前言
本期视频B站讲解:python调awvs api 新建扫描并导出扫描报告【批量扫描】(二)
前文请见:python调AWVS接口 新建扫描并导出扫描报告
前文B站讲解:python调awvs api 新建扫描并导出扫描报告
本期新加特性:在原有自动化扫描基础上,实现批量扫描
一、代码
# -*- coding:utf-8 -*-
"""
作者:wyt
日期:2022年04月03日
"""
import json
import time
from datetime import datetime
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
tarurl = "https://localhost:3443"
apikey = "1986ad8c0a5b3df4d7028d5f3c06e936c1fc7e549ff144a089c34a12b23d572fa"
headers = {"X-Auth": apikey, "Content-type": "application/json;charset=utf8"}
# 查看所有目标结果
def targets():
api_url = tarurl + '/api/v1/targets'
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json())
# 添加targets目标,获取target_id
def post_targets(url):
api_url = tarurl + '/api/v1/targets'
target_id_list = []
for i in url:
data = {
"address": i,
"description": "wyt_target",
"criticality": "10"
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
target_id = r.json().get("target_id")
target_id_list.append(target_id)
print('target_id_list:', target_id_list)
return target_id_list
# 添加scans
def scans(url):
api_url = tarurl + '/api/v1/scans'
for i in url:
data = {
"target_id": i,
"profile_id": "11111111-1111-1111-1111-111111111112",
"schedule":
{"disable": False,
"start_date": None,
"time_sensitive": False
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
# target_id = r.json().get("target_id")
# print(r.json)
# 获取scan_id,通过start_date可知,最新生成的为第一个
def scan_id(number):
api_url = tarurl + '/api/v1/scans'
scan_id_list = []
r = requests.get(url=api_url, headers=headers, verify=False)
for i in range(0, number):
scan_id = r.json().get("scans")[i].get("scan_id")
scan_id_list.append(scan_id)
print('scan_id_list:', scan_id_list)
return scan_id_list
# 添加generate,并获取generate_id
def generate(url):
api_url = tarurl + '/api/v1/reports'
for i in url:
data = {
"template_id": "11111111-1111-1111-1111-111111111115",
"source": {
"list_type": "scans",
"id_list": [i]
}
}
data_json = json.dumps(data)
r = requests.post(url=api_url, headers=headers, data=data_json, verify=False)
# print(r.json)
# 生成扫描报告,每次新生成的都在第一个
def html(number):
api_url = tarurl + '/api/v1/reports'
# print(api_url)
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json().get("reports"))
for i in range(0, number):
html = r.json().get("reports")[i].get("download")[0]
url_html = tarurl + html
print('报告' + str(i) + '地址:', url_html)
r_html = requests.get(url=url_html, headers=headers, verify=False)
time_now = datetime.now().strftime('%Y-%m-%d %H%M%S')
with open("report-" + time_now + ".html", "wb") as code:
code.write(r_html.content)
code.close()
def pdf(number):
api_url = tarurl + '/api/v1/reports'
# print(api_url)
r = requests.get(url=api_url, headers=headers, verify=False)
for i in range(0, number):
pdf = r.json().get("reports")[i].get("download")[1]
url_pdf = tarurl + pdf
print('报告' + str(i) + '地址:', url_pdf)
r_html = requests.get(url=url_pdf, headers=headers, verify=False)
time_now = datetime.now().strftime('%Y-%m-%d %H%M%S')
with open("report-" + time_now + ".pdf", "wb") as code:
code.write(r_html.content)
code.close()
def number(url):
url_list = url.split(',')
number = 0
for i in url_list:
number += 1
return url_list,number
if __name__ == '__main__':
# targets()
urls = input("请输入您要扫描的url,批量扫描以','分隔: ") # 输入示例:http://1.1.1.1/,http://2.2.2.2/,http://8.8.8.8/
url_list, number = number(urls)
print(url_list, number)
# 添加到targets队列
target_id_list = post_targets(url_list)
time.sleep(5)
# 添加到scans队列
scans(target_id_list)
time.sleep(5)
# 获取scan_id,并生成generate
scan_id_list = scan_id(number)
generate(scan_id_list)
time.sleep(10)
# 生成扫描报告
pdf(number)
# html(number)
二、返回结果
三、批量扫描设计思想
1.新加一个函数进行预处理,其中返回两个值:①.生成url列表,②记录列表中元素数量;若输入为url.txt这里可以进行深一步处理;
2.url组经for循环被添加到扫描队列;
3.队列中输出的 target_id组 与 scan_id组 皆以列表形式被return;
4.批量生成扫描报告函数中传入的参数为本次扫描使用的url数,若为5个url,则列表中前 0-4 号为此组所需值;
5.一切均在函数原有基础上增加。
总结
没想到这个系列还能出第二期,在得到B站一个朋友的提醒,于是写了批量扫描这个功能,那么继续加油吧!这里跳转第一期
2022年4月10日于家中