def main(): atexit.register(kill_child) my_env = os.environ cmd = my_env[ "CS_W3AF"] if 'CS_W3AF' in my_env else "/root/tools/w3af/w3af_api" profile = my_env[ "CS_W3AF_PROFILE"] if 'CS_W3AF_PROFILE' in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af" # Parser argument in command line parser = argparse.ArgumentParser( description='w3af_client is develop for automating security testing') parser.add_argument('-t', '--target', help='Network or Host for scan', required=False) parser.add_argument('-o', '--output', help='Output file', required=False) args = parser.parse_args() if args.target is None or args.output is None: print "Argument errors check -h" exit(0) print 'Starting w3af api ...' global child_pid proc = subprocess.Popen([cmd]) child_pid = proc.pid print 'Waiting for W3af to load, 5 seconds ...' time.sleep(5) # Connect to the REST API and get it's version conn = Connection('http://127.0.0.1:5000/') print conn.get_version() # Define the target and configuration # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read() scan_profile = file(profile).read() scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile) # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read() target_urls = [args.target] scan = Scan(conn) s = scan.start(scan_profile, target_urls) time.sleep(2) # Wait some time for the scan to start and then scan.get_urls() scan.get_log() scan.get_findings() while (scan.get_status()['status'] == "Running"): print 'Scan progress: %s' + str(scan.get_status()['rpm']) time.sleep(2)
def main(): atexit.register(kill_child) my_env = os.environ cmd = my_env["CS_W3AF"] if "CS_W3AF" in my_env else "/root/tools/w3af/w3af_api" profile = my_env["CS_W3AF_PROFILE"] if "CS_W3AF_PROFILE" in my_env else "/root/tools/w3af/profiles/fast_scan.pw3af" # Parser argument in command line parser = argparse.ArgumentParser(description="w3af_client is develop for automating security testing") parser.add_argument("-t", "--target", help="Network or Host for scan", required=False) parser.add_argument("-o", "--output", help="Output file", required=False) args = parser.parse_args() if args.target == None or args.output == None: print "Argument errors check -h" exit(0) print "Starting w3af api ..." global child_pid proc = subprocess.Popen([cmd]) child_pid = proc.pid print "Waiting for W3af to load, 5 seconds ..." time.sleep(5) # Connect to the REST API and get it's version conn = Connection("http://127.0.0.1:5000/") print conn.get_version() # Define the target and configuration # scan_profile = file('/root/tools/w3af/profiles/fast_scan_xml.pw3af').read() scan_profile = file(profile).read() scan_profile = "[output.xml_file]\noutput_file = %s\n%s\n" % (args.output, scan_profile) # scan_profile = file('/root/tools/w3af/profiles/fast_scan.pw3af').read() target_urls = [args.target] scan = Scan(conn) s = scan.start(scan_profile, target_urls) time.sleep(2) # Wait some time for the scan to start and then scan.get_urls() scan.get_log() scan.get_findings() while scan.get_status()["status"] == "Running": print "Scan progress: %s" + str(scan.get_status()["rpm"]) time.sleep(2)
def test_url_list(self): httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/urls/'), body=URL_LIST_RESPONSE, content_type='application/json') conn = Connection(self.api_url) scan = Scan(conn, scan_id=0) urls = scan.get_urls() self.assertEqual(urls, EXPECTED_URLS)
from w3af_api_client import Connection, Scan connection = Connection('http://127.0.0.1:5000/') print connection.get_version() profile = file('w3af/profiles/OWASP_TOP10.pw3af').read() target = ['http://localhost'] scan = Scan(connection) scan.start(profile, target) scan.get_urls() scan.get_log() scan.get_findings() scan.get_fuzzable_requests()