def list_scans(): """ :return: A JSON containing a list of: - Scan resource URL (eg. /scans/1) - Scan target - Scan status """ data = [] for scan_id, scan_info in SCANS.iteritems(): if scan_info is None: continue target_urls = scan_info.target_urls status = scan_info.w3af_core.status.get_simplified_status() errors = True if scan_info.exception is not None else False data.append({'id': scan_id, 'href': '/scans/%s' % scan_id, 'target_urls': target_urls, 'status': status, 'errors': errors}) return jsonify({'items': data})
def tearDown(self): """ Since the API does not support concurrent scans we need to cleanup everything before starting a new scan/test. """ for scan_id, scan_info in SCANS.iteritems(): if scan_info is not None: scan_info.w3af_core.stop() scan_info.w3af_core.cleanup() SCANS[scan_id] = None
def list_kb(scan_id): """ List vulnerabilities stored in the KB (for a specific scan) Filters: * /scans/0/kb/?name= returns only vulnerabilities which contain the specified string in the vulnerability name. (contains) * /scans/0/kb/?url= returns only vulnerabilities for a specific URL (startswith) If more than one filter is specified they are combined using AND. :return: A JSON containing a list of: - KB resource URL (eg. /scans/0/kb/3) - The KB id (eg. 3) - The vulnerability name - The vulnerability URL - Location A - Location B """ scanData = scanGetWithScanId(scan_id) if scanData != None and scanData.scanResult != None: return jsonify({'items': scanData.scanResult}) scan_info = get_scan_info_from_id(scan_id) if scan_info is None: abort(404, 'Scan not found') data = [] print 'hostname', urlparse(scanGetUrl(scan_id)).hostname hostname = urlparse(scanGetUrl(scan_id)).hostname for finding_id, finding in enumerate(kb.kb.get_all_findings()): if finding.get_url() == None: continue; if matches_filter(finding, request) and urlparse(finding.get_url().url_string).hostname==hostname: data.append(finding_to_json(finding, scan_id, finding_id)) for id, scan_info in SCANS.iteritems(): if scan_info is None: continue target_urls = scan_info.target_urls status = scan_info.w3af_core.status.get_simplified_status() errors = True if scan_info.exception is not None else False if (errors == False and scan_id == id and status == 'Stopped'): scanData.scanResult = data return jsonify({'items': data})