你可以在以下渠道联系到我,转载请注明文章来源地址~
- 知乎:Sp4rkW
- GITHUB:Sp4rkW
- B站:一只技术君
- 博客:https://sp4rkw.blog.csdn.net/
- 联系邮箱:[email protected]
前言
最近在改reaper的awvs互动功能,因为自己的服务器垃圾,一次最多扫四个站,否则就卡死了。所以需要对现有的批量脚本进行修改处理。逻辑比较简单:
- 拿到web资产,django异步启扫描任务
- 从list中取出前四个,丢入awvs,选择slow模式慢慢扫
- 一分钟判断一次目前正在扫描的任务数量,不满4个自动新增补全到4个任务
- 知道列表为空
django部分代码略去,awvs的部分代码我提取出来了,供大家使用
核心接口
仪表盘接口
/api/v1/me/stats
| 参数 |
说明 |
| most_vulnerable_targets |
最脆弱的目标 |
| scans_conducted_count |
总进行扫描个数 |
| scans_running_count |
正在扫描的个数 |
| scans_waiting_count |
等待扫描的个数 |
| targets_count |
总进行扫描个数 |
| top_vulnerabilities |
排名靠前漏洞分布 |
| vuln_count_by_criticality |
通过危险程度进行漏洞等级个数分布 |
| vuln_count |
漏洞数据 |
| vuln_count_by_criticality |
通过危险程度进行漏洞等级个数分布 |
| top_vulnerabilities |
排名靠前漏洞分布 |
| vulnerabilities_open_count |
共发现漏洞总数 |
api_running_url = 'https://x/api/v1/me/stats'
headers = {
'X-Auth': 'x',
'Content-type': 'application/json'
}
r = requests.get(url=api_running_url, headers=headers, verify=False).json()
print(r['scans_running_count'])
{
'most_vulnerable_targets': [], 'scans_conducted_count': 0, 'scans_running_count': 0, 'scans_waiting_count': 0, 'targets_count': 0, 'top_vulnerabilities': [], 'vuln_count': {
'high': None, 'low': None, 'med': None}, 'vuln_count_by_criticality': {
'critical': None, 'high': None, 'low': None, 'normal': None}, 'vulnerabilities_open_count': 0}
新增任务接口
Method:POST
URL: /api/v1/targets
| 发送参数 |
类型 |
说明 |
| address |
string |
目标网址:需http或https开头 |
| criticality |
Int |
危险程度;范围:[30,20,10,0];默认为10 |
| description |
string |
备注 |
api_add_url = "https://x/api/v1/targets"
headers = {
'X-Auth': 'x',
'Content-type': 'application/json'
}
data = '{"address":"http://vulnweb.com/","description":"create_by_reaper","criticality":"10"}'
r = requests.post(url=api_add_url, headers=headers, data=data,verify=False).json()
print(r)
| 返回参数 |
说明 |
| address |
目标网址 |
| criticality |
危险程度 |
| description |
备注 |
| type |
类型 |
| domain |
域名 |
| target_id |
目标id |
| target_type |
目标类型 |
| canonical_address |
根域名 |
| canonical_address_hash |
根域名hash |
# 返回包如下
{'address': 'http://vulnweb.com/', 'criticality': 10, 'description': 'create_by_reaper', 'type': 'default', 'domain': 'vulnweb.com', 'target_id': '13564b22-7fd8-46d5-b10f-3c87a6cc6afa', 'target_type': None, 'canonical_address': 'vulnweb.com', 'canonical_address_hash': '823a9c89d4aea02ab8a4f5d31fd603c7'}
设置扫描速度
Method:PATCH
URL: /api/v1/targets/{target_id}/configuration
| 参数 |
类型 |
说明 |
| scan_speed |
string |
由慢到快:sequential slow moderate fast |
api_speed_url = "https://x/api/v1/targets/{}/configuration".format(target_id)
data = json.dumps({
"scan_speed":"sequential"})
r = requests.patch(url=api_speed_url, headers=headers, data=data, verify=False)
print(r)
<Response [204]>
启动扫描任务
Method:POST
URL: /api/v1/scans
| 参数 |
类型 |
说明 |
| profile_id |
string |
扫描类型 |
| ui_session_i |
string |
可不传 |
| schedule |
json |
扫描时间设置(默认即时) |
| report_template_id |
string |
扫描报告类型(可不传) |
| target_id |
string |
目标id |
| 扫描类型 |
值 |
国光翻译的理解 |
| Full Scan |
11111111-1111-1111-1111-111111111111 |
完全扫描 |
| High Risk Vulnerabilities |
11111111-1111-1111-1111-111111111112 |
高风险漏洞 |
| Cross-site Scripting Vulnerabilities |
11111111-1111-1111-1111-111111111116 |
XSS漏洞 |
| SQL Injection Vulnerabilities |
11111111-1111-1111-1111-111111111113 |
SQL注入漏洞 |
| Weak Passwords |
11111111-1111-1111-1111-111111111115 |
弱口令检测 |
| Crawl Only |
11111111-1111-1111-1111-111111111117 |
Crawl Only |
| Malware Scan |
11111111-1111-1111-1111-111111111120 |
恶意软件扫描 |
data = '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"target_id":"%s"}'% target_id
r = requests.post(url=api_run_url, headers=headers, data=data, verify=False).json()
print(r)
{
'profile_id': '11111111-1111-1111-1111-111111111111', 'schedule': {
'disable': False, 'start_date': None, 'time_sensitive': False, 'triggerable': False}, 'target_id': '13564b22-7fd8-46d5-b10f-3c87a6cc6afa', 'incremental': False, 'max_scan_time': 0, 'ui_session_id': None}
丝滑脚本
import requests
import json
import time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
awvs_token = 'xxx'
website = ""
def awvs_reaper(domainlist):
headers = {
'X-Auth': awvs_token,
'Content-type': 'application/json;charset=utf8'
}
api_running_url = website+'/api/v1/me/stats'
api_add_url = website+"/api/v1/targets"
api_run_url = website+"/api/v1/scans"
target_list = []
for target in domainlist:
data = '{"address":"%s","description":"create_by_reaper","criticality":"10"}'% target
r = requests.post(url=api_add_url, headers=headers, data=data, verify=False).json()
target_id = r['target_id']
api_speed_url = website+"/api/v1/targets/{}/configuration".format(target_id)
data = json.dumps({
"scan_speed":"fast"})
r = requests.patch(url=api_speed_url, headers=headers, data=data, verify=False)
target_list.append(target_id)
target_num = len(target_list)
if target_num <= 4:
for target_id in target_list:
data = '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"target_id":"%s"}'% target_id
r = requests.post(url=api_run_url, headers=headers, data=data, verify=False).json()
else:
r = requests.get(url=api_running_url, headers=headers, verify=False).json()
runnum = int(r['scans_running_count'])
flag = 0
while flag < target_num:
if runnum < 4:
target_id = target_list[flag]
flag = flag + 1
data = '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"target_id":"%s"}'% target_id
r = requests.post(url=api_run_url, headers=headers, data=data, verify=False).json()
r = requests.get(url=api_running_url, headers=headers, verify=False).json()
runnum = int(r['scans_running_count'])
else:
pass
time.sleep(60)
return target_num
if __name__ == "__main__":
domainlist = ['http://10086.1.com', 'http://10087.1.com', 'http://10088.1.com']
awvs_reaper(domainlist)