def main(): atexit.register(kill_child) my_env = os.environ cmd = my_env[ "CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api" profile = my_env[ "CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af" # Parser argument in command line parser = argparse.ArgumentParser( description='w3af_client is develop for automating security testing') parser.add_argument('-t', '--target', help='Network or Host for scan', required=False) parser.add_argument('-o', '--output', help='Output file', required=False) args = parser.parse_args() if args.target is None or args.output is None: print "Argument errors check -h" exit(0) print 'Starting w3af api ...' global child_pid proc = subprocess.Popen([cmd]) child_pid = proc.pid print 'Waiting for W3af to load, 5 seconds ...' time.sleep(5) # Connect to the REST API and get it's version conn = Connection('http://127.0.0.1:5000/') print conn.get_version() # Define the target and configuration # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read() scan_profile = file(profile).read() scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile) # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read() target_urls = [args.target] scan = Scan(conn) s = scan.start(scan_profile, target_urls) time.sleep(2) # Wait some time for the scan to start and then scan.get_urls() scan.get_log() scan.get_findings() while (scan.get_status()['status'] == "Running"): print 'Scan progress: %s' + str(scan.get_status()['rpm']) time.sleep(2)
def main(): atexit.register(kill_child) my_env = os.environ cmd = my_env["CS_W3AF"] if "CS_W3AF" in my_env else "/root/tools/w3af/w3af_api" profile = my_env["CS_W3AF_PROFILE"] if "CS_W3AF_PROFILE" in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af" # Parser argument in command line parser = argparse.ArgumentParser(description="w3af_client is develop for automating security testing") parser.add_argument("-t", "--target", help="Network or Host for scan", required=False) parser.add_argument("-o", "--output", help="Output file", required=False) args = parser.parse_args() if args.target == None or args.output == None: print "Argument errors check -h" exit(0) print "Starting w3af api ..." global child_pid proc = subprocess.Popen([cmd]) child_pid = proc.pid print "Waiting for W3af to load, 5 seconds ..." time.sleep(5) # Connect to the REST API and get it's version conn = Connection("http://127.0.0.1:5000/") print conn.get_version() # Define the target and configuration # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read() scan_profile = file(profile).read() scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile) # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read() target_urls = [args.target] scan = Scan(conn) s = scan.start(scan_profile, target_urls) time.sleep(2) # Wait some time for the scan to start and then scan.get_urls() scan.get_log() scan.get_findings() while scan.get_status()["status"] == "Running": print "Scan progress: %s" + str(scan.get_status()["rpm"]) time.sleep(2)
def initConnection(self, scannerUrl): printLog("Initialize connection with scanner at ", scannerUrl) while True: try: printLog("Trying initialization for scanner:", scannerUrl) conn = Connection(scannerUrl) ver = conn.get_version() if (ver is not None): printLog("Version: ", conn.get_version()) printLog("Scanner initialized: ", scannerUrl) break else: pass except Exception, e: pass else: pass finally:
from w3af_api_client import Connection, Scan connection = Connection('http://127.0.0.1:5000/') print connection.get_version() profile = file('w3af/profiles/OWASP_TOP10.pw3af').read() target = ['http://localhost'] scan = Scan(connection) scan.start(profile, target) scan.get_urls() scan.get_log() scan.get_findings() scan.get_fuzzable_requests()
from w3af_api_client import Connection conn = Connection('http://10.108.114.195:5000/') print(conn.get_version())
#!/usr/bin/python from w3af_api_client import Connection, Scan # Connect to the REST API and get it's version conn = Connection('http://127.0.0.1:5000/') print conn.get_version() #scan = Scan(conn) #scan.start(scan_profile, target_urls) scans = conn.get_scans() for scan in scans: # print scan.get_urls() for vuln in scan.get_findings(): for key in vuln.resource_data: print key, ": ", vuln.resource_data[key] try: traffic = vuln.get_traffic() for raw_data in (traffic): print "Request: ", raw_data.request, "\n" print "Response: ", raw_data.response, "\n" except: print "No data, check manually the provided link" # break