├── __init__.py ├── bak_file ├── __init__.py ├── migrations │ └── __init__.py ├── urls.pyc ├── models.pyc ├── views.pyc ├── __init__.pyc ├── apps.py ├── urls.py ├── views.py └── models.py ├── screen ├── 1.png ├── 2.png ├── 3.png ├── 4.png └── 5.png ├── Awvs_Agent.xmind ├── README.md ├── web.py └── models.py /__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /bak_file/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /bak_file/migrations/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /screen/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/screen/1.png -------------------------------------------------------------------------------- /screen/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/screen/2.png -------------------------------------------------------------------------------- /screen/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/screen/3.png -------------------------------------------------------------------------------- /screen/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/screen/4.png -------------------------------------------------------------------------------- /screen/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/screen/5.png -------------------------------------------------------------------------------- /Awvs_Agent.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/Awvs_Agent.xmind -------------------------------------------------------------------------------- /bak_file/urls.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/bak_file/urls.pyc -------------------------------------------------------------------------------- /bak_file/models.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/bak_file/models.pyc -------------------------------------------------------------------------------- /bak_file/views.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/bak_file/views.pyc -------------------------------------------------------------------------------- /bak_file/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lee-0x00/sec-awvs-agent/HEAD/bak_file/__init__.pyc -------------------------------------------------------------------------------- /bak_file/apps.py: -------------------------------------------------------------------------------- 1 | ''' 2 | # coding:utf-8 3 | # Author : Bing 4 | # Date : 27/3/2017 5 | # Email : amazing_bing@outlook.com 6 | # Description : 7 | ''' 8 | 9 | 10 | from __future__ import unicode_literals 11 | 12 | from django.apps import AppConfig 13 | 14 | 15 | class AwsScanConfig(AppConfig): 16 | name = 'aws_scan' 17 | -------------------------------------------------------------------------------- /bak_file/urls.py: -------------------------------------------------------------------------------- 1 | #-*- coding: UTF-8 -*- 2 | #__author__:Bing 3 | #email:amazing_bing@outlook.com 4 | 5 | 6 | from django.conf.urls import include, url 7 | from aws_scan import views 8 | 9 | urlpatterns = [ 10 | url(r'^$', views.index,name='index'), 11 | url(r'^wvs_scan_list/', views.wvs_scan_list,name='wvs_scan_list'), 12 | url(r'^wvs_scan_add/', views.wvs_scan_add,name='wvs_scan_add'), 13 | url(r'^wvs_scan_getresult/', views.wvs_scan_getresult,name='wvs_scan_getresult'), 14 | url(r'^wvs_scan_pause/', views.wvs_scan_pause,name='wvs_scan_pause'), 15 | url(r'^wvs_scan_resume/', views.wvs_scan_resume,name='wvs_scan_resume'), 16 | url(r'^wvs_scan_del/', views.wvs_scan_del,name='wvs_scan_del'), 17 | url(r'^big_file_download/', views.big_file_download,name='big_file_download'), 18 | # url(r'^add_task/', views.index,name='add'), 19 | # url(r'^add_task/', views.index,name='add'), 20 | ] 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![License](https://img.shields.io/:license-gpl3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0.html) 2 | [![platform](https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-green.svg)](https://github.com/Canbing007/sec-portscan-agent) 3 | [![python](https://img.shields.io/badge/python-2.7-blue.svg)](https://www.python.org/downloads/) 4 | 5 | # awvs_agent 6 | --- 7 | call awvs http api interface to add scan task 8 | 9 | ## Introduce 10 | --- 11 | Web.py:flask web api 12 | Models.py:control data operation 13 | 14 | Interface information: 15 | 16 | |API_URL | Parmerter | Return | 17 | | ------------- |:-------------:| -----:| 18 | | index | null | ```{"status":1,"data":task_count}`` | 19 | | add | vultype,loginseq,target | ```{"status":1,"data":data} data= [{"id":taskid,"target":domain,"status":status}]``` | 20 | | report | taskid | ```{"status":1,"data":taskid}``` | 21 | | del | taskid | ```{"status":1}``` | 22 | | process | process | ```{"status":1,"data":process}``` | 23 | | loginseq | null | ```{"status":1,"data":[loginseq]}``` | 24 | 25 | ## Usage 26 | --- 27 | 1.Set the access ip in web.py 28 | 2.Set the loginseq default directory in web.py 29 | 3.Set the report directory and loginsql default directory in models.py 30 | 31 | after then: 32 | ``` 33 | python web.py 34 | ``` 35 | 36 | As follow: 37 | 38 | #### Running agent 39 | ![awvs_agent](https://raw.githubusercontent.com/Canbing007/awvs_agent/master/screen/1.png) 40 | 41 | #### Add some tasks on WEB Control PlatFrom 42 | ![awvs_agent](https://raw.githubusercontent.com/Canbing007/awvs_agent/master/screen/2.png) 43 | 44 | #### Show tasks process and list 45 | ![awvs_agent](https://raw.githubusercontent.com/Canbing007/awvs_agent/master/screen/3.png) 46 | 47 | #### Show tasks report and statistics 48 | ![awvs_agent](https://raw.githubusercontent.com/Canbing007/awvs_agent/master/screen/4.png) 49 | 50 | #### According to a single bug report 51 | ![awvs_agent](https://raw.githubusercontent.com/Canbing007/awvs_agent/master/screen/5.png) 52 | 53 | ## Issue 54 | if you have what do you need to ask me,you can give me leave a message. 55 | or if you have any questions,tell me by message. 56 | 57 | 58 | -------------------------------------------------------------------------------- /bak_file/views.py: -------------------------------------------------------------------------------- 1 | #-*- coding: UTF-8 -*- 2 | #__author__:Bing 3 | #email:amazing_bing@outlook.com 4 | 5 | from django.shortcuts import render_to_response,HttpResponse,HttpResponseRedirect,Http404 6 | from django.http import StreamingHttpResponse 7 | from django.http import JsonResponse 8 | from aws_scan.models import AWVSTask 9 | 10 | def index(request): 11 | return HttpResponse("Welcome,This is awvs_scan api .") 12 | 13 | 14 | #=============================================================================== 15 | # wvs task excute views 16 | #=============================================================================== 17 | def wvs_scan_list(request): 18 | task = AWVSTask() 19 | result = task.awvs_list_mod() 20 | 21 | status = result["status"] 22 | #print result 23 | if status == 1 : 24 | return JsonResponse(result) 25 | else: 26 | return JsonResponse({"status": 0}) 27 | 28 | 29 | def wvs_scan_add(request): 30 | #taskid = str(request.GET.get('taskid',"")) 31 | domain = request.GET.get('domain',"") 32 | scantype = request.GET.get('scantype',0) 33 | cookies = request.GET.get('cookie',"") 34 | 35 | if domain != "" and domain.startswith("http://",0,8) or domain.startswith("https://",0,8): 36 | task = AWVSTask() 37 | #result = task.awvs_add_mod(domain,scantype=0,cookies="") 38 | result = task.awvs_add_mod(domain,scantype,cookies) 39 | 40 | status = result["status"] 41 | #print result 42 | if status == 1 : 43 | return JsonResponse(result) 44 | else: 45 | return JsonResponse({"status": 0}) 46 | else: 47 | return JsonResponse({"status": 2,"data":[{"msg":"please,no parameter or format is error!"}]}) 48 | 49 | 50 | def wvs_scan_pause(request): 51 | id = request.GET.get('id',"") 52 | if id != "": 53 | task = AWVSTask() 54 | result = task.awvs_pause_mod(id) 55 | 56 | status = result["status"] 57 | #print result 58 | if status == 1 : 59 | return JsonResponse(result) 60 | else: 61 | return JsonResponse({"status": 0}) 62 | else: 63 | return JsonResponse({"status": 2,"data":[{"msg":"please,no parameter or format is error!"}]}) 64 | 65 | 66 | def wvs_scan_resume(request): 67 | id = request.GET.get('id',"") 68 | if id != "": 69 | task = AWVSTask() 70 | result = task.awvs_resume_mod(id) 71 | 72 | status = result["status"] 73 | #print result 74 | if status == 1 : 75 | return JsonResponse(result) 76 | else: 77 | return JsonResponse({"status": 0}) 78 | else: 79 | return JsonResponse({"status": 2,"data":[{"msg":"please,no parameter or format is error!"}]}) 80 | 81 | 82 | def wvs_scan_getresult(request): 83 | id = request.GET.get('id', "") 84 | file_name = request.GET.get('file_name', "") 85 | if file_name != "" and id != "": 86 | task = AWVSTask() 87 | result = task.awvs_getresult_mod(id, file_name) 88 | 89 | status = result["status"] 90 | # print result 91 | if status == 1: 92 | result_file_path = result["data"] 93 | code = "" 94 | with open("{0}".format(result_file_path), "rb") as f: 95 | code = f.read() 96 | 97 | the_file_name = "{0}".format(str(result_file_path.split("\\")[-1])) 98 | # print "D:\\awvs\\{0}".format(str(path_file)) 99 | response = StreamingHttpResponse(code) 100 | response['Content-Type'] = 'application/octet-stream' 101 | response['Content-Disposition'] = 'attachment;filename="{0}"'.format(the_file_name) 102 | return response 103 | else: 104 | return JsonResponse({"status": 0}) 105 | else: 106 | return JsonResponse({"status": 2, "data": [{"msg": "please,no parameter or format is error!"}]}) 107 | 108 | 109 | def wvs_scan_del(request): 110 | id = request.GET.get('id',"") 111 | if id != "": 112 | task = AWVSTask() 113 | result = task.awvs_del_mod(id) 114 | 115 | status = result["status"] 116 | #print result 117 | if status == 1 : 118 | return JsonResponse(result) 119 | else: 120 | return JsonResponse({"status": 0}) 121 | else: 122 | return JsonResponse({"status": 2,"data":[{"msg":"please,no parameter or format is error!"}]}) 123 | 124 | 125 | 126 | def big_file_download(request): 127 | path_file = request.GET.get('path_file',"") 128 | if id != "": 129 | code = "" 130 | with open("D:\\awvs\\{0}".format(str(path_file)),"rb") as f: 131 | code = f.read() 132 | 133 | the_file_name = "{0}".format(str(path_file)) 134 | #print "D:\\awvs\\{0}".format(str(path_file)) 135 | response = StreamingHttpResponse(code) 136 | response['Content-Type'] = 'application/octet-stream' 137 | response['Content-Disposition'] = 'attachment;filename="{0}"'.format(the_file_name) 138 | 139 | return response 140 | else: 141 | return JsonResponse({"status": 2, "data": [{"msg": "please,no parameter or format is error!"}]}) 142 | 143 | 144 | -------------------------------------------------------------------------------- /web.py: -------------------------------------------------------------------------------- 1 | #-*- coding: UTF-8 -*- 2 | #__author__:Bing 3 | #email:amazing_bing@outlook.com 4 | 5 | from flask import Flask,request,redirect, url_for, render_template 6 | from models import AWVSTask 7 | import json,os 8 | from functools import wraps 9 | 10 | 11 | app = Flask(__name__) 12 | 13 | 14 | node_key = "wetk2i97ssd23kjsdhu223fdv234" 15 | 16 | #允许访问ip地址 17 | allowip = ['localhost','127.0.0.1'] 18 | 19 | def blocks(func): 20 | @wraps(func) 21 | def decorator(*args, **kwargs): 22 | remote_ip = request.remote_addr 23 | #return func(*args, **kwargs) 24 | #print remote_ip,"***********" 25 | if str(remote_ip) in allowip: 26 | #print str(remote_ip),allowip 27 | return func(*args, **kwargs) 28 | else: 29 | return json.dumps({"status":0,"data":"record your attack on IP!"}) 30 | return decorator 31 | 32 | 33 | UPLOAD_FOLDER = 'C:\\Users\\Public\\Documents\\Acunetix WVS 10\\LoginSequences' 34 | ALLOWED_EXTENSIONS = set(['lsr']) 35 | app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER 36 | 37 | def allowed_file(filename): 38 | return '.' in filename and filename.rsplit('.',1)[1] in ALLOWED_EXTENSIONS 39 | 40 | 41 | 42 | @app.route('/upfile', methods = ['GET','POST']) 43 | @blocks 44 | def upload_file(): 45 | if request.method == 'POST': 46 | file = request.files['file'] 47 | if file and allowed_file(file.filename) and ".." not in (file.filename): 48 | filename = file.filename 49 | file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) 50 | return json.dumps({"status":1}) 51 | #redirect(url_for('upload_file', filename = filename)); 52 | else: 53 | return json.dumps({"status":0}) 54 | else: 55 | return json.dumps({"status":0}) 56 | 57 | 58 | @app.route("/", methods=['POST', 'GET']) 59 | @blocks 60 | def index(): 61 | #print request.headers.get('User-Agent') 62 | #request.args.items().__str__() 63 | # remote_ip = request.remote_addr 64 | # print remote_ip,"***********",type(remote_ip) 65 | result = AWVSTask().awvs_count() 66 | if result["status"] == 1: 67 | return json.dumps(result) 68 | else: 69 | return json.dumps(result) 70 | 71 | 72 | @app.route("/add", methods=['POST', 'GET']) 73 | @blocks 74 | def add(): 75 | if request.method == 'POST': 76 | vultype = request.form.get('vultype').encode("gbk") 77 | loginseq = request.form.get('loginseq').encode("gbk") 78 | target = request.form.get('target').encode("gbk") 79 | #print type(vultype),type(loginseq) 80 | if target != "" and target.startswith("http://",0,8) or target.startswith("https://",0,8) and vultype != "": 81 | #多个任务,进行分割 82 | data = [] 83 | if "," in target : 84 | try: 85 | content = target.split(",") 86 | except: 87 | result = {"status":0,"data":"error not offer data or format "} 88 | return json.dumps(result) 89 | 90 | for line in content: 91 | result = AWVSTask().awvs_add(profile=vultype,loginSeq= "",target=line) 92 | if result["status"] == 1: 93 | res = {"id":result["data"],"target":line,"status":result["status"]} 94 | data.append(res) 95 | else: 96 | res = {"target":line,"status":0} 97 | data.append(res) 98 | else: 99 | try: 100 | content = target.split("\n") 101 | except: 102 | result = {"status":0,"data":"error not offer data or format "} 103 | return json.dumps(result) 104 | 105 | for line in content: 106 | result = AWVSTask().awvs_add(profile=vultype,loginSeq= "",target=line) 107 | if result["status"] == 1: 108 | res = {"id":result["data"],"target":line,"status":result["status"]} 109 | data.append(res) 110 | else: 111 | res = {"target":line,"status":0} 112 | data.append(res) 113 | 114 | 115 | result = {"status":1,"data":data} 116 | return json.dumps(result) 117 | else: 118 | result = {"status":0,"data":"error not offer data or format "} 119 | return json.dumps(result) 120 | else: 121 | result = {"status":0,"data":"no post"} 122 | return json.dumps(result) 123 | 124 | 125 | @app.route("/del", methods=['POST', 'GET']) 126 | @blocks 127 | def delete(): 128 | if request.method == 'POST': 129 | taskid = request.form.get('taskid').encode("gbk") 130 | if taskid != "" : 131 | result = AWVSTask().awvs_delete(taskid) 132 | return json.dumps(result) 133 | else: 134 | result = {"status":0,"data":"error not offer data or format "} 135 | return json.dumps(result) 136 | else: 137 | result = {"status":0,"data":"no post "} 138 | return json.dumps(result) 139 | 140 | 141 | @app.route("/process", methods=['POST', 'GET']) 142 | @blocks 143 | def process(): 144 | if request.method == 'POST': 145 | taskid = request.form.get('taskid').encode("gbk") 146 | if taskid != "" : 147 | result = AWVSTask().awvs_process(taskid) 148 | return json.dumps(result) 149 | else: 150 | result = {"status":0,"data":"error not offer data or format "} 151 | return json.dumps(result) 152 | else: 153 | result = {"status":0,"data":"no post "} 154 | return json.dumps(result) 155 | 156 | 157 | @app.route("/report", methods=['POST', 'GET']) 158 | @blocks 159 | def report(): 160 | if request.method == 'POST': 161 | taskid = request.form.get('taskid').encode("gbk") 162 | if taskid != "" : 163 | result = AWVSTask().awvs_report(taskid) 164 | return json.dumps(result) 165 | else: 166 | result = {"status":0,"data":"error not offer data or format "} 167 | return json.dumps(result) 168 | else: 169 | result = {"status":0,"data":"no post "} 170 | return json.dumps(result) 171 | 172 | 173 | @app.route("/loginseq", methods=['POST', 'GET']) 174 | @blocks 175 | def loginseq(): 176 | result = AWVSTask().awvs_list_loginseq() 177 | if result["status"] == 1: 178 | return json.dumps(result) 179 | else: 180 | return json.dumps(result) 181 | 182 | 183 | 184 | 185 | if __name__ == '__main__': 186 | #app.run(port=8080,debug=False) 187 | app.run(host= "0.0.0.0",port = 8080,debug=False) 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | -------------------------------------------------------------------------------- /bak_file/models.py: -------------------------------------------------------------------------------- 1 | #-*- coding: UTF-8 -*- 2 | #__author__:Bing 3 | #email:amazing_bing@outlook.com 4 | 5 | import httplib,json,urllib2 6 | from datetime import datetime 7 | from time import gmtime, strftime 8 | import os,sys 9 | import zipfile 10 | 11 | class AWVSTask: 12 | def __init__(self): 13 | self.api_url = "127.0.0.1" 14 | self.api_port = 8183 15 | self.api_header = { 16 | "Content-Type": "application/json; charset=UTF-8", 17 | "X-Requested-With": "XMLHttpRequest", 18 | "Accept": "application/json, text/javascript, */*; q=0.01", 19 | "RequestValidated": "true" 20 | } 21 | 22 | #this is ok 23 | def awvs_list_mod(self): 24 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 25 | conn.request("GET", "/api/listScans", headers=self.api_header) 26 | resp = conn.getresponse() 27 | content = resp.read() 28 | result = json.loads(content) 29 | status = result["result"].encode("gbk") 30 | if status == "OK": 31 | content = [] 32 | 33 | task_count = result["data"]["count"].encode("gbk") 34 | for i in result["data"]["scans"] : 35 | task_id = i["id"].encode("gbk") 36 | task_target = i["target"].encode("gbk") 37 | task_module = i["profile"].encode("gbk") 38 | task_process = i["progress"] 39 | task_risk = self.awvs_getrisk_mod(task_id,task_target)["data"] 40 | task_status = i["status"].encode("gbk") 41 | #print task_count,task_id,task_target,task_module,task_process,task_node,task_risk,task_status,ids 42 | content.append({"task_count":task_count,"task_id":task_id,"task_target":task_target,"task_module":task_module,"task_risk":task_risk,"task_process":task_process,"task_status":task_status}) 43 | return {"status":1,"data":content} 44 | else: 45 | return {"status":0} 46 | 47 | #this is ok 48 | def awvs_add_mod(self,domain,scantype=0,cookies=""): 49 | scan_type = ["Default","Sql_Injection","XSS"] 50 | ACUDATA = {"scanType":"scan", 51 | "targetList":"", 52 | "target":["%s" % domain], 53 | "recurse":"-1", 54 | "date":strftime("%m/%d/%Y", gmtime()), 55 | "dayOfWeek":"1", 56 | "dayOfMonth":"1", 57 | "time": "%s:%s" % (datetime.now().hour, datetime.now().minute+2), 58 | "deleteAfterCompletion":"False", 59 | "params":{"profile":str(scan_type[int(scantype)]), 60 | "loginSeq":str(cookies), 61 | "settings":"Default", 62 | "scanningmode":"heuristic", 63 | "excludedhours":"", 64 | "savetodatabase":"True", 65 | "savelogs":"False", 66 | "generatereport":"True", 67 | "reportformat":"PDF", 68 | "reporttemplate":"WVSDeveloperReport.rep", 69 | "emailaddress":""} 70 | } 71 | 72 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 73 | conn.request("POST", "/api/addScan", json.dumps(ACUDATA) , self.api_header) 74 | resp = conn.getresponse() 75 | content = resp.read() 76 | #{"result":"FAIL","errorMessage":"invalid website URL!"} 77 | #{"result":"OK","data":["6"]} 78 | result = json.loads(content) 79 | status = result["result"].encode("gbk") 80 | if status == "OK": 81 | content = result["data"][0].encode("gbk") 82 | return {"status":1,"data":content} 83 | else: 84 | return {"status":0} 85 | 86 | 87 | 88 | def awvs_resume_mod(self,id): 89 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 90 | data = json.dumps({"id":str(id)}) 91 | conn.request("POST", "/api/resumeScan", data, self.api_header) 92 | # conn.request("GET", "/api/listScans", headers=ACUHEADERS) 93 | resp = conn.getresponse() 94 | content = resp.read() 95 | 96 | result = json.loads(content) 97 | status = result["result"].encode("gbk") 98 | if status == "OK": 99 | return {"status":1} 100 | else: 101 | return {"status":0} 102 | 103 | 104 | def awvs_pause_mod(self,id): 105 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 106 | data = json.dumps({"id":str(id)}) 107 | conn.request("POST", "/api/pauseScan", data, self.api_header) 108 | resp = conn.getresponse() 109 | content = resp.read() 110 | 111 | result = json.loads(content) 112 | status = result["result"].encode("gbk") 113 | if status == "OK": 114 | return {"status":1} 115 | else: 116 | return {"status":0} 117 | 118 | def awvs_stop_mod(self,id): 119 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 120 | data = json.dumps({"id":str(id)}) 121 | conn.request("POST", "/api/stopScan", data, self.api_header) 122 | # conn.request("GET", "/api/listScans", headers=ACUHEADERS) 123 | resp = conn.getresponse() 124 | content = resp.read() 125 | 126 | result = json.loads(content) 127 | status = result["result"].encode("gbk") 128 | if status == "OK": 129 | return {"status":1} 130 | else: 131 | return {"status":0} 132 | 133 | 134 | def awvs_del_mod(self,id): 135 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 136 | data = json.dumps({'id': str(id), 'deleteScanResults': 1}) 137 | conn.request("POST", "/api/deleteScan", data, self.api_header) 138 | resp = conn.getresponse() 139 | content = resp.read() 140 | #{"result":"OK"} 141 | result = json.loads(content) 142 | status = result["result"].encode("gbk") 143 | if status == "OK": 144 | return {"status":1} 145 | else: 146 | return {"status":0} 147 | 148 | 149 | def awvs_getresult_mod(self,id,file_name,dirname="D:\\awvs\\"): 150 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 151 | data = json.dumps({"id":str(id)}) 152 | conn.request("POST", "/api/getScanResults", data , self.api_header) 153 | resp = conn.getresponse() 154 | content = resp.read() 155 | 156 | result = json.loads(content) 157 | status = result["result"].encode("gbk") 158 | if status == "OK": 159 | try: 160 | reportid = result["data"][0]["id"].encode("gbk") 161 | conn.request("GET", "/api/download/{0}:{1}".format(id, reportid), headers=self.api_header) 162 | resp = conn.getresponse() 163 | download_contents = resp.read() 164 | #print download_contents 165 | #return {"status":1,"data":download_contents} 166 | save_file = self.download(path_file="{0}{1}.zip".format(str(dirname),str(file_name)),data=download_contents) 167 | if save_file['status'] == 1: 168 | zipfilename = "{0}{1}.zip".format(str(dirname),str(file_name)) 169 | #print zipfilename 170 | pdf_filename = self.unzip_dir(file_name = str(file_name),zipfilename= zipfilename) 171 | #print pdf_filename 172 | if pdf_filename["status"] == 1: 173 | os.remove(zipfilename) 174 | return {"status":1,"data":pdf_filename["data"]} 175 | else: 176 | return {"status":2} 177 | except: 178 | return {"status":0} 179 | else: 180 | return {"status":0} 181 | 182 | 183 | #this is ok 184 | def awvs_getrisk_mod(self,id,domain): 185 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 186 | conn.request("POST", "/api/getScanHistory", json.dumps({'id': str(id)}), headers=self.api_header) 187 | # conn.request("GET", "/api/listScans", headers=ACUHEADERS) 188 | resp = conn.getresponse() 189 | content = resp.read() 190 | result = json.loads(content) 191 | status = result["result"].encode("gbk") 192 | if status == "OK": 193 | content = "" 194 | for line in result["data"]: 195 | msg = line["msg"].encode("gbk") 196 | if str(domain) in msg : 197 | arr = msg.split(",") 198 | content = '{0}{1}{2}'.format(arr[0][-6:],arr[1],arr[2]) 199 | return {"status":1,'data':content} 200 | else: 201 | return {"status":0} 202 | 203 | def download(self,path_file,data): 204 | try: 205 | with open("{0}".format(path_file), "wb") as code: 206 | code.write(data) 207 | code.close() 208 | return {"status":1,"data":path_file} 209 | except: 210 | return {"status":0} 211 | 212 | def unzip_dir(self,file_name = "test",zipfilename="m:\\scan02.zip", unzipdirname="D:\\awvs\\"): 213 | fullzipfilename = os.path.abspath(zipfilename) 214 | fullunzipdirname = os.path.abspath(unzipdirname) 215 | #if not os.path.exists(fullzipfilename): 216 | #print file_name,fullzipfilename 217 | 218 | #Start extract files ... 219 | result = "" 220 | try: 221 | srcZip = zipfile.ZipFile(fullzipfilename, "r") 222 | for eachfile in srcZip.namelist(): 223 | #print "Unzip file %s ..." % eachfile 224 | eachfilename = os.path.normpath(os.path.join(fullunzipdirname, '{0}_{1}'.format(file_name,eachfile))) 225 | eachdirname = os.path.dirname(eachfilename) 226 | if eachfile.endswith(".pdf",4): 227 | fd=open(eachfilename, "wb") 228 | result = eachfilename 229 | fd.write(srcZip.read(eachfile)) 230 | fd.close() 231 | else: 232 | pass 233 | srcZip.close() 234 | return {"status":1,"data":result} 235 | except: 236 | return {"status":0} -------------------------------------------------------------------------------- /models.py: -------------------------------------------------------------------------------- 1 | #-*- coding: UTF-8 -*- 2 | #__author__:Bing 3 | #email:amazing_bing@outlook.com 4 | 5 | import httplib,json,urllib2 6 | from datetime import datetime 7 | from time import gmtime, strftime 8 | from xml.dom import minidom 9 | import random,time 10 | import os,sys 11 | import zipfile 12 | import cgi 13 | 14 | 15 | report_save_dir = "m:\\test\\" 16 | loginseq_dir = "C:\\Users\\Public\\Documents\\Acunetix WVS 10\\LoginSequences" 17 | 18 | #判断是否为域名 19 | def is_domain(domain): 20 | domain_regex = re.compile( 21 | r'(?:[A-Z0-9_](?:[A-Z0-9-_]{0,247}[A-Z0-9])?\.)+(?:[A-Z]{2,6}|[A-Z0-9-]{2,}(?", 120 | "savetodatabase":"False", 121 | "savelogs":"False", 122 | "ExportXML":"tt.xml", 123 | # "generatereport":"True", 124 | # "reportformat":"RTF", 125 | # "reporttemplate":"WVSDeveloperReport.rep", 126 | "emailaddress":""} 127 | } 128 | except: 129 | return {"status":0} 130 | 131 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 132 | conn.request("POST", "/api/addScan", json.dumps(ACUDATA) , self.api_header) 133 | resp = conn.getresponse() 134 | content = resp.read() 135 | 136 | #请求增加任务 137 | result = json.loads(content) 138 | status = result["result"].encode("gbk") 139 | if status == "OK": 140 | taskid = result["data"][0].encode("gbk") 141 | return {"status":1,"data":taskid} 142 | else: 143 | return {"status":0} 144 | 145 | 146 | def awvs_report(self,taskid): 147 | save_dir = report_save_dir 148 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 149 | data = json.dumps({"id":str(taskid)}) 150 | conn.request("POST", "/api/getScanResults", data , self.api_header) 151 | resp = conn.getresponse() 152 | content = resp.read() 153 | 154 | #请求下载报告 155 | result = json.loads(content) 156 | status = result["result"].encode("gbk") 157 | try: 158 | result_len = len(result["data"][0]) 159 | except: 160 | result_len = 2 161 | 162 | #print result_len,result["data"] 163 | if status == "OK" and result_len == 3: 164 | #print "te" 165 | try: 166 | report_id = result["data"][0]["id"].encode("gbk") 167 | #http://localhost:8183/api/download/5:ac1e564ca8da24f1c94432cac9ee6553 168 | conn.request("GET", "/api/download/{0}:{1}".format(taskid, report_id), headers=self.api_header) 169 | resp = conn.getresponse() 170 | download_contents = resp.read() 171 | 172 | #保持报告文件 173 | random_file_name = strftime("%Y%m%d-%H%M%S", time.localtime()) #待修改为日期文件 174 | #print strftime("%Y%m%d-%H%M%S", time.localtime()) 175 | zipfilename = "{0}{1}.zip".format(str(save_dir),str(random_file_name)) 176 | xmlfilename = "{0}{1}.xml".format(str(save_dir),str(random_file_name)) 177 | 178 | download_file = self.download(path_file=zipfilename,data=download_contents) 179 | if download_file['status'] == 1: 180 | xml_filename = self.unzip_dir(unzipfilename=zipfilename,savexmlfile=xmlfilename) 181 | #print xml_filename 182 | if xml_filename["status"] == 1: 183 | os.remove(zipfilename) 184 | xml_data = self.parse_xml(xml_filename["data"]) 185 | #print xml_data 186 | if xml_data['status'] == 1: 187 | os.remove(xmlfilename) 188 | return {"status":1,"data":xml_data["data"]} 189 | else: 190 | return {"status": 2} 191 | else: 192 | return {"status":2} 193 | except: 194 | return {"status":0} 195 | else: 196 | return {"status":0} 197 | 198 | 199 | def awvs_delete(self,taskid): 200 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 201 | data = json.dumps({'id': str(taskid), 'deleteScanResults': 1}) 202 | conn.request("POST", "/api/deleteScan", data, self.api_header) 203 | resp = conn.getresponse() 204 | content = resp.read() 205 | 206 | #删除任务 207 | result = json.loads(content) 208 | status = result["result"].encode("gbk") 209 | if status == "OK": 210 | return {"status":1} 211 | else: 212 | return {"status":0} 213 | 214 | 215 | def awvs_process(self,taskid): 216 | conn = httplib.HTTPConnection(self.api_url, self.api_port) 217 | conn.request("GET", "/api/listScans", headers=self.api_header) 218 | resp = conn.getresponse() 219 | content = resp.read() 220 | 221 | result = json.loads(content) 222 | status = result["result"].encode("gbk") 223 | if status == "OK": 224 | task_process = "" 225 | for i in result["data"]["scans"] : 226 | task_id = i["id"].encode("gbk") 227 | if str(task_id) == str(taskid): 228 | task_process = i["progress"] 229 | return {"status":1,"data":task_process} 230 | else: 231 | return {"status":0} 232 | 233 | 234 | def awvs_list_loginseq(self): 235 | cookie_dir = loginseq_dir 236 | content = [] 237 | for parent,dirnames,filenames in os.walk(cookie_dir): 238 | for filename in filenames: 239 | content.append(filename) 240 | result = {"status":1,"data":content} 241 | return result 242 | 243 | 244 | 245 | def unzip_dir(self,unzipfilename, savexmlfile): 246 | #fullzipfilename = os.path.abspath(unzipfilename) 247 | #fullunzipdirname = os.path.abspath(savexmlfile) 248 | #print fullzipfilename 249 | result = "" 250 | try: 251 | srcZip = zipfile.ZipFile(unzipfilename, "r") 252 | for eachfile in srcZip.namelist(): 253 | if eachfile.endswith(".xml",3): 254 | fd=open(savexmlfile, "wb") 255 | result = savexmlfile 256 | print result 257 | fd.write(srcZip.read(eachfile)) 258 | fd.close() 259 | else: 260 | pass 261 | 262 | srcZip.close() 263 | return {"status":1,"data":result} 264 | except: 265 | return {"status":0} 266 | 267 | 268 | 269 | # AWVSTask().awvs_add(1,"test.lsr","http://www.wakeuppeople.top") 270 | #print AWVSTask().awvs_report(2) 271 | #AWVSTask().unzip_dir(unzipfilename="M:\\0.zip") 272 | #print AWVSTask().parse_xml("D:\\scan_agent\\20170412-115740.xml") 273 | #print AWVSTask().awvs_list_loginseq() 274 | 275 | # import HTMLParser 276 | 277 | # char = r"" 278 | # t = HTMLParser.HTMLParser(); 279 | # uChar = t.unescape(char); 280 | # print t,uChar,"***********" 281 | 282 | # import cgi 283 | # new_cont = cgi.escape(uChar) 284 | # print new_cont --------------------------------------------------------------------------------