def get_target_vulns_by_status_severity(self, target_id, status, severity): ''' target_id string target_id status string 状态;[open !open fixed ignored false_positive] severity int 危害等级;[3 2 1 0] 高中低无危害 ''' path = "/vulnerabilities?q=status:{};severity:{};target_id:{}".format( status, severity, target_id) resp = requests.get(self.api + path, headers=self.headers) return resp.json()
def download_report(self, report_id): while True: time.sleep(3) path = "/reports/{}".format(report_id) resp = requests.get(self.api+path, headers=self.headers) result = resp.json() if result.get("status") == "completed": date = time.strftime("%Y%m%d%H%M", time.localtime()) target = result.get("source").get("description") target = urlparse(target).netloc.replace( ".", "-").split(";")[0] template_name = result.get("template_name").replace(" ", "-") filename = "{}_{}_{}.pdf".format(date, target, template_name) download_url = self.api + \ result.get("download")[1].replace("/api/v1", "") with open("./reports/"+filename, "wb") as f: resp = requests.get(download_url, headers=self.headers) f.write(resp.content) break
def get_single_vuln(self, vuln_id): path = "/vulnerabilities/{}".format(vuln_id) resp = requests.get(self.api + path, headers=self.headers) result = resp.json() script = result.get("source") #使用的脚本 vt_name = result.get("vt_name") vul_level = result.get("severity") affects_url = result.get("affects_url") affects_detail = result.get("affects_detail") request = result.get("request") return vt_name, vul_level, affects_url, affects_detail, request
def get_single_target_info_api(self, text_search, threat="1,2,3", criticality="10,20,30"): ''' threat int 威胁等级;高->低:[3,2,1,0] criticality int 危险程度;高->低:[30,20,10,0] group_id string 分组id last_scanned 最后一次扫描时间(默认不传该参数) text_search string 筛选内容 Demo: /api/v1/targets?q=threat:3;criticality:10,20;text_search:*h4rdy.me ''' path = "/targets?q=threat:{};criticality:{};text_search:*{}".format( threat, criticality, text_search ) resp = requests.get(self.api+path, headers=self.headers) return resp.json()
def get_all_vuln(self, scan_id, scan_session_id): path = "/scans/{}/results/{}/vulnerabilities".format( scan_id, scan_session_id) resp = requests.get(self.api + path, headers=self.headers) for vuln in resp.json().get("vulnerabilities"): vuln_id = vuln.get("vuln_id") # if vuln_id == "2112176097146701028": # pprint(vuln) # self.get_single_vuln(scan_id, scan_session_id, vuln_id) vul_detail = self.get_single_vuln(scan_id, scan_session_id, vuln_id) vt_name, vul_level, affects_url, affects_detail, request = vul_detail print("*" * 130) print("Scan ID: {}\nScan Session ID: {}\nVuln ID: {}".format( scan_id, scan_session_id, vuln_id)) print("漏洞类型: {}".format(vt_name)) print("危害等级: {}".format(vul_level)) print("漏洞入口: {}".format(affects_url)) print("漏洞参数: {}".format(affects_detail)) print("请求包:\n{}".format(request))
def get_all_target_info(self): resp = requests.get(self.api+"/targets", headers=self.headers) return resp.json()
def stats(self): resp = requests.get(self.api + "/me/stats", headers=self.headers) return resp.json()
def account(self): resp = requests.get(self.api + "/me", headers=self.headers) return resp.json()
def info(self): resp = requests.get(self.api + "/info", headers=self.headers) return resp.json()
def get_all_report(self): resp = requests.get(self.api+"/reports", headers=self.headers) return resp.json()
def get_single_scan_info(self, scan_id): path = "/scans/{}".format(scan_id) resp = requests.get(self.api + path, headers=self.headers) return resp.json()
def get_all_scan_info(self): resp = requests.get(self.api + "/scans", headers=self.headers) return resp.json()