wi.exe-u url [-s file] [-ws file] [-Framework name] [-CrawlCoverage name]
[-ps policyID | -pc path][-ab|an|am|ad|aa|ak {creds}] [-o|c]
[-n name] [-e[abcdefghijklmno] file][-x|xd|xa|xn] [-b filepath] [-v] [-?
]
[-r report_name -y report_type -w report_favorite-f report_export_file -
g[phacxe]
[-t compliance_template_file]] [-dfilepath -m filename]
[-i scanid] [-ir scanid] [-db] [-?]
General---------------------------------------------------------
-? show usage 命令帮助
-u {url} url (orIP Address) URL
-s {settings file} settings file 设置文件
-db use the database defined in thesettings file 使用设置中的定义配置数据库
-ws {designfile} web service design file WEB服务器文件设置
-o audit only(requires policy -p)
-c crawl only
-n {name} scan name (does not apply whenresuming a scan)
-b {filepath} use given SecureBase file
-d {filepath} move db to filepath (usedwith -m)
-m {filename} move db to filename (usedwith -d)
-i {scan id} scan id
-ir {scan id} resume scan with thespecified id
Restrictto root folder -----------------------------------------
-xDirectory Only (self)
-xd Directory and subdirectory(descendants)
-xa Directory and parents (ancestors)
-xn No Restrictions
Framework-------------------------------------------------------
-Framework{framework name} framework description
Oracle optimal scanning of applicationbuilt with
Oracle ADF Faces technology
CrawlCoverage --------------------------------------------------
-CrawlCoverage{coverage name} crawl coverage description
Thorough perform an exhaustive crawl ofyour site
Default focus more on coverage thenperformance
Moderate an overall good balance ofcoverage and speed
Quick focus on breadth and performance
AuditPolicy ----------------------------------------------------
-ps{policy ID} policy for audit
1 Standard
2 Assault
3 SOAP
4 Quick
5 Safe
6 Development
7 Blank
16 QA
17 Application
18 Platform
1001 SQL Injection
1002 Cross-Site Scripting
1003 OWASP Top 10 Application SecurityRisks 2007
1004 All Checks
1005 Passive
1007 SAP
1008 Criticals and Highs
1009 OWASP Top 10 Application SecurityRisks 2010
-pc{policy path} custom policy file path
Authentication--------------------------------------------------
-ab"userid:pwd" basic authentication mode 基本身份验证模式
-an "userid:pwd" NTLMauthentication mode NTLM身份验证模式
-ad "userid:pwd" digestauthentication mode 摘要式身份验证模式
-ak "userid:pwd" kerberosauthentication mode Kerberos身份验证模式
-aa "userid:pwd" automaticauthentication mode 自动身份验证模式
-am {macro path} web macro authenticationmode 网页宏认证模式
Output----------------------------------------------------------
-ea{filepath} export scan in full XML format完整的XML格式的扫描
-eb {filepath} export scan details(Full) in XML 在XML导出扫描的详细信息(全)
-ec {filepath} export scan details(Comments) in XML (评论)
-ed {filepath}export scan details (Hidden Fields) in XML (隐藏字段)
-ee {filepath}export scan details (Script) in XML (脚本)
-ef {filepath} export scan details (SetCookies) in XML (设置Cookies)
-eg {filepath}export scan details (Web Forms) in XML (Web窗体)
-eh {filepath} export scan details(URLs) in XML (网址)
-ei {filepath} export scan details(Requests) in XML (请求)
-ej {filepath}export scan details (Sessions) in XML (Session)
-ek {filepath} export scandetails (Emails) in XML (电子邮箱)
-el {filepath}export scan details (Parameters) in XML (参数)
-em {folderpath} export scan details(Web Dump) in XML (网络转存)
-en {filepath}export scan details (Offsite Links) in XML (异地链接)
-eo {filepath}export scan details (Vulnerabilities) in XML (漏洞)
-vverbose output 详细输出
Reports---------------------------------------------------------
-r{report_name} name of the report to run 以该报告的名称来运行
以下为参数
Aggregate
Alert View
Attack Status
Compliance
Crawled URLS
Developer Reference
Duplicates
Executive Summary
False Positive
QA Summary
Scan Difference
Scan Log
Trend
Vulnerability Summary
Vulnerability (Classic)
-w{favorite_name} name of the report favorite to run
-ag aggregate reports in report favorite
-y{report_type} the type of report, either 'Standard' or 'Custom'报告类型分为标准和自定义
-f {export_file} where to export thereport file - file path and file 报告路径
name
-gpexport report as pdf
-gh export report as zipped up html
-ga export report as raw report file
-gc export report as rich text file
-gx export report as text
-ge export report as excel file
-t{filepath} use given compliance template file
实际列子
F:\WebInspect>wi.exe -uhttp://127.1.1.0:8080/jfgl/logon.jsp -ab "SuperAdmin:1"
-r"Vulnerability (Classic)" -y Standard -eb c:\Temp\Report.xml -fc:\Temp\Repo
rt.pdf –gp -v
F:\WebInspect>wi.exe 启动WebInspect cmd扫描程序
-uhttp://127.1.1.0:8080/jfgl/logon.jsp -ab url路径
-ab "SuperAdmin:1" 登陆页面用户名密码
-r "Vulnerability (Classic)" 报告运行名称
-y Standard 报告类型为标准
-eb c:\Temp\Report.xml 在XML导出扫描的详细信息(全)
-f c:\Temp\Report.pdf -gh 生成pdf文档
-v
Java调用
publicstaticvoid main(String[] args) {
try {
Runtime run = Runtime.getRuntime();
String[] cmd = new String[3];
cmd[0] = "cmd";
cmd[1] = "/C";
StringBuffer sb = new StringBuffer();
sb.append("f:/WebInspect/wi.exe");
sb.append("-u ");
//url由用户传入
sb.append("http://127.1.1.0:8080/jfgl/logon.jsp");
sb.append("-ab ");
//用户名密码由用户传入
sb.append("'SuperAdmin:1'");
sb.append(" -r'Vulnerability (Classic)' ");
sb.append("-y Standard");
sb.append("-ebc:/Temp/Report.xml ");
sb.append("-f c:/Temp/Report.pdf-gp ");
sb.append("-v");
cmd[2] = sb.toString();
System.out.println("开始扫描...");
Process p = run.exec(cmd);
InputStream in = p.getInputStream();
while (in.read() != -1) {
System.out.println("扫描中...");
}
in.close();
p.destroy();
} catch (IOException e) {
System.out.println("扫描失败...");
e.printStackTrace();
}
System.out.println("扫描成功...");
}
5681
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
