def get_target_vulns_by_status_severity(self, target_id, status, severity):
'''
target_id string target_id
status string 状态;[open !open fixed ignored false_positive]
severity int 危害等级;[3 2 1 0] 高中低无危害
'''
path = "/vulnerabilities?q=status:{};severity:{};target_id:{}".format(
status, severity, target_id)
resp = requests.get(self.api + path, headers=self.headers)
return resp.json()
def download_report(self, report_id):
while True:
time.sleep(3)
path = "/reports/{}".format(report_id)
resp = requests.get(self.api+path, headers=self.headers)
result = resp.json()
if result.get("status") == "completed":
date = time.strftime("%Y%m%d%H%M", time.localtime())
target = result.get("source").get("description")
target = urlparse(target).netloc.replace(
".", "-").split(";")[0]
template_name = result.get("template_name").replace(" ", "-")
filename = "{}_{}_{}.pdf".format(date, target, template_name)
download_url = self.api + \
result.get("download")[1].replace("/api/v1", "")
with open("./reports/"+filename, "wb") as f:
resp = requests.get(download_url, headers=self.headers)
f.write(resp.content)
break
def get_single_vuln(self, vuln_id):
path = "/vulnerabilities/{}".format(vuln_id)
resp = requests.get(self.api + path, headers=self.headers)
result = resp.json()
script = result.get("source") #使用的脚本
vt_name = result.get("vt_name")
vul_level = result.get("severity")
affects_url = result.get("affects_url")
affects_detail = result.get("affects_detail")
request = result.get("request")
return vt_name, vul_level, affects_url, affects_detail, request
def get_single_target_info_api(self, text_search, threat="1,2,3", criticality="10,20,30"):
'''
threat int 威胁等级;高->低:[3,2,1,0]
criticality int 危险程度;高->低:[30,20,10,0]
group_id string 分组id
last_scanned 最后一次扫描时间(默认不传该参数)
text_search string 筛选内容
Demo: /api/v1/targets?q=threat:3;criticality:10,20;text_search:*h4rdy.me
'''
path = "/targets?q=threat:{};criticality:{};text_search:*{}".format(
threat, criticality, text_search
)
resp = requests.get(self.api+path, headers=self.headers)
return resp.json()
def get_all_vuln(self, scan_id, scan_session_id):
path = "/scans/{}/results/{}/vulnerabilities".format(
scan_id, scan_session_id)
resp = requests.get(self.api + path, headers=self.headers)
for vuln in resp.json().get("vulnerabilities"):
vuln_id = vuln.get("vuln_id")
# if vuln_id == "2112176097146701028":
# pprint(vuln)
# self.get_single_vuln(scan_id, scan_session_id, vuln_id)
vul_detail = self.get_single_vuln(scan_id, scan_session_id,
vuln_id)
vt_name, vul_level, affects_url, affects_detail, request = vul_detail
print("*" * 130)
print("Scan ID: {}\nScan Session ID: {}\nVuln ID: {}".format(
scan_id, scan_session_id, vuln_id))
print("漏洞类型: {}".format(vt_name))
print("危害等级: {}".format(vul_level))
print("漏洞入口: {}".format(affects_url))
print("漏洞参数: {}".format(affects_detail))
print("请求包:\n{}".format(request))
def get_all_target_info(self):
resp = requests.get(self.api+"/targets", headers=self.headers)
return resp.json()
def stats(self):
resp = requests.get(self.api + "/me/stats", headers=self.headers)
return resp.json()
def account(self):
resp = requests.get(self.api + "/me", headers=self.headers)
return resp.json()
def info(self):
resp = requests.get(self.api + "/info", headers=self.headers)
return resp.json()
def get_all_report(self):
resp = requests.get(self.api+"/reports", headers=self.headers)
return resp.json()
def get_single_scan_info(self, scan_id):
path = "/scans/{}".format(scan_id)
resp = requests.get(self.api + path, headers=self.headers)
return resp.json()
def get_all_scan_info(self):
resp = requests.get(self.api + "/scans", headers=self.headers)
return resp.json()
