def start_scan():
"""
Starts a new w3af scan
Receive a JSON containing:
- A list with the target URLs
- The profile (eg. the content of fast_scan.pw3af)
:return: A JSON containing:
- The URL to the newly created scan (eg. /scans/1)
- The newly created scan ID (eg. 1)
"""
if not request.json or not 'scan_profile' in request.json:
abort(400, 'Expected scan_profile in JSON object')
if not request.json or not 'target_urls' in request.json:
abort(400, 'Expected target_urls in JSON object')
scan_profile = request.json['scan_profile']
target_urls = request.json['target_urls']
#
# First make sure that there are no other scans running, remember that this
# REST API is an MVP and we can only run one scan at the time (for now)
#
scan_infos = SCANS.values()
if not all([si is None for si in scan_infos]):
abort(400, 'This version of the REST API does not support'
' concurrent scans. Remember to DELETE finished scans'
' before starting a new one.')
#
# Before trying to start a new scan we verify that the scan profile is
# valid and return an informative error if it's not
#
scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
w3af_core = w3afCore()
try:
w3af_core.profiles.use_profile(scan_profile_file_name,
workdir=profile_path)
remove_temp_profile(scan_profile_file_name)
except BaseFrameworkException, bfe:
abort(400, str(bfe))
def start_scan():
"""
Starts a new w3af scan
Receive a JSON containing:
- A list with the target URLs
- The profile (eg. the content of fast_scan.pw3af)
:return: A JSON containing:
- The URL to the newly created scan (eg. /scans/1)
- The newly created scan ID (eg. 1)
"""
if not request.json or not 'scan_profile' in request.json:
abort(400, 'Expected scan_profile in JSON object')
if not request.json or not 'target_urls' in request.json:
abort(400, 'Expected target_urls in JSON object')
scan_profile = request.json['scan_profile']
target_urls = request.json['target_urls']
#
# First make sure that there are no other scans running, remember that this
# REST API is an MVP and we can only run one scan at the time (for now)
#
scan_infos = SCANS.values()
if not all([si is None for si in scan_infos]):
abort(
400, 'This version of the REST API does not support'
' concurrent scans. Remember to DELETE finished scans'
' before starting a new one.')
#
# Before trying to start a new scan we verify that the scan profile is
# valid and return an informative error if it's not
#
scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
w3af_core = w3afCore()
try:
w3af_core.profiles.use_profile(scan_profile_file_name,
workdir=profile_path)
except BaseFrameworkException, bfe:
abort(400, str(bfe))
def start_scan():
"""
Starts a new w3af scan
Receive a JSON containing:
- A list with the target URLs
- The profile (eg. the content of fast_scan.pw3af)
:return: A JSON containing:
- The URL to the newly created scan (eg. /scans/1)
- The newly created scan ID (eg. 1)
"""
#if not request.json or not 'scan_profile' in request.json:
# abort(400, 'Expected scan_profile in JSON object')
if not request.json or not 'target_urls' in request.json:
abort(400, 'Expected target_urls in JSON object')
scan_profile = file('fast_scan.pw3af').read()
target_urls = request.json['target_urls']
if (not len(target_urls)) or len(target_urls) > 1:
abort(400, 'Invalid URL: "%s"' % target_url)
scanResult = None
for target_url in target_urls:
try:
URL(target_url)
scanResult = scanGet(target_url)
except ValueError:
abort(400, 'Invalid URL: "%s"' % target_url)
if scanResult != None:
return jsonify({'message': 'Success',
'id': scanResult.scanId,
'href': '/scans/%s' % scanResult.scanId}), 201
#
# First make sure that there are no other scans running, remember that this
# REST API is an MVP and we can only run one scan at the time (for now)
#
scan_infos = SCANS.values()
"""
if not all([si is None for si in scan_infos]):
abort(400, 'This version of the REST API does not support'
' concurrent scans. Remember to DELETE finished scans'
' before starting a new one.')
"""
#
# Before trying to start a new scan we verify that the scan profile is
# valid and return an informative error if it's not
#
#scan_profile_file_name = 'fast_scan.pw3af'
#profiles_path = '../../../../../profiles/'
scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
w3af_core = w3afCore()
try:
w3af_core.profiles.use_profile(scan_profile_file_name,
workdir=profile_path)
except BaseFrameworkException, bfe:
abort(400, str(bfe))
def start_scan():
"""
Starts a new w3af scan
Receive a JSON containing:
- A list with the target URLs
- The profile (eg. the content of fast_scan.pw3af)
:return: A JSON containing:
- The URL to the newly created scan (eg. /scans/1)
- The newly created scan ID (eg. 1)
"""
if not request.json or 'scan_profile' not in request.json:
abort(400, 'Expected scan_profile in JSON object')
if 'target_urls' not in request.json:
abort(400, 'Expected target_urls in JSON object')
scan_profile = request.json['scan_profile']
target_urls = request.json['target_urls']
#
# First make sure that there are no other scans running, remember that this
# REST API is an MVP and we can only run one scan at the time (for now)
#
scan_infos = SCANS.values()
if not all([si is None for si in scan_infos]):
abort(400, 'This version of the REST API does not support'
' concurrent scans. Remember to DELETE finished scans'
' before starting a new one.')
#
# Before trying to start a new scan we verify that the scan profile is
# valid and return an informative error if it's not
#
# scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
# w3af_core = w3afCore()
#
# try:
# w3af_core.profiles.use_profile(scan_profile_file_name,
# workdir=profile_path)
# except BaseFrameworkException, bfe:
# abort(400, str(bfe))
#
# Now that we know that the profile is valid I verify the scan target info
#
if not len(target_urls):
abort(400, 'No target URLs specified')
for target_url in target_urls:
try:
URL(target_url)
except ValueError:
abort(400, 'Invalid URL: "%s"' % target_url)
# target_options = w3af_core.target.get_options()
# target_option = target_options['target']
# try:
# target_option.set_value([URL(u) for u in target_urls])
# w3af_core.target.set_options(target_options)
# except BaseFrameworkException, bfe:
# abort(400, str(bfe))
#
# Finally, start the scan in a different thread
#
scan_id = get_new_scan_id()
scan_info_setup = Event()
args = (target_urls, scan_profile, scan_info_setup)
t = Process(target=start_scan_helper, name='ScanThread', args=args)
t.daemon = True
t.start()
# Wait until the thread starts
scan_info_setup.wait()
return jsonify({'message': 'Success',
'id': scan_id,
'href': '/scans/%s' % scan_id}), 201
def start_scan():
"""
Starts a new w3af scan
Receive a JSON containing:
- A list with the target URLs
- The profile (eg. the content of fast_scan.pw3af)
:return: A JSON containing:
- The URL to the newly created scan (eg. /scans/1)
- The newly created scan ID (eg. 1)
"""
if not request.json or 'scan_profile' not in request.json:
abort(400, 'Expected scan_profile in JSON object')
if 'target_urls' not in request.json:
abort(400, 'Expected target_urls in JSON object')
scan_profile = request.json['scan_profile']
target_urls = request.json['target_urls']
#
# First make sure that there are no other scans running, remember that this
# REST API is an MVP and we can only run one scan at the time (for now)
#
scan_infos = SCANS.values()
if not all([si is None for si in scan_infos]):
abort(
400, 'This version of the REST API does not support'
' concurrent scans. Remember to DELETE finished scans'
' before starting a new one.')
#
# Before trying to start a new scan we verify that the scan profile is
# valid and return an informative error if it's not
#
# scan_profile_file_name, profile_path = create_temp_profile(scan_profile)
# w3af_core = w3afCore()
#
# try:
# w3af_core.profiles.use_profile(scan_profile_file_name,
# workdir=profile_path)
# except BaseFrameworkException, bfe:
# abort(400, str(bfe))
#
# Now that we know that the profile is valid I verify the scan target info
#
if not len(target_urls):
abort(400, 'No target URLs specified')
for target_url in target_urls:
try:
URL(target_url)
except ValueError:
abort(400, 'Invalid URL: "%s"' % target_url)
# target_options = w3af_core.target.get_options()
# target_option = target_options['target']
# try:
# target_option.set_value([URL(u) for u in target_urls])
# w3af_core.target.set_options(target_options)
# except BaseFrameworkException, bfe:
# abort(400, str(bfe))
#
# Finally, start the scan in a different thread
#
scan_id = get_new_scan_id()
scan_info_setup = Event()
args = (target_urls, scan_profile, scan_info_setup)
t = Process(target=start_scan_helper, name='ScanThread', args=args)
t.daemon = True
t.start()
# Wait until the thread starts
scan_info_setup.wait()
return jsonify({
'message': 'Success',
'id': scan_id,
'href': '/scans/%s' % scan_id
}), 201
