方法一:
通過抓包分析,
第一步
需要先登陸成功,需要參數:用戶名,密碼(哈希256), “remember_me”: True,
“logout_previous”: True。成功後獲取2個其它接口的需要參數 headers[“X-Auth”] 和
headers[‘Cookie’](通過抓包分析)
第二步
找準你所需要的地址,添加任務,停止任務,下載任務,刪除任務等等。。
帶入第一步的參數數據。具體詳情可看代碼。
headers值爲本人通過抓包獲得的參數,並不是所有的參數都需要。看起來比較多,能寫的勁量都寫上
# -*- coding: utf-8 -*-
import requests
import json
import time
import re
requests.packages.urllib3.disable_warnings()
username = "[email protected]"#登陸awvs用戶名
password = "xxxxxx"#登陸awvs密碼
tarurl = "https://172.31.132.85:3443" #awvs服務器地址
headers = {"Content-Type": "application/json;charset=UTF-8",
"Referer": "https://172.31.132.85:3443/",
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36",
"Accept": "application/json,text/plain,*/*",
"Accept-Encoding": "gzip, deflate, br",
"Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8",
"Host": "172.31.132.85:3443",
"Connection": "keep-alive",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-origin",
"Origin": "https://172.31.132.85:3443",
}
def login_create():
# 調用登陸接口
url = "https://172.31.132.85:3443/api/v1/me/login"
data = {
'email': 'xxxxxx',
# 'password': 'xxxxxx',
'password': 'af5c427877efc0e16bbede1ef99f96bbbc7112b60076ce6d2f2ea873d707e027',#將自己的密碼換爲哈希256,如果爲通用性,可以寫一個方法將密碼轉換爲256
"remember_me": True,
"logout_previous": True
}
# 發送請求
respon = requests.post(url=url, data=json.dumps(data), headers=headers, verify=False)
print(respon.status_code)
if respon.status_code == 204:
# 返回值是一個json字符串,用json.loads解析成字典取值
x_auth = respon.headers['X-Auth']
print(x_auth)
return x_auth
def stop(scan_id):
# 停止掃描任務
try:
r = requests.post(tarurl + '/api/v1/scans/' + scan_id + '/abort',
timeout=10, verify=False, headers=headers)
if r.status_code == 204:
print(self.G + '[-] OK, 掃描已經停止...' + self.W)
except Exception as e:
pass
def addtask(url=''):
# 添加任務,返回任務id
data = {"address": url, "description": 'awvs接口測試數據', "criticality": "10"}
try:
response = requests.post(tarurl + "/api/v1/targets", data=json.dumps(data),
headers=headers, timeout=30, verify=False)
result = json.loads(response.text)
print('add_tesk.....')
print(result)
print('target_id: ' + result['target_id'])
return result['target_id']
except Exception as e:
print(str(e))
return
def startscan(task_id):
# 創建掃描,返回掃描id
data = {"target_id": task_id, "profile_id": "11111111-1111-1111-1111-111111111111",
"schedule": {"disable": False, "start_date": None, "time_sensitive": False}}
try:
# response = requests.get(tarurl + "/api/v1/scans", data=json.dumps(data), headers=headers, timeout=30,
# verify=False)
# time.sleep(5)
response = requests.post(tarurl + "/api/v1/scans", data=json.dumps(data),
headers=headers, timeout=30, verify=False)
print("響應碼爲:", response.status_code)
result = response.headers
print('start_scan....')
print(result)
scan_id = result['Location'].split('/')[4]
return scan_id
except Exception as e:
print(str(e))
return
#
def get_scan_session(scan_id):
# 獲取scan_session_id
try:
response = requests.get(tarurl + "/api/v1/scans/" + scan_id, headers=headers, timeout=30, verify=False)
result = json.loads(response.text)
print('get_scan_sessoion...')
print(result)
scan_session_id = result['current_session']['scan_session_id']
print('scan_session_id: ' + scan_session_id)
return scan_session_id
except Exception as e:
print(str(e))
return
def get_scan_gk(scan_id, scan_session_id):
# 有掃描狀態等很多信息
# 獲取掃描概況
try:
response = requests.get(tarurl + "/api/v1/scans/" + scan_id + '/results/' +
scan_session_id + '/statistics', headers=headers, timeout=30, verify=False)
result = json.loads(response.text)
print('get_scan_gk...')
print(result)
print(u'獲取掃描概況包括狀態: .............')
print('status: ' + result['status'])
return result
# next_run
except Exception as e:
print(str(e))
return
def get_report_url(scan_id):
# 生成scan_id的掃描報告
data = {"template_id": "11111111-1111-1111-1111-111111111115",
"source": {"list_type": "scans",
"id_list": [scan_id]}}
try:
response = requests.get(tarurl + "/api/v1/reports", data=json.dumps(data), headers=headers, timeout=30,
verify=False)
a = response.text
searchResult = re.search("/api/v1/reports/download/(.*?).html", a)
print(searchResult.group(1))
return tarurl + '/api/v1/reports/download/' + searchResult.group(1) + '.html'
except Exception as e:
print(str(e))
return
def down_report(url):
r = requests.get(url, verify=False)
with open("report.html", "w", encoding="utf-8") as code:
code.write(r.text)
def scan(url):
# 創建任務,獲取任務id
target_id = addtask(url)
# 啓動掃描,獲取掃描id
scan_id = startscan(target_id)
time.sleep(2)
# 獲取掃描會話id
scan_session_id = get_scan_session(scan_id)
# stop(scan_id)
# print("停止")
# 獲取掃描狀態:
gk = get_scan_gk(scan_id, scan_session_id)
while gk['status'] != 'completed':
time.sleep(10)
gk = get_scan_gk(scan_id, scan_session_id)
print('沒有完成掃描: status: ' + gk['status'])
print('完成掃描........')
print('獲取報告')
report_url = get_report_url(scan_id)
print('報告地址: ' + report_url)
down_report(report_url)
print('報告保存完成....')
if __name__ == '__main__':
a = login_create()
headers["X-Auth"] = a
headers['Cookie'] = "ui_session=" + str(a)
print(headers)#登陸成功後獲取這兩個值,其它接口需要用,(通過抓包分析)
scan('https://172.31.135.253:8090/login')#待掃描地址
方法二:
使用apikey
# -*- coding: utf-8 -*-
import requests
import json
import time
import re
import tqdm
requests.packages.urllib3.disable_warnings()
tarurl = "https://172.31.135.243:3443" # https://172.31.135.243:3443/#/me/
apikey = "1986ad8c0a5b3df4d7028d5f3c06e936cbf0675dc634a415e81a319031978d108"#成功去用戶那裏去獲取
def addtask(url=''):
# 添加任務,返回任務id
data = {"address": url, "description": 'awvs接口測試數據', "criticality": "10"}
try:
response = requests.post(tarurl + "/api/v1/targets", data=json.dumps(data),
headers=headers, timeout=30, verify=False)
result = json.loads(response.text)
print('add_tesk.....')
print(result)
print('target_id: ' + result['target_id'])
return result['target_id']
except Exception as e:
print(str(e))
return
def stop(scan_id):
# 停止掃描任務
try:
r = requests.post( tarurl+ '/scans/' +scan_id +'/abort',
timeout=10, verify=False, headers=headers)
if r.status_code == 204:
print(self.G + '[-] OK, 掃描已經停止...' + self.W)
except Exception as e:
pass
def startscan(task_id):
# 創建掃描,返回掃描id
data = {"target_id": task_id, "profile_id": "11111111-1111-1111-1111-111111111111",
"schedule": {"disable": False, "start_date": None, "time_sensitive": False}}
try:
response = requests.get(tarurl + "/api/v1/scans", data=json.dumps(data), headers=headers, timeout=30,
verify=False)
time.sleep(5)
response = requests.post(tarurl + "/api/v1/scans", data=json.dumps(data),
headers=headers, timeout=30, verify=False)
result = response.headers
print('start_scan....')
print(result)
scan_id = result['Location'].split('/')[4]
return scan_id
except Exception as e:
print(str(e))
return
#
def get_scan_session(scan_id):
# 獲取scan_session_id
try:
response = requests.get(tarurl + "/api/v1/scans/" + scan_id, headers=headers, timeout=30, verify=False)
result = json.loads(response.text)
print('get_scan_sessoion...')
print(result)
scan_session_id = result['current_session']['scan_session_id']
print('scan_session_id: ' + scan_session_id)
return scan_session_id
except Exception as e:
print(str(e))
return
def get_scan_gk(scan_id, scan_session_id):
# 有掃描狀態等很多信息
# 獲取掃描概況
try:
response = requests.get(tarurl + "/api/v1/scans/" + scan_id + '/results/' +
scan_session_id + '/statistics', headers=headers, timeout=30, verify=False)
result = json.loads(response.text)
print('get_scan_gk...')
print(result)
print(u'獲取掃描概況包括狀態: .............')
print('status: ' + result['status'])
return result
# next_run
except Exception as e:
print(str(e))
return
def get_report_url(scan_id):
# 生成scan_id的掃描報告
data = {"template_id": "11111111-1111-1111-1111-111111111115",
"source": {"list_type": "scans",
"id_list": [scan_id]}}
try:
response = requests.post(tarurl + "/api/v1/reports", data=json.dumps(data),
headers=headers, timeout=30, verify=False)
time.sleep(5)
response = requests.get(tarurl + "/api/v1/reports", data=json.dumps(data), headers=headers, timeout=30,
verify=False)
a = response.text
searchResult = re.search("/api/v1/reports/download/(.*?).html", a)
print(searchResult.group(1))
return tarurl + '/api/v1/reports/download/' + searchResult.group(1) + '.html'
except Exception as e:
print(str(e))
return
def down_report(url):
r = requests.get(url, verify=False)
with open("report.html", "w") as code:
code.write(r.text)
def scan(url):
# 創建任務,獲取任務id
target_id = addtask(url)
# 啓動掃描,獲取掃描id
scan_id = startscan(target_id)
time.sleep(2)
# 獲取掃描會話id
scan_session_id = get_scan_session(scan_id)
# stop(scan_id)
#
# print("結束")
# 獲取掃描狀態:
gk = get_scan_gk(scan_id, scan_session_id)
while gk['status'] != 'completed':
time.sleep(20)
gk = get_scan_gk(scan_id, scan_session_id)
print('沒有完成掃描: status: ' + gk['status'])
print('完成掃描........')
print('獲取報告')
report_url = get_report_url(scan_id)
print('報告地址: ' + report_url)
down_report(report_url)
print('報告保存完成....')
def main():
scan('https://xxxxx')
if __name__ == '__main__':
main()