这个是我很久之前写的代码了,只是一小块的调用脚本demo
我简单修改了下代码 增加了10s的等待时间用于生成报告
最好的方式是去下面我提供的资料找到一个获取报告状态的接口来进行判断,而且代码是python2的 要注意
如果有问题可以看简单打印下下面的状态,参数等调试,再根据自己的awvs看下。
还有我下面提供的资料有很多,这个脚本的难度主要在
1.不知道接口,可以通过下面的资料或者自己看awvs请求找到
2.不熟悉流程,简单用下,脚本只是自动化
流程:
创建任务->启动任务扫描->获取扫描状态完成->生成报告->下载报告
# -*- coding: utf-8 -*-
import requests
import json
import time
import sys
reload(sys)
sys.setdefaultencoding('utf8')
requests.packages.urllib3.disable_warnings()
tarurl = "https://127.0.0.1:3443/"
apikey="1986ad8c0a5b3df4d7028d5f3c06e936c82b87e6efe0740df81a3f1f82a1e5e82"
headers = {"X-Auth":apikey,"content-type": "application/json"}
def addtask(url=''):
#添加任务,返回任务id
data = {"address":url,"description":url,"criticality":"10"}
try:
response = requests.post(tarurl+"/api/v1/targets",data=json.dumps(data),headers=headers,timeout=30,verify=False)
result = json.loads(response.content)
print('add_tesk.....')
print(result)
print('target_id: '+result['target_id'])
return result['target_id']
except Exception as e:
print(str(e))
return
def startscan(task_id):
#创建扫描,返回扫描id
data = {"target_id":task_id,"profile_id":"11111111-1111-1111-1111-111111111111","schedule": {"disable": False,"start_date":None,"time_sensitive": False}}
try:
response = requests.post(tarurl+"/api/v1/scans",data=json.dumps(data),headers=headers,timeout=30,verify=False)
result = response.headers
print('start_scan....')
print(result)
scan_id = result['Location'].split('/')[4]
return scan_id
except Exception as e:
print(str(e))
return
#
def get_scan_session(scan_id):
#获取scan_session_id
try:
response = requests.get(tarurl+"/api/v1/scans/"+scan_id,headers=headers,timeout=30,verify=False)
result = json.loads(response.content)
print('get_scan_sessoion...')
print(result)
scan_session_id = result['current_session']['scan_session_id']
print('scan_session_id: '+scan_session_id)
return scan_session_id
except Exception as e:
print(str(e))
return
def get_scan_gk(scan_id,scan_session_id):
#有扫描状态等很多信息
#获取扫描概况
try:
response = requests.get(tarurl+"/api/v1/scans/"+scan_id+'/results/'+scan_session_id+'/statistics',headers=headers,timeout=30,verify=False)
result = json.loads(response.content)
print('get_scan_gk...')
print(result)
print('获取扫描概况包括状态: .............')
print('status: '+result['status'])
return result
#next_run
except Exception as e:
print(str(e))
return
def get_report_url(scan_id):
# 生成scan_id的扫描报告
data = {"template_id":"11111111-1111-1111-1111-111111111112","source":{"list_type":"scans","id_list":[scan_id]}}
try:
response = requests.post(tarurl+"/api/v1/reports",data=json.dumps(data),headers=headers,timeout=30,verify=False)
result = response.headers
print(result)
report = result['Location'].replace('/api/v1/reports/','/reports/download/')
print(report)
return tarurl.rstrip('/')+report+'.html'
except Exception as e:
print(str(e))
return
def down_report(url):
r = requests.get(url, verify=False)
with open("report.html", "wb") as code:
code.write(r.content)
def scan(url):
#创建任务,获取任务id
target_id = addtask(url)
#启动扫描,获取扫描id
scan_id = startscan(target_id)
time.sleep(2)
#获取扫描会话id
scan_session_id = get_scan_session(scan_id)
#获取扫描状态:
gk = get_scan_gk(scan_id,scan_session_id)
while gk['status'] !='completed':
time.sleep(10)
gk = get_scan_gk(scan_id,scan_session_id)
print('没有完成扫描: status: '+gk['status'])
print('完成扫描........')
print('获取报告')
report_url = get_report_url(scan_id)
print('报告地址: '+report_url)
time.sleep(10)
# 这里我只简单的等待了10s 可以参考下面的一些资料
# 我记得是有个获取报告状态的接口 通过这个接口去判断更好
down_report(report_url)
print('报告保存完成....')
if __name__ == '__main__':
scan('http://xxxx')
其中有扫描类型id, profile_id 就是1111-1111那个
详细的扫描类型和对应的id:
https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Scans/main.md
其中报告模板类型id,template_id 也是 11111-111的
详细的类型和对应id:
https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Reports/main.md
参考:
curl
https://blog.csdn.net/qq_31497435/article/details/64441474
批量
https://im1gd.me/2017/05/25/AWVS/
很完整还有代码解释
http://0cx.cc/about_awvs11_api.jspx
批量
https://www.52pojie.cn/thread-610851-1-1.html
非官方API 很详细
https://github.com/h4rdy/Acunetix11-API-Documentation
csdnn上别人总结的文档很好很详细。
https://download.csdn.net/download/lonely09baby/9977912?web=web