def main():
atexit.register(kill_child)
my_env = os.environ
cmd = my_env[
"CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api"
profile = my_env[
"CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"
# Parser argument in command line
parser = argparse.ArgumentParser(
description='w3af_client is develop for automating security testing')
parser.add_argument('-t',
'--target',
help='Network or Host for scan',
required=False)
parser.add_argument('-o', '--output', help='Output file', required=False)
args = parser.parse_args()
if args.target is None or args.output is None:
print "Argument errors check -h"
exit(0)
print 'Starting w3af api ...'
global child_pid
proc = subprocess.Popen([cmd])
child_pid = proc.pid
print 'Waiting for W3af to load, 5 seconds ...'
time.sleep(5)
# Connect to the REST API and get it's version
conn = Connection('http://127.0.0.1:5000/')
print conn.get_version()
# Define the target and configuration
# scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
scan_profile = file(profile).read()
scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output,
scan_profile)
# scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()
target_urls = [args.target]
scan = Scan(conn)
s = scan.start(scan_profile, target_urls)
time.sleep(2)
# Wait some time for the scan to start and then
scan.get_urls()
scan.get_log()
scan.get_findings()
while (scan.get_status()['status'] == "Running"):
print 'Scan progress: %s' + str(scan.get_status()['rpm'])
time.sleep(2)
def main():
atexit.register(kill_child)
my_env = os.environ
cmd = my_env["CS_W3AF"] if "CS_W3AF" in my_env else "/root/tools/w3af/w3af_api"
profile = my_env["CS_W3AF_PROFILE"] if "CS_W3AF_PROFILE" in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af"
# Parser argument in command line
parser = argparse.ArgumentParser(description="w3af_client is develop for automating security testing")
parser.add_argument("-t", "--target", help="Network or Host for scan", required=False)
parser.add_argument("-o", "--output", help="Output file", required=False)
args = parser.parse_args()
if args.target == None or args.output == None:
print "Argument errors check -h"
exit(0)
print "Starting w3af api ..."
global child_pid
proc = subprocess.Popen([cmd])
child_pid = proc.pid
print "Waiting for W3af to load, 5 seconds ..."
time.sleep(5)
# Connect to the REST API and get it's version
conn = Connection("http://127.0.0.1:5000/")
print conn.get_version()
# Define the target and configuration
# scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read()
scan_profile = file(profile).read()
scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile)
# scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read()
target_urls = [args.target]
scan = Scan(conn)
s = scan.start(scan_profile, target_urls)
time.sleep(2)
# Wait some time for the scan to start and then
scan.get_urls()
scan.get_log()
scan.get_findings()
while scan.get_status()["status"] == "Running":
print "Scan progress: %s" + str(scan.get_status()["rpm"])
time.sleep(2)
def initConnection(self, scannerUrl):
printLog("Initialize connection with scanner at ", scannerUrl)
while True:
try:
printLog("Trying initialization for scanner:", scannerUrl)
conn = Connection(scannerUrl)
ver = conn.get_version()
if (ver is not None):
printLog("Version: ", conn.get_version())
printLog("Scanner initialized: ", scannerUrl)
break
else:
pass
except Exception, e:
pass
else:
pass
finally:
from w3af_api_client import Connection, Scan
connection = Connection('http://127.0.0.1:5000/')
print connection.get_version()
profile = file('w3af/profiles/OWASP_TOP10.pw3af').read()
target = ['http://localhost']
scan = Scan(connection)
scan.start(profile, target)
scan.get_urls()
scan.get_log()
scan.get_findings()
scan.get_fuzzable_requests()
from w3af_api_client import Connection
conn = Connection('http://10.108.114.195:5000/')
print(conn.get_version())
#!/usr/bin/python
from w3af_api_client import Connection, Scan
# Connect to the REST API and get it's version
conn = Connection('http://127.0.0.1:5000/')
print conn.get_version()
#scan = Scan(conn)
#scan.start(scan_profile, target_urls)
scans = conn.get_scans()
for scan in scans:
# print scan.get_urls()
for vuln in scan.get_findings():
for key in vuln.resource_data:
print key, ": ", vuln.resource_data[key]
try:
traffic = vuln.get_traffic()
for raw_data in (traffic):
print "Request: ", raw_data.request, "\n"
print "Response: ", raw_data.response, "\n"
except:
print "No data, check manually the provided link"
# break
