流程:
創建任務->啓動任務掃描->獲取掃描狀態完成->生成報告->下載報告
# -*- coding: utf-8 -*-
import requests
import json
import time
import sys
reload(sys)
sys.setdefaultencoding('utf8')
requests.packages.urllib3.disable_warnings()
tarurl = "https://127.0.0.1:3443/"
apikey="1986ad8c0a5b3df4d7028d5f3c06e936c82b87e6efe0740df81a3f1f82a1e5e82"
headers = {"X-Auth":apikey,"content-type": "application/json"}
def addtask(url=''):
#添加任務,返回任務id
data = {"address":url,"description":url,"criticality":"10"}
try:
response = requests.post(tarurl+"/api/v1/targets",data=json.dumps(data),headers=headers,timeout=30,verify=False)
result = json.loads(response.content)
print('add_tesk.....')
print(result)
print('target_id: '+result['target_id'])
return result['target_id']
except Exception as e:
print(str(e))
return
def startscan(task_id):
#創建掃描,返回掃描id
data = {"target_id":task_id,"profile_id":"11111111-1111-1111-1111-111111111111","schedule": {"disable": False,"start_date":None,"time_sensitive": False}}
try:
response = requests.post(tarurl+"/api/v1/scans",data=json.dumps(data),headers=headers,timeout=30,verify=False)
result = response.headers
print('start_scan....')
print(result)
scan_id = result['Location'].split('/')[4]
return scan_id
except Exception as e:
print(str(e))
return
#
def get_scan_session(scan_id):
#獲取scan_session_id
try:
response = requests.get(tarurl+"/api/v1/scans/"+scan_id,headers=headers,timeout=30,verify=False)
result = json.loads(response.content)
print('get_scan_sessoion...')
print(result)
scan_session_id = result['current_session']['scan_session_id']
print('scan_session_id: '+scan_session_id)
return scan_session_id
except Exception as e:
print(str(e))
return
def get_scan_gk(scan_id,scan_session_id):
#有掃描狀態等很多信息
#獲取掃描概況
try:
response = requests.get(tarurl+"/api/v1/scans/"+scan_id+'/results/'+scan_session_id+'/statistics',headers=headers,timeout=30,verify=False)
result = json.loads(response.content)
print('get_scan_gk...')
print(result)
print('獲取掃描概況包括狀態: .............')
print('status: '+result['status'])
return result
#next_run
except Exception as e:
print(str(e))
return
def get_report_url(scan_id):
# 生成scan_id的掃描報告
data = {"template_id":"11111111-1111-1111-1111-111111111112","source":{"list_type":"scans","id_list":[scan_id]}}
try:
response = requests.post(tarurl+"/api/v1/reports",data=json.dumps(data),headers=headers,timeout=30,verify=False)
result = response.headers
print(result)
report = result['Location'].replace('/api/v1/reports/','/reports/download/')
print(report)
return tarurl.rstrip('/')+report+'.html'
except Exception as e:
print(str(e))
return
def down_report(url):
r = requests.get(url, verify=False)
with open("report.html", "wb") as code:
code.write(r.content)
def scan(url):
#創建任務,獲取任務id
target_id = addtask(url)
#啓動掃描,獲取掃描id
scan_id = startscan(target_id)
time.sleep(2)
#獲取掃描會話id
scan_session_id = get_scan_session(scan_id)
#獲取掃描狀態:
gk = get_scan_gk(scan_id,scan_session_id)
while gk['status'] !='completed':
time.sleep(10)
gk = get_scan_gk(scan_id,scan_session_id)
print('沒有完成掃描: status: '+gk['status'])
print('完成掃描........')
print('獲取報告')
report_url = get_report_url(scan_id)
print('報告地址: '+report_url)
down_report(report_url)
print('報告保存完成....')
if __name__ == '__main__':
scan('http://xxxx')
其中有掃描類型id, profile_id 就是1111-1111那個
詳細的掃描類型和對應的id:
https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Scans/main.md
其中報告模板類型id,template_id 也是 11111-111的
詳細的類型和對應id:
https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Reports/main.md
參考:
curl
https://blog.csdn.net/qq_31497435/article/details/64441474
批量
https://im1gd.me/2017/05/25/AWVS/
很完整還有代碼解釋
http://0cx.cc/about_awvs11_api.jspx
批量
https://www.52pojie.cn/thread-610851-1-1.html
非官方API 很詳細
https://github.com/h4rdy/Acunetix11-API-Documentation
csdnn上別人總結的文檔很好很詳細。
https://download.csdn.net/download/lonely09baby/9977912?web=web