├── Document ├── Dashboard.md ├── Reports │ └── main.md ├── Scans │ └── main.md ├── Targets │ ├── main.md │ └── scan.md └── Vulnerabilities │ └── main.md └── README.md /Document/Dashboard.md: -------------------------------------------------------------------------------- 1 | ## Dashboard 2 | 3 | 4 | ### 信息接口: 5 | 6 | ``` 7 | Method:GET 8 | URL: /api/v1/info 9 | ``` 10 | 返回参数说明: 11 | 12 | | 参数 | 说明 | 13 | | --- | --- | 14 | | update_info | 更新信息 | 15 | | license | 授权信息 | 16 | | major_version | 主要版本号 | 17 | | minor_version | 小版本号 | 18 | | build_number | 创建时间 | 19 | 20 | ### 账户信息: 21 | 22 | ``` 23 | Method:GET 24 | URL: /api/v1/me 25 | ``` 26 | 27 | 返回参数说明: 28 | 29 | | 参数 | 说明 | 30 | | --- | --- | 31 | | first_name | 当前账户名 | 32 | | user_id | 当前用户id | 33 | | email | Email地址 | 34 | | enabled | 当前账户是否启用 | 35 | | child_account | 是否子账户 | 36 | | su | 是否最高权限 | 37 | 38 | 39 | 40 | ### Dashboard信息: 41 | 42 | ``` 43 | Method:GET 44 | URL: /api/v1/me/stats 45 | ``` 46 | 47 | 返回参数说明: 48 | 49 | | 参数 | 说明 | 50 | | --- | --- | 51 | | most_vulnerable_targets | 最脆弱的目标 | 52 | | scans_waiting_count | 等待扫描个数| 53 | | targets_count | 目标数 | 54 | | scans_running_count | 正在扫描的个数 | 55 | | scans_conducted_count | 总进行扫描个数 | 56 | | vuln_count | 发现漏洞等级的分布个数 | 57 | | vuln_count_by_criticality | 通过危险程度进行漏洞等级个数分布 | 58 | | critical | / | 59 | | low | / | 60 | | top_vulnerabilities | 排名靠前漏洞分布 | 61 | | vulnerabilities_open_count | 共发现漏洞总数 | 62 | 63 | -------------------------------------------------------------------------------- /Document/Reports/main.md: -------------------------------------------------------------------------------- 1 | ## Reports 2 | 3 | 4 | 5 | ### 获取所有扫描报告 6 | 7 | ``` 8 | Method:GET 9 | URL: /api/v1/reports 10 | ``` 11 | 12 | 13 | 返回参数说明: 14 | 15 | | 参数 | 说明 | 16 | | --- | --- | 17 | | generation_date | 生成时间 | 18 | | template_type | 模板类型 | 19 | | report_id | 报告id | 20 | | template_name | 模板名字 | 21 | | status | 状态 | 22 | | template_id | 模板id | 23 | | download | 下载链接[html, pdf] | 24 | | source | 来源 | 25 | | description | 备注 | 26 | 27 | 28 | 29 | ### 生成扫描报告 30 | 31 | ``` 32 | Method:POST 33 | URL: /api/v1/reports 34 | ``` 35 | 36 | Data: 37 | 38 | ``` 39 | 40 | {"template_id":"11111111-1111-1111-1111-111111111119", 41 | "source":{ 42 | "list_type":"scan_result", 43 | "id_list":["f2985648-da9e-430a-830b-f1bf34d9c4f2"] 44 | } 45 | } 46 | ``` 47 | 48 | 49 | 50 | 返回参数说明: 51 | 52 | | 参数 | 类型 | 说明 | 53 | | --- | --- |--- | 54 | | template_id|String| 扫描报名模板类型 | 55 | | list_type |String | 值为: scans / targets| 56 | | id_list | String | 值为: scan_id / target_id | 57 | 58 | template_id: 59 | 60 | | 类型 | 值 | 61 | | --- | --- | 62 | | Affected Items | 11111111-1111-1111-1111-111111111115 | 63 | | CWE 2011 | 11111111-1111-1111-1111-111111111116 | 64 | | Developer | 11111111-1111-1111-1111-111111111111 | 65 | | Executive Summary | 11111111-1111-1111-1111-111111111113| 66 | | HIPAA | 11111111-1111-1111-1111-111111111114 | 67 | | ISO 27001 | 11111111-1111-1111-1111-111111111117 | 68 | | NIST SP800 53 | 11111111-1111-1111-1111-111111111118 | 69 | | OWASP Top 10 2013 | 11111111-1111-1111-1111-111111111119 | 70 | |PCI DSS 3.2|11111111-1111-1111-1111-111111111120| 71 | |Quick|11111111-1111-1111-1111-111111111112| 72 | |Sarbanes Oxley|11111111-1111-1111-1111-111111111121| 73 | |Scan Comparison|11111111-1111-1111-1111-111111111124| 74 | |STIG DISA|11111111-1111-1111-1111-111111111122| 75 | |WASC Threat Classification|11111111-1111-1111-1111-111111111123| 76 | 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /Document/Scans/main.md: -------------------------------------------------------------------------------- 1 | ## Scans 2 | 3 | 4 | ### 添加扫描: 5 | 6 | ``` 7 | Method:POST 8 | URL: /api/v1/scans 9 | ``` 10 | 11 | Data: 12 | 13 | ``` 14 | { 15 | "target_id":"64496c9e-b340-4227-90d4-ac43e78d4a0d", 16 | "profile_id":"11111111-1111-1111-1111-111111111112", 17 | "schedule": 18 | {"disable":false, 19 | "start_date":null, 20 | "time_sensitive":false 21 | } 22 | } 23 | 24 | ``` 25 | 26 | 发送参数说明: 27 | 28 | | 参数 | 类型 |说明 | 29 | | --- | --- |--- | 30 | | target_id | String | 目标id | 31 | | profile_id | String | 扫描类型 | 32 | | schedule | Json | 扫描时间设置(默认即时) | 33 | | report_template_id | String | 扫描报告类型(可不传) | 34 | | ui_session_id | String | 可不传 | 35 | 36 | 附profile_id值对照表: 37 | 38 | | 类型 | 值 | 39 | | --- | --- | 40 | | Full Scan | 11111111-1111-1111-1111-111111111111 | 41 | | High Risk Vulnerabilities | 11111111-1111-1111-1111-111111111112 | 42 | | Cross-site Scripting Vulnerabilities | 11111111-1111-1111-1111-111111111116 | 43 | | SQL Injection Vulnerabilities | 11111111-1111-1111-1111-111111111113 | 44 | | Weak Passwords | 11111111-1111-1111-1111-111111111115 | | Crawl Only | 11111111-1111-1111-1111-111111111117 | 45 | 46 | ### 删除扫描: 47 | 48 | ``` 49 | Method:DELETE 50 | URL: /api/v1/scans/{scan_id} 51 | ``` 52 | 53 | ### 获取所有扫描状态: 54 | 55 | ``` 56 | Method:GET 57 | URL: /api/v1/scans 58 | ``` 59 | 60 | 返回参数说明: 61 | 62 | | 参数 | 说明 | 63 | | --- | --- | 64 | | profile_id | 扫描类型id | 65 | | target | 目标详细信息 | 66 | | report_template_id | 扫描报告类型 | 67 | | current_session | 当前状态 | 68 | | criticality | 危险程度 | 69 | | schedule | 扫描时间设置 | 70 | | next_run | 下次扫描时间 | 71 | | profile_name | 扫描类型 | 72 | | scan_id | 扫描id | 73 | | target_id | 目标id | 74 | 75 | 76 | current_session: 77 | 78 | | 参数 | 说明 | 79 | | --- | --- | 80 | | threat | 威胁等级 | 81 | | progress | 新增 | 82 | | scan_session_id | scan_session_id | 83 | | status | 扫描状态 | 84 | | severity_counts | 漏洞等级分布 | 85 | | event_level | 事件等级 | 86 | | start_date | 开始时间 | 87 | 88 | 89 | 90 | 91 | ### 获取单个扫描状态: 92 | 93 | ``` 94 | Method:GET 95 | URL: /api/v1/scans/{scan_id} 96 | 97 | ``` 98 | 99 | 返回参数说明: 100 | 101 | | 参数 | 说明 | 102 | | --- | --- | 103 | | profile_id | 扫描类型id | 104 | | target | 目标详细信息 | 105 | | report_template_id | 扫描报告类型 | 106 | | current_session | 当前状态 | 107 | | criticality | 危险程度 | 108 | | schedule | 扫描时间设置 | 109 | | next_run | 下次扫描时间 | 110 | | profile_name | 扫描类型 | 111 | | scan_id | 扫描id | 112 | | target_id | 目标id | 113 | 114 | 115 | 116 | ### 单个扫描概况信息: 117 | 118 | ``` 119 | Method:GET 120 | URL: /api/v1/scans/{scan_id}/results/{scan_session_id}/statistics 121 | 122 | ``` 123 | 124 | ### 单个扫描漏洞结果: 125 | 126 | ``` 127 | Method:GET 128 | URL: /api/v1/scans/{scan_id}/results/{scan_session_id}/vulnerabilities 129 | 130 | ``` 131 | 132 | ### 获取当前扫描单个漏洞信息 133 | 134 | ``` 135 | Method: GET 136 | URL: /api/v1/scans/{scan_id}/results/{scan_session_id}/vulnerabilities/{vuln_id} 137 | ``` 138 | 139 | 返回参数说明: 140 | 141 | |参数|说明| 142 | | --- | --- | 143 | | affects_detail | 影响细节 | 144 | | affects_url | 受影响链接 | 145 | | criticality | 危险程度 | 146 | | cvss2 | cvss2信息 | 147 | | cvss3 | cvss3信息 | 148 | | cvss_score | cvss 评分 | 149 | | description | 漏洞描述 | 150 | | details | 漏洞细节 | 151 | | impact | 影响 | 152 | | loc_id | loc id | 153 | | long_description | 更多描述 | 154 | | recommendation | 整改意见 | 155 | | references | 来源 | 156 | | request | 请求头信息 | 157 | | severity | 漏洞等级(0-3) | 158 | | source | 来源 | 159 | | status | 漏洞状态 | 160 | | tags | 标签 | 161 | | target_id | 目标ID | 162 | | vt_id | vt_id | 163 | | vt_name | 漏洞名字 | 164 | | vuln_id | 该次扫描中的漏洞ID | 165 | 166 | -------------------------------------------------------------------------------- /Document/Targets/main.md: -------------------------------------------------------------------------------- 1 | ## Targets 2 | 3 | ### 所有目标信息: 4 | 5 | ``` 6 | Method:GET 7 | URL: /api/v1/targets 8 | ``` 9 | 10 | 返回参数说明: 11 | 12 | | 参数 | 说明 | 13 | | --- | --- | 14 | | pagination | 分页信息 | 15 | | targets | 目标详细信息 | 16 | 17 | targets: 18 | 19 | | 参数 | 说明 | 20 | | --- | --- | 21 | | criticality | 分页信息 | 22 | | last_scan_session_status | 最后一次扫描状态 | 23 | | target_id | 目标id | 24 | | last_scan_id | 最后一次扫描id | 25 | | last_scan_session_id | 最后一次扫描session id | 26 | | continuous_mode | 是否连续模式 | 27 | | last_scan_date | 最后一次扫描时间 | 28 | | manual_intervention | 是否手动干预 | 29 | | threat | 威胁等级 | 30 | | severity_counts | 漏洞等级个数分布 | 31 | | description | 备注 | 32 | | address | 扫描目标网址 | 33 | 34 | ### 筛选目标信息接口: 35 | 36 | ``` 37 | Method:GET 38 | URL: /api/v1/targets?q=threat:{list};criticality:{list};group_id:{string};text_search:*{string} 39 | ``` 40 | 41 | Demo: 42 | 43 | ``` 44 | /api/v1/targets?q=threat:3;criticality:10,20;text_search:*h4rdy.me 45 | ``` 46 | 47 | 发送参数说明: 48 | 49 | | 参数 | 类型 |说明 | 50 | | --- | --- |--- | 51 | | threat | int | 威胁等级;高->低:[3,2,1,0] | 52 | | criticality | int | 危险程度;高->低:[30,20,10,0] | 53 | | group_id | string | 分组id | 54 | | last_scanned| |最后一次扫描时间(默认不传该参数) | 55 | | text_search | string | 筛选内容 | 56 | 57 | 返回参数说明: 58 | 同 [所有目标信息] 59 | 60 | ### 添加目标接口: 61 | 62 | ``` 63 | Method:POST 64 | URL: /api/v1/targets 65 | ``` 66 | 67 | Data: 68 | 69 | ``` 70 | {"address":"http://wiki.h4rdy.me","description":"xxxx","criticality":"10"} 71 | ``` 72 | 73 | 发送参数说明: 74 | 75 | | 参数 | 类型 |说明 | 76 | | --- | --- |--- | 77 | | address | string | 目标网址:需http或https开头 | 78 | | criticality | Int | 危险程度;范围:[30,20,10,0];默认为10| 79 | | description | string | 备注 | 80 | 81 | 返回参数说明: 82 | 83 | | 参数 |说明 | 84 | | --- | --- | 85 | | address | 目标网址 | 86 | | criticality | 危险程度| 87 | | description |备注 | 88 | | target_id | 目标id | 89 | 90 | 91 | ### 删除目标接口: 92 | 93 | ``` 94 | Method:DELETE 95 | URL: /api/v1/targets/{target_id} 96 | ``` 97 | 98 | -------------------------------------------------------------------------------- /Document/Targets/scan.md: -------------------------------------------------------------------------------- 1 | ## 扫描设置 2 | 3 | ### General设置: 4 | #### criticality设置: 5 | 6 | ``` 7 | Method:PATCH 8 | URL: /api/v1/targets/{target_id} 9 | ``` 10 | 11 | Data: 12 | 13 | ``` 14 | {"description":"xxxx","criticality":20} 15 | ``` 16 | 17 | 发送参数说明: 18 | 19 | | 参数 | 类型 |说明 | 20 | | --- | --- |--- | 21 | | description | String | 备注 | 22 | | criticality | Int | 危险程度;范围:[30,20,10,0]| 23 | 24 | 25 | #### 连续扫描(Continuous Scanning): 26 | 27 | ``` 28 | Method:POST 29 | URL: /api/v1/targets/{target_id}/continuous_scan 30 | ``` 31 | 32 | Data: 33 | 34 | ``` 35 | {"enabled":false} 36 | ``` 37 | 38 | 发送参数说明: 39 | 40 | | 参数 | 类型 |说明 | 41 | | --- | --- |--- | 42 | | enabled | bool | 关闭:false;开启:true | 43 | 44 | 45 | #### 扫描速度(Scan Speed): 46 | 47 | ``` 48 | Method:PATCH 49 | URL: /api/v1/targets/{target_id}/configuration 50 | ``` 51 | 52 | Data: 53 | 54 | ``` 55 | {"scan_speed":"sequential"} 56 | ``` 57 | 58 | 发送参数说明: 59 | 60 | | 参数 | 类型 |说明 | 61 | | --- | --- |--- | 62 | | scan_speed | string | 由慢到快:sequential/slow/moderate/fast | 63 | 64 | #### 登录设置(Site Login) 65 | ***网站登录设置*** 66 | 67 | ``` 68 | Method: PATCH 69 | URL: /api/v1/targets/{target_id}/configuration 70 | ``` 71 | Data: 72 | 73 | ``` 74 | { 75 | login: 76 | {kind: "automatic", 77 | credentials: 78 | {enabled: true, 79 | username: "h4rdy", 80 | password: "123"} 81 | } 82 | } 83 | ``` 84 | OR: 85 | 86 | ``` 87 | { 88 | login: 89 | {kind: "none/sequence"} 90 | } 91 | ``` 92 | 93 | 发送参数说明: 94 | 95 | | 参数 | 类型 |说明 | 96 | | --- | --- |--- | 97 | | kind | string | 启用:automatic;不启用:none(默认);使用登录序列:sequence | 98 | | credentials | dict | 登录凭证 | 99 | |enabled|bool| false/true | 100 | | username | string | 用户名 | 101 | | password | string | 密码 | 102 | 103 | 104 | ***上传登录序列*** 105 | 106 | 需三步操作 107 | 108 | ①获取上传地址: 109 | 110 | ``` 111 | Method: POST/DELETE 112 | URL: /api/v1/targets/{target_id}/configuration/login_sequence 113 | ``` 114 | Data: 115 | 116 | ``` 117 | {"name": "h4rdy.lsr", "size": 2068} 118 | ``` 119 | 发送参数说明: 120 | 121 | | 参数 | 类型 |说明 | 122 | | --- | --- |--- | 123 | | name | string | 登录序列文件名 | 124 | | size | int | 文件大小:计算单位为Byte | 125 | 126 | 返回参数说明: 127 | Data: 128 | 129 | ``` 130 | {"upload_url": "/uploads/73998157-2cc5-4569-92eb-5ea0bd35946e"} 131 | ``` 132 | 133 | | 参数 | 说明 | 134 | | --- | --- | 135 | | upload_url |文件名 | 136 | 137 | 注: 删除操作不带任何参数直接以DELETE方法请求接口 138 | 139 | ②上传登录凭证: 140 | 141 | 此接口Header需要增加Content-Type、Content-Disposition、Content-Range。 142 | 143 | ``` 144 | Method: POST 145 | URL: {upload_url} 146 | X-Auth: xxxxxx 147 | Content-Type: application/octet-stream 148 | Content-Disposition: attachment; filename="h4rdy.lsr" 149 | Content-Range: bytes 0-2067/2068, 150 | ``` 151 | 152 | 发送参数说明: 153 | 154 | | 说明 | 155 | | --- | 156 | | 直接将登录序列文件内容POST到接口 | 157 | 158 | Demo: 159 | 160 | ``` 161 | POST /uploads/ef116370-2ede-4a6e-8c94-cb9046dbbd17 HTTP/1.1 162 | Host: 192.168.1.200:3443 163 | X-Auth: xxxxxx 164 | Content-Range: bytes 0-2067/2068 165 | Content-Disposition: attachment; filename="h4rdy.lsr" 166 | Content-Type: application/octet-stream 167 | 168 | { 169 | "actions": [ 170 | { 171 | "parameters": { 172 | }, 173 | "target": "https://www.baidu.com:80/", 174 | "timeout": 20000, 175 | "type": "navigate" 176 | }, 177 | {...... 178 | ``` 179 | 180 | 注意: 其中有个坑需要注意下,如果使用的python,并且lsr文件中包含了中文,那么在post的时候可能会存在编码相关的问题。可以通过返回的code判断是否上传成功,当code为204的时候,表明上传成功。 181 | 182 | ③保存: 183 | 184 | ``` 185 | Method: patch 186 | URL: /api/v1/targets/{target_id}/configuration 187 | ``` 188 | Data: 189 | 190 | ``` 191 | {"login":{"kind":"sequence"}} 192 | ``` 193 | 194 | 195 | #### AcuSensor: 196 | 197 | ``` 198 | Method:PATCH 199 | URL: /api/v1/targets/{target_id}/configuration 200 | ``` 201 | Data:   202 | 203 | ``` 204 | {sensor: false} 205 | ``` 206 | | 参数 | 类型 |说明 | 207 | | --- | --- |--- | 208 | | sensor | bool | false/true | 209 | 210 | ### 爬虫(Crawl): 211 | #### 爬虫设置(Crawling / Navigation): 212 | 213 | ``` 214 | Method:PATCH 215 | URL: /api/v1/targets/{target_id}/configuration 216 | ``` 217 | Data:   218 | 219 | ``` 220 | {"limit_crawler_scope":true, 221 | "case_sensitive":"no", 222 | "excluded_paths":["xxx"], 223 | "user_agent":"Opera/9.80 (Windows NT 6.0; U; en) Presto/2.8.99 Version/11.10" 224 | } 225 | ``` 226 | 227 | 发送参数说明: 228 | 229 | | 参数 | 类型 |说明 | 230 | | --- | --- |--- | 231 | | limit_crawler_scope | bool | Limit crawling to address and sub-directories only;值:true/false| 232 | | case_sensitive | string | 路径大小写敏感设置;值: auto(默认)/no/yes | 233 | | excluded_paths | list | 排除路径; | 234 | | user_agent | string | UA设置 | 235 | 236 | ### HTTP设置(HTTP): 237 | 238 | #### HTTP身份验证(HTTP Authentication): 239 | 240 | ``` 241 | Method:PATCH 242 | URL: /api/v1/targets/{target_id}/configuration 243 | ``` 244 | Data:  245 | 246 | ``` 247 | {"authentication":{"enabled":true,"username":"h4rdy","password":"123"}} 248 | ``` 249 | 250 | 发送参数说明: 251 | 252 | | 参数 | 类型 |说明 | 253 | | --- | --- |--- | 254 | | enabled | bool | false/true | 255 | | username | string | 用户名 | 256 | | password | string | 密码 | 257 | 258 | #### 客户端证书(Client Certificate): 259 | ***上传证书*** 260 | 261 | ``` 262 | Method: POST/DELETE 263 | URL: /api/v1/targets/{target_id}/client_certificate 264 | ``` 265 | Data:  266 | 267 | ``` 268 | {"name":"123.crt","size":712} 269 | ``` 270 | 271 | 发送参数说明: 272 | 273 | | 参数 | 类型 |说明 | 274 | | --- | --- |--- | 275 | | name | string | 文件名 | 276 | | size | int | 文件大小:计算单位为Byte | 277 | 278 | 279 | 返回参数说明: 280 | Data: 281 | 282 | ``` 283 | {"upload_url": "/uploads/73998157-2cc5-4569-92eb-5ea0bd35946e"} 284 | ``` 285 | | 参数 | 说明 | 286 | | --- | --- | 287 | | upload_url | 文件路径名 | 288 | 289 | 注: 删除操作不带任何参数直接以DELETE方法请求接口 290 | 291 | ``` 292 | Method: POST 293 | URL: {upload_url} 294 | Content-Type: application/octet-stream 295 | ``` 296 | 297 | 发送参数说明: 298 | 299 | | 说明 | 300 | | --- | --- |--- | 301 | | 直接将文件内容POST到接口 | 302 | 303 | ***客户端证书密码设置*** 304 | 305 | ``` 306 | Method:PATCH 307 | URL: /api/v1/targets/{target_id}/configuration 308 | ``` 309 | Data:  310 | 311 | ``` 312 | {"client_certificate_password":"123"} 313 | ``` 314 | 发送参数说明: 315 | 316 | | 参数 | 类型|说明 | 317 | | --- | --- | --- | 318 | | client_certificate_password |string| 密码 | 319 | 320 | 321 | #### 代理设置(Proxy Server): 322 | 323 | ``` 324 | Method:PATCH 325 | URL: /api/v1/targets/{target_id}/configuration 326 | ``` 327 | Data: 328 | 329 | ``` 330 | 331 | {"proxy": 332 | {"enabled":true, 333 | "address":"127.0.0.1", 334 | "protocol":"http", 335 | "port":8080, 336 | "username":"aaa", 337 | "password":"bbb"} 338 | } 339 | ``` 340 | 341 | 发送参数说明: 342 | 343 | | 参数 | 类型 |说明 | 344 | | --- | --- |--- | 345 | | enabled | bool | false/true | 346 | | address | string | 地址 | 347 | | protocol | string | http | 348 | | port | int | 端口 | 349 | | username | string | 用户名 | 350 | | password | string | 密码 | 351 | 352 | ### Advanced设置: 353 | 354 | ``` 355 | Method:PATCH 356 | URL: /api/v1/targets/{target_id}/configuration 357 | ``` 358 | Data: 359 | 360 | ``` 361 | {"issue_tracker_id":"", 362 | "technologies":["ASP","ASP.NET"], 363 | "custom_headers":["h4rdy:xxx"], 364 | "custom_cookies":[{"url":"http://baidu.com","cookie":"mycookie1=test1"},{"url":"http://baidu.com","cookie":"mycookie2=test2"}], 365 | "debug":false, 366 | "excluded_hours_id":""} 367 | ``` 368 | 369 | 370 | 发送参数说明: 371 | 372 | | 参数 | 类型 |说明 | 373 | | --- | --- |--- | 374 | | issue_tracker_id | string | issue tracker id | 375 | | technologies | list | Technologies设置 | 376 | | custom_headers | list | 自定义header | 377 | | custom_cookies | list | 自定义cookie | 378 | | debug | bool | false/true | 379 | | excluded_hours_id | string | excluded hours id | 380 | 381 | -------------------------------------------------------------------------------- /Document/Vulnerabilities/main.md: -------------------------------------------------------------------------------- 1 | ## Vulnerabilities 2 | 3 | 4 | 5 | ### 获取所有漏洞信息 6 | 7 | ``` 8 | Method:GET 9 | URL: /api/v1/vulnerabilities?q=status:{status} 10 | ``` 11 | 12 | status: 默认为open 13 | 14 | | 值 | 说明 | 15 | | --- | --- | 16 | | open | 公开 | 17 | | fixed | 已修复 | 18 | | ignored | 已忽略 | 19 | | false_positive | 误报 | 20 | | !open | 不公开 | 21 | 22 | 23 | 返回参数说明: 24 | 25 | | 参数 | 说明 | 26 | | --- | --- | 27 | | pagination | 页码信息 | 28 | | vulnerabilities | 漏洞信息 | 29 | 30 | ### 条件筛选漏洞信息 31 | 32 | ``` 33 | Method:GET 34 | URL: /api/v1/vulnerabilities?q=severity:{int};criticality:{int};status:{string};cvss_score:{logic expression 35 | };cvss_score:{logic expression 36 | };target_id:{target_id};group_id:{group_id} 37 | ``` 38 | 39 | ### 获取单个漏洞信息 40 | 41 | 说明: 此处的vuln_id 应是根据本模块中获取全部漏洞信息中得到的vuln_id, 不能将scans模块得到的vuln_id传入,否则无法获取到漏洞信息. 42 | 43 | ``` 44 | Method:GET 45 | URL: api/v1/vulnerabilities/{vuln_id} 46 | ``` 47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Acunetix11-API-Documentation 2 | 3 | * Acunetix11伪API,非官方API文档。官方API需要 Enterprise edition licenses才能获取到。 4 | * 先更一部分,有时间慢慢更。有问题提issue或者pr。 5 | 6 | ## 获取API-KEY 7 | Administrator--Profile--API Key 8 | 9 | ## 环境设置: 10 | 11 | ### Header设置: 12 | 13 | ``` 14 | X-Auth: API-KEY 15 | Content-type: application/json; charset=utf8 16 | ``` 17 | 18 | ### 接口设置 19 | 1. 传参内容均为Json格式 20 | 2. 接口均为https 21 | 22 | ## 文档目录(Contents) 23 | 24 | * 1 . [Dashboard接口](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Dashboard.md) 25 | * 2 . [Targets接口](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Targets/main.md) 26 | 27 | * a). [General设置](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Targets/scan.md) 28 | * b). [Crawl设置](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Targets/scan.md) 29 | * c). [HTTP设置](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Targets/scan.md) 30 | * d). [Advanced设置](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Targets/scan.md) 31 | * 3 . [Scans接口](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Scans/main.md) 32 | * 4 . [Vulnerabilities接口](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Vulnerabilities/main.md) 33 | * 5 . [Reports接口](https://github.com/h4rdy/Acunetix11-API-Documentation/blob/master/Document/Reports/main.md) 34 | 35 | 36 | --------------------------------------------------------------------------------