def __init__(self, API_URL, API_KEY):
super(AwvsModule, self).__init__()
self.api_url = API_URL
self.api_key = API_KEY
self.targets = AwvsTargets(self.api_url, self.api_key)
self.scans = AwvsScans(self.api_url, self.api_key)
self.vulns = AwvsVulns(self.api_url, self.api_key)
self.reports = AwvsReports(self.api_url, self.api_key)
class AwvsModule(object):
"""docstring for AwvsModule"""
def __init__(self, API_URL, API_KEY):
super(AwvsModule, self).__init__()
self.api_url = API_URL
self.api_key = API_KEY
self.targets = AwvsTargets(self.api_url, self.api_key)
self.scans = AwvsScans(self.api_url, self.api_key)
self.vulns = AwvsVulns(self.api_url, self.api_key)
self.reports = AwvsReports(self.api_url, self.api_key)
def add_target(self, target, criticality="10", description="awvs_scan"):
self.targets.add_target(target, criticality, description)
def delete_target(self, target):
target_id = self.targets.get_target_id(target)
self.targets.delete_target(target_id)
def add_scan(self, target, scan_type="FS"):
target_id = self.targets.get_target_id(target)
self.scans.add_scan(target_id, scan_type)
def abort_scan(self, target):
scan_id, scan_session_id = self.scans.get_scan_and_session_id(target)
self.scans.abort_scan(scan_id)
def delete_scan(self, target):
scan_id, scan_session_id = self.scans.get_scan_and_session_id(target)
self.scans.delete_scan(scan_id)
def get_vulns(self, target, status="open"):
target_id = self.targets.get_target_id(target)
self.vulns.get_all_vulns(target_id, status)
def download_report(self, target, template_type="AI"):
scan_id, scan_session_id = self.scans.get_scan_and_session_id(target)
scan_status, report_id = self.reports.create_report(
template_type, scan_id)
if report_id:
self.reports.download_report(report_id)
else:
print("扫描状态不是 completed,是 {},不能导出报告!".format(scan_status))
def __init__(self, api_url, api_key):
super(AwvsReports, self).__init__()
self.api = api_url
self.headers = {
"X-Auth": api_key,
"Content-type": "application/json; charset=utf8"
}
self.template_type = {
"AI": "11111111-1111-1111-1111-111111111115", #Affected Items
"C2": "11111111-1111-1111-1111-111111111116", #CWE 2011
"D": "11111111-1111-1111-1111-111111111111", #Developer
"ES": "11111111-1111-1111-1111-111111111113", #Executive Summary
"H": "11111111-1111-1111-1111-111111111114", #HIPAA
"I2": "11111111-1111-1111-1111-111111111117", #ISO 27001
"NS5": "11111111-1111-1111-1111-111111111118", #NIST SP800 53
"OT12": "11111111-1111-1111-1111-111111111119", #OWASP Top 10 2013
"PD3": "11111111-1111-1111-1111-111111111120", #PCI DSS 3.2
"Q": "11111111-1111-1111-1111-111111111112", #Quick
"SO": "11111111-1111-1111-1111-111111111121", #Sarbanes Oxley
"SC": "11111111-1111-1111-1111-111111111124", #Scan Comparison
"SD": "11111111-1111-1111-1111-111111111122", #STIG DISA
"WTC": "11111111-1111-1111-1111-111111111123", #WASC Threat Classification
}
self.scans = AwvsScans(api_url, api_key)
class AwvsReports(object):
"""docstring for AwvsReports"""
def __init__(self, api_url, api_key):
super(AwvsReports, self).__init__()
self.api = api_url
self.headers = {
"X-Auth": api_key,
"Content-type": "application/json; charset=utf8"
}
self.template_type = {
"AI": "11111111-1111-1111-1111-111111111115", #Affected Items
"C2": "11111111-1111-1111-1111-111111111116", #CWE 2011
"D": "11111111-1111-1111-1111-111111111111", #Developer
"ES": "11111111-1111-1111-1111-111111111113", #Executive Summary
"H": "11111111-1111-1111-1111-111111111114", #HIPAA
"I2": "11111111-1111-1111-1111-111111111117", #ISO 27001
"NS5": "11111111-1111-1111-1111-111111111118", #NIST SP800 53
"OT12": "11111111-1111-1111-1111-111111111119", #OWASP Top 10 2013
"PD3": "11111111-1111-1111-1111-111111111120", #PCI DSS 3.2
"Q": "11111111-1111-1111-1111-111111111112", #Quick
"SO": "11111111-1111-1111-1111-111111111121", #Sarbanes Oxley
"SC": "11111111-1111-1111-1111-111111111124", #Scan Comparison
"SD": "11111111-1111-1111-1111-111111111122", #STIG DISA
"WTC": "11111111-1111-1111-1111-111111111123", #WASC Threat Classification
}
self.scans = AwvsScans(api_url, api_key)
def get_all_report(self):
resp = requests.get(self.api+"/reports", headers=self.headers, timeout=TIMEOUT, verify=False)
return resp.json()
def create_report(self, template_type, scan_id):
scans_info = self.scans.get_single_scan_info(scan_id)
scan_status = scans_info.get("current_session").get("status")
if scan_status != "completed":
return (scan_status, None)
else:
data = json.dumps({
"template_id": self.template_type.get(template_type),
"source":{
"list_type":"scans",
"id_list":[scan_id]
}
})
resp = requests.post(self.api+"/reports", data=data, headers=self.headers, timeout=TIMEOUT, verify=False)
report_id = resp.headers.get("Location").replace("/api/v1/reports/","")
return ("completed", report_id)
def download_report(self, report_id):
while True:
time.sleep(3)
path = "/reports/{}".format(report_id)
resp = requests.get(self.api+path, headers=self.headers, timeout=TIMEOUT, verify=False)
result = resp.json()
if result.get("status") == "completed":
date = time.strftime("%Y%m%d%H%M", time.localtime())
target = result.get("source").get("description")
target = urlparse(target).netloc.replace(".","_").split(";")[0]
template_name = result.get("template_name").replace(" ","_")
filename = "{}-{}-{}.pdf".format(date,target,template_name)
download_url = self.api+result.get("download")[1].replace("/api/v1", "")
with open("./reports/"+filename, "wb") as f:
resp = requests.get(download_url, headers=self.headers, timeout=TIMEOUT, verify=False)
f.write(resp.content)
break
result = resp.json()
if result.get("status") == "completed":
date = time.strftime("%Y%m%d%H%M", time.localtime())
target = result.get("source").get("description")
target = urlparse(target).netloc.replace(".","_").split(";")[0]
template_name = result.get("template_name").replace(" ","_")
filename = "{}-{}-{}.pdf".format(date,target,template_name)
download_url = self.api+result.get("download")[1].replace("/api/v1", "")
with open("./reports/"+filename, "wb") as f:
resp = requests.get(download_url, headers=self.headers, timeout=TIMEOUT, verify=False)
f.write(resp.content)
break
if __name__ == "__main__":
from setting import API_URL
from setting import API_KEY
from scans import AwvsScans
scans = AwvsScans(API_URL, API_KEY)
scan_id, scan_session_id = scans.get_scan_and_session_id("vulnweb.com")
reports = AwvsReports(API_URL, API_KEY)
pprint(reports.get_all_report())
# report_id = reports.create_report("AI",scan_id)
# reports.download_report(report_id)
class AwvsModule(object):
"""docstring for AwvsModule"""
def __init__(self, API_URL, API_KEY):
super(AwvsModule, self).__init__()
self.api_url = API_URL
self.api_key = API_KEY
self.dashboard = AwvsDashboard(self.api_url, self.api_key)
self.targets = AwvsTargets(self.api_url, self.api_key)
self.scans = AwvsScans(self.api_url, self.api_key)
self.vulns = AwvsVulns(self.api_url, self.api_key)
self.reports = AwvsReports(self.api_url, self.api_key)
def start_scan(self,
target=None,
criticality="10",
description="awvs_scan",
scan_type="FS"):
"""
这里有两步操作,先添加 target,然后添加 scan
"""
target_info = self.targets.add_target(target, criticality, description)
target_id = target_info.get("target_id")
self.scans.add_scan(target_id, scan_type)
# 查看 scan 是否创建成功,成功返回 True
all_scan_info = self.scans.get_all_scan_info()
for scan_info in all_scan_info.get("scans"):
if target_id == scan_info.get("target_id"):
scan_id = scan_info.get("scan_id")
scan_session_id = scan_info.get("current_session").get(
"scan_session_id")
if scan_id and scan_session_id:
return target_id, scan_id, scan_session_id
def get_target_vuls(self, target):
target_id = self.targets.get_target_id(target)
scan_id, scan_session_id = self.scans.get_scan_and_session_id(target)
target_id, vuln_list_detail = self.vulns.get_target_vulns(
target_id, status="open")
return target_id, vuln_list_detail
def delete_scan(self, target):
"""
这里的 delete_scan 其实是delete target,
因为 target 被删除时该 target 下所有的 scan 都会被删除
"""
target_id = self.targets.get_target_id(target)
self.targets.delete_target(target_id)
def abort_scan(self, target):
scan_id, scan_session_id = self.scans.get_scan_and_session_id(target)
self.scans.abort_scan(scan_id)
def download_report(self, target, template_type="AI"):
scan_id, scan_session_id = self.scans.get_scan_and_session_id(target)
scan_status, report_id = self.reports.create_report(
template_type, scan_id)
if report_id:
self.reports.download_report(report_id)
else:
print("扫描状态不是 completed,是 {},不能导出报告!".format(scan_status))