", #OWASP Top 10 2013 "PD3": "11111111-1111-1111-1111-111111111120", #PCI DSS 3.2 "Q": "11111111-1111-1111-1111-111111111112", #Quick "SO": "11111111-1111-1111-1111-111111111121", #Sarbanes Oxley "SC": "11111111-1111-1111-1111-111111111124", #Scan Comparison "SD": "11111111-1111-1111-1111-111111111122", #STIG DISA "WTC": "11111111-1111-1111-1111-111111111123", #WASC Threat Classification } self.scans = AwvsScans(api_url, api_key)
class AwvsReports(object): """docstring for AwvsReports""" def __init__(self, api_url, api_key): super(AwvsReports, self).__init__() self.api = api_url self.headers = { "X-Auth": api_key, "Content-type": "application/json; charset=utf8" } self.template_type = { "AI": "11111111-1111-1111-1111-111111111115", #Affected Items "C2": "11111111-1111-1111-1111-111111111116", #CWE 2011 "D": "11111111-1111-1111-1111-111111111111", #Developer "ES": "11111111-1111-1111-1111-111111111113", #Executive Summary "H": "11111111-1111-1111-1111-111111111114", #HIPAA "I2": "11111111-1111-1111-1111-111111111117", #ISO 27001 "NS5": "11111111-1111-1111-1111-111111111118", #NIST SP800 53 "OT12": "11111111-1111-1111-1111-111111111119", #OWASP Top 10 2013 "PD3": "11111111-1111-1111-1111-111111111120", #PCI DSS 3.2 "Q": "11111111-1111-1111-1111-111111111112", #Quick "SO": "11111111-1111-1111-1111-111111111121", #Sarbanes Oxley "SC": "11111111-1111-1111-1111-111111111124", #Scan Comparison "SD": "11111111-1111-1111-1111-111111111122", #STIG DISA "WTC": "11111111-1111-1111-1111-111111111123", #WASC Threat Classification } self.scans = AwvsScans(api_url, api_key) def get_all_report(self): resp = requests.get(self.api+"/reports", headers=self.headers, timeout=TIMEOUT, verify=False) return resp.json() def create_report(self, template_type, scan_id): scans_info = self.scans.get_single_scan_info(scan_id) scan_status = scans_info.get("current_session").get("status") if scan_status != "completed": return (scan_status, None) else: data = json.dumps({ "template_id": self.template_type.get(template_type), "source":{ "list_type":"scans", "id_list":[scan_id] } }) resp = requests.post(self.api+"/reports", data=data, headers=self.headers, timeout=TIMEOUT, verify=False) report_id = resp.headers.get("Location").replace("/api/v1/reports/","") return ("completed", report_id) def download_report(self, report_id): while True: time.sleep(3) path = "/reports/{}".format(report_id) resp = requests.get(self.api+path, headers=self.headers, timeout=TIMEOUT, verify=False) result = resp.json() if result.get("status") == "completed": date = time.strftime("%Y%m%d%H%M", time.localtime()) target = result.get("source").get("description") target = urlparse(target).netloc.replace(".","_").split(";")[0] template_name = result.get("template_name").replace(" ","_") filename = "{}-{}-{}.pdf".format(date,target,template_name) download_url = self.api+result.get("download")[1].replace("/api/v1", "") with open("./reports/"+filename, "wb") as f: resp = requests.get(download_url, headers=self.headers, timeout=TIMEOUT, verify=False) f.write(resp.content) break
result = resp.json() if result.get("status") == "completed": date = time.strftime("%Y%m%d%H%M", time.localtime()) target = result.get("source").get("description") target = urlparse(target).netloc.replace(".","_").split(";")[0] template_name = result.get("template_name").replace(" ","_") filename = "{}-{}-{}.pdf".format(date,target,template_name) download_url = self.api+result.get("download")[1].replace("/api/v1", "") with open("./reports/"+filename, "wb") as f: resp = requests.get(download_url, headers=self.headers, timeout=TIMEOUT, verify=False) f.write(resp.content) break if __name__ == "__main__": from setting import API_URL from setting import API_KEY from scans import AwvsScans scans = AwvsScans(API_URL, API_KEY) scan_id, scan_session_id = scans.get_scan_and_session_id("vulnweb.com") reports = AwvsReports(API_URL, API_KEY) pprint(reports.get_all_report()) # report_id = reports.create_report("AI",scan_id) # reports.download_report(report_id)
class AwvsModule(object): """docstring for AwvsModule""" def __init__(self, API_URL, API_KEY): super(AwvsModule, self).__init__() self.api_url = API_URL self.api_key = API_KEY self.dashboard = AwvsDashboard(self.api_url, self.api_key) self.targets = AwvsTargets(self.api_url, self.api_key) self.scans = AwvsScans(self.api_url, self.api_key) self.vulns = AwvsVulns(self.api_url, self.api_key) self.reports = AwvsReports(self.api_url, self.api_key) def start_scan(self, target=None, criticality="10", description="awvs_scan", scan_type="FS"): """ 这里有两步操作,先添加 target,然后添加 scan """ target_info = self.targets.add_target(target, criticality, description) target_id = target_info.get("target_id") self.scans.add_scan(target_id, scan_type) # 查看 scan 是否创建成功,成功返回 True all_scan_info = self.scans.get_all_scan_info() for scan_info in all_scan_info.get("scans"): if target_id == scan_info.get("target_id"): scan_id = scan_info.get("scan_id") scan_session_id = scan_info.get("current_session").get( "scan_session_id") if scan_id and scan_session_id: return target_id, scan_id, scan_session_id def get_target_vuls(self, target): target_id = self.targets.get_target_id(target) scan_id, scan_session_id = self.scans.get_scan_and_session_id(target) target_id, vuln_list_detail = self.vulns.get_target_vulns( target_id, status="open") return target_id, vuln_list_detail def delete_scan(self, target): """ 这里的 delete_scan 其实是delete target, 因为 target 被删除时该 target 下所有的 scan 都会被删除 """ target_id = self.targets.get_target_id(target) self.targets.delete_target(target_id) def abort_scan(self, target): scan_id, scan_session_id = self.scans.get_scan_and_session_id(target) self.scans.abort_scan(scan_id) def download_report(self, target, template_type="AI"): scan_id, scan_session_id = self.scans.get_scan_and_session_id(target) scan_status, report_id = self.reports.create_report( template_type, scan_id) if report_id: self.reports.download_report(report_id) else: print("扫描状态不是 completed,是 {},不能导出报告!".format(scan_status))