├── add_log └── success.txt ├── url.txt ├── config.ini ├── README.md └── awvs14_script.py /add_log/success.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /url.txt: -------------------------------------------------------------------------------- 1 | https://www.qq.com/ 2 | -------------------------------------------------------------------------------- /config.ini: -------------------------------------------------------------------------------- 1 | [awvs_url_key]#基本设置 2 | awvs_url=https://192.168.1.1:3443/ 3 | api_key=1986ad8c0a5b3df4d7028d5f3c06e936cab894bd4ebec445f8438098b24b98c75 4 | 5 | #待扫描的url文件 6 | domain_file=url.txt 7 | 8 | ##扫描速度,由慢到快:sequential slow moderate fast, 速度越快,遗漏越多,则之相反 9 | [scan_seting] 10 | scan_speed=moderate 11 | 12 | #扫描时的Cookie,对所有url生效, 如不添加Cookie,请保持为空,即扫描器爬虫自动获取,对所有url全局生效 13 | #例子cookie=BIDUPSID=D40B5A304EFD449C3F8DED17FDF633A0; PSTM=1592016294 14 | cookie= 15 | 16 | #支持1个或多个自定义请求头,对所有url全局生效 17 | #例子custom_headers=["x-auth: 2986ad8c0a5b3","Referer: https://192.168.163.139:13443/"] 18 | custom_headers=[] 19 | 20 | #排除不扫描的目录,通常用于在于添加cookie后,不执行退出,注销等操作,对所有url全局生效 21 | #例子excluded_paths=['quit','exit','logout','Logout','delete','DELETE','注销','退出','删除'] 22 | excluded_paths=[] 23 | 24 | 25 | ##将抓取限制为仅包含地址和子目录 值:True(默认)/False 26 | limit_crawler_scope=True 27 | 28 | ##配置上级代理地址,如联动被动扫描器,目标调试等,对所有url全局生效、 29 | #是否启动,False\True, 注意大小写 30 | proxy_enabled=False 31 | proxy_server=192.168.1.148:8080 32 | 33 | ##企业微信高危漏洞消息推送 #https://tower.im/help/articles/357 34 | #定时循环监测高危漏洞数量,当有高危数量增加时,发送通知到企业微信 35 | webhook_url=https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx.xxx.xx.xx.x.x 36 | 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 免责声明 2 | 本项目仅用于安全自查,请勿利用文章内的相关工具与技术从事非法测试,如因此产生的一切不良后果与本项目无关 3 | 4 | 5 | 6 | 7 | 8 | ## awvs14-scan 9 | 支持awvs14,15 修复多个Bug,config增加配置参数 10 | 11 | config.ini 请使用编辑器更改,记事本会改会原有格式 12 | 13 | 针对 AWVS 14版本开发的批量扫描脚本,支持SpringShell\log4j\常见CVE\Bug Bounty\常见高危\SQL注入\XSS等 专项漏洞的扫描,支持联动xray、burp、w13scan等被动批量扫描,灵活自定义扫描模板 14 | 15 | ``` 16 | ******************************************************************** 17 | 1 【批量添加url到AWVS扫描器扫描】 18 | 2 【删除扫描器内所有目标与扫描任务】 19 | 3 【删除所有扫描任务(不删除目标)】 20 | 4 【对扫描器中已有目标,进行扫描】 21 | 22 | 请输入数字:1 23 | 选择要扫描的类型: 24 | 1 【开始 完全扫描】 25 | 2 【开始 扫描高风险漏洞】 26 | 3 【开始 扫描XSS漏洞】 27 | 4 【开始 扫描SQL注入漏洞】 28 | 5 【开始 弱口令检测】 29 | 6 【开始 Crawl Only,,建议config.ini配置好上级代理地址,联动被动扫描器】 30 | 7 【开始 扫描意软件扫描】 31 | 8 【仅添加 目标到扫描器,不做任何扫描】 32 | 9 【仅扫描apache-log4j】(请需先确保当前版本已支持log4j扫描,awvs 14.6.211220100及以上) 33 | 10 【开始扫描Bug Bounty高频漏洞】 34 | 11 【扫描已知漏洞】(常见CVE,POC等) 35 | 12 【自定义模板】 36 | 13 【仅扫描Spring4ShellCVE-2022-22965】需确保当前版本已支持 37 | 38 | 请输入数字:? 39 | ``` 40 | 41 | ## 14版本脚本功能 42 | 仅支持AWVS14版本的API接口 43 | * 支持URL批量添加扫描 44 | * 支持批量仅扫描apache-log4j漏洞 45 | * 支持对批量url添加`cooKie`凭证进行爬虫扫描 46 | * 支持对批量url添加1个或多个不同请求头 47 | * 支持配置上级代理地址,能结合被动扫描器进行配置扫描,如:`xray`,`w13scan`,`burp`等扫描器 48 | * 支持一键清空所有任务 49 | * 通过配置`config.ini`文件,支持自定义各种扫描参数,如:爬虫速度,排除路径(不扫描的目录),全局`cookie`,限制为仅包含地址和子目录 50 | * 支持对扫描器内已有目标进行批量扫描,支持自定义扫描类型 51 | 52 | 53 | 54 | ## Linux AWVS14 docker安装 55 | 推荐使用docker 56 | ``` 57 | 4月1号更新 支持Support Scanning !Spring4Shell (CVE-2022-22965) !!! 58 | 59 | 安装: docker pull xiaomimi8/docker-awvs-14.7.220401065 60 | 61 | 启动用法: docker run -it -d -p 13443:3443 xiaomimi8/docker-awvs-14.7.220401065 62 | 63 | 登录: Username:admin@admin.com password:Admin123 64 | ``` 65 | 66 | ## 赞赏码 67 | 如果对你有帮助的话要不请作者喝杯奶茶?(嘿嘿)👍 (打赏时请留言你的ID 68 | 69 | ![](https://s3.bmp.ovh/imgs/2022/02/185eb77e0285777a.png) 70 | 71 | 72 | -------------------------------------------------------------------------------- /awvs14_script.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: UTF-8 -*- 3 | import sys,os,time 4 | import socket 5 | 6 | from time import strftime,gmtime 7 | version = sys.version_info 8 | if version < (3, 0): 9 | print('The current version is not supported, you need to use python3') 10 | sys.exit() 11 | import requests 12 | import json,ast 13 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 14 | import configparser 15 | scan_label='脚本默认标签' 16 | cf = configparser.ConfigParser() 17 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 18 | 19 | print('初始化中~') 20 | try: 21 | cf.read(r"config.ini",encoding='utf-8') 22 | secs=cf.sections() 23 | awvs_url =cf.get('awvs_url_key','awvs_url') 24 | apikey = cf.get('awvs_url_key','api_key') 25 | input_urls=cf.get('awvs_url_key','domain_file') 26 | excluded_paths = ast.literal_eval(cf.get('scan_seting', 'excluded_paths')) 27 | custom_headers = ast.literal_eval(cf.get('scan_seting', 'custom_headers')) 28 | limit_crawler_scope = cf.get('scan_seting', 'limit_crawler_scope').replace('\n', '').strip() # 处理前后空格 与换行 29 | scan_speed = cf.get('scan_seting', 'scan_speed').replace('\n', '').strip() # 处理前后空格 与换行 30 | scan_cookie = cf.get('scan_seting', 'cookie').replace('\n', '').strip() # 处理前后空格 与换行 31 | proxy_enabled = cf.get('scan_seting', 'proxy_enabled').replace('\n', '').strip() # 处理前后空格 与换行 32 | proxy_server = cf.get('scan_seting', 'proxy_server').replace('\n', '').strip() # 处理前后空格 与换行 33 | webhook_url = cf.get('scan_seting', 'webhook_url').replace('\n', '').strip() # 处理前后空格 与换行 34 | 35 | except Exception as e: 36 | print('初始化失败,获取config.ini失败,请检查config.ini文件配置是否正确\n', e) 37 | sys.exit() 38 | 39 | headers = {'Content-Type': 'application/json',"X-Auth": apikey} 40 | add_count_suss=0 41 | error_count=0 42 | target_scan=False 43 | target_list=[] 44 | 45 | 46 | 47 | def push_wechat_group(content): 48 | global webhook_url 49 | try: 50 | # print('开始推送') 51 | # 这里修改为自己机器人的webhook地址 52 | resp = requests.post(webhook_url, 53 | json={"msgtype": "markdown", 54 | "markdown": {"content": content}}) 55 | print(content) 56 | if 'invalid webhook url' in str(resp.text): 57 | print('企业微信key 无效,无法正常推送') 58 | sys.exit() 59 | if resp.json()["errcode"] != 0: 60 | raise ValueError("push wechat group failed, %s" % resp.text) 61 | except Exception as e: 62 | print(e) 63 | 64 | #initial value 65 | def message_push():#定时循环检测高危漏洞数量,有变化即通知 66 | try: 67 | get_target_url=awvs_url+'/api/v1/vulnerability_types?l=100&q=status:open;severity:3;' 68 | r = requests.get(get_target_url, headers=headers, timeout=30, verify=False) 69 | result = json.loads(r.content.decode()) 70 | #print(result) 71 | init_high_count = 0 72 | for xxxx in result['vulnerability_types']: 73 | init_high_count=init_high_count+xxxx['count'] 74 | print('当前高危:',init_high_count) 75 | while 1: 76 | try: 77 | time.sleep(30) 78 | r2 = requests.get(get_target_url, headers=headers, timeout=30, verify=False) 79 | result = json.loads(r2.content.decode()) 80 | high_count = 0 81 | for xxxx in result['vulnerability_types']: 82 | high_count = high_count + xxxx['count'] 83 | #print(high_count,init_high_count) 84 | if high_count!=init_high_count: 85 | current_date = str(strftime("%Y-%m-%d %H:%M:%S", gmtime())) 86 | message_push=str(socket.gethostname())+'\n'+current_date+'\n' 87 | for xxxx in result['vulnerability_types']: 88 | message_push = message_push+'漏洞: ' + xxxx['name'] + '数量: '+str(xxxx['count'])+'\n' 89 | print(message_push) 90 | push_wechat_group(message_push) 91 | init_high_count=high_count 92 | else: 93 | #print('高危漏洞数量无变化 ',high_count) 94 | init_high_count = high_count 95 | except Exception as e: 96 | print('监控出错了,请检查',e) 97 | except Exception as e: 98 | print(e) 99 | 100 | def get_scan_status():#获取扫描状态 101 | try: 102 | target_dict={} 103 | get_target_url=awvs_url+'/api/v1/me/stats' 104 | r = requests.get(get_target_url, headers=headers, timeout=30, verify=False) 105 | result = json.loads(r.content.decode()) 106 | print('扫描中:',result['scans_running_count'],'等待扫描:',result['scans_waiting_count'],'已扫描:',result['scans_conducted_count'],'漏洞总数:',str(result['vuln_count'])+'\n主要漏洞') 107 | for xxxx in result['top_vulnerabilities']: 108 | print('漏洞名称:',xxxx['name'],' 漏洞数量:',xxxx['count']) 109 | except Exception as e: 110 | print(e) 111 | 112 | def get_status(): 113 | try: 114 | r = requests.get(awvs_url + '/api/v1/targets', headers=headers, timeout=10, verify=False) 115 | if r.status_code==401: 116 | print('awvs认证失败,请检查config.ini配置的中api_key是否正确') 117 | sys.exit() 118 | if r.status_code==200 and 'targets' in str(r.text): 119 | pass 120 | except Exception as e: 121 | print('初始化失败,请检查config.ini文件中的awvs_url是否正确\n',e) 122 | sys.exit() 123 | print('配置正确~') 124 | get_scan_status() 125 | get_status() 126 | 127 | def get_target_list():#获取扫描器内所有目标 128 | print('获取目标中') 129 | target_list=[] 130 | pages=0 131 | while 1: 132 | target_dict={} 133 | get_target_url=awvs_url+'/api/v1/targets?c={pages}&l=20'.format(pages=str(pages)) 134 | r = requests.get(get_target_url, headers=headers, timeout=30, verify=False) 135 | result = json.loads(r.content.decode()) 136 | try: 137 | for targetsid in range(len(result['targets'])): 138 | target_dict={'target_id':result['targets'][targetsid]['target_id'],'address':result['targets'][targetsid]['address']} 139 | target_list.append(target_dict) 140 | pages=pages+20 141 | 142 | if len(result['targets'])==0: 143 | return target_list 144 | except Exception as e: 145 | return r.text 146 | 147 | def addTask(url,target): 148 | global scan_label 149 | try: 150 | url = ''.join((url, '/api/v1/targets/add')) 151 | data = {"targets":[{"address": target,"description":scan_label}],"groups":[]} 152 | r = requests.post(url, headers=headers, data=json.dumps(data), timeout=30, verify=False) 153 | result = json.loads(r.content.decode()) 154 | return result['targets'][0]['target_id'] 155 | except Exception as e: 156 | return e 157 | def scan(url,target,profile_id,is_to_scan): 158 | global scan_label 159 | scanUrl = ''.join((url, '/api/v1/scans')) 160 | target_id = addTask(url,target) 161 | if target_id: 162 | try: 163 | configuration(url,target_id,target,profile_id)#配置目标参数 164 | 165 | if is_to_scan: 166 | data = {"target_id": target_id, "profile_id": profile_id, "incremental": False, 167 | "schedule": {"disable": False, "start_date": None, "time_sensitive": False}} 168 | response = requests.post(scanUrl, data=json.dumps(data), headers=headers, timeout=30, verify=False) 169 | result = json.loads(response.content) 170 | return [1,result['target_id']] 171 | else: 172 | print(target, '目标仅添加成功') 173 | return [2,0] 174 | 175 | except Exception as e: 176 | print(e) 177 | 178 | def configuration(url,target_id,target,default_scanning_profile_id):#配置目标 179 | global custom_headers,excluded_paths,limit_crawler_scope,scan_cookie,scan_speed,proxy_enabled,proxy_server 180 | configuration_url = ''.join((url,'/api/v1/targets/{0}/configuration'.format(target_id))) 181 | if scan_cookie != '':#自定义用户的cookie 182 | data = {"scan_speed":scan_speed,"login":{"kind":"none"},"ssh_credentials":{"kind":"none"},"default_scanning_profile_id":default_scanning_profile_id,"sensor": False,"user_agent": 'User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)',"case_sensitive":"auto","limit_crawler_scope": limit_crawler_scope,"excluded_paths":excluded_paths,"authentication":{"enabled": False},"proxy":{"enabled": proxy_enabled,"protocol":"http","address":proxy_server.split(':')[0],"port":proxy_server.split(':')[1]},"technologies":[],"custom_headers":custom_headers,"custom_cookies":[{"url":target,"cookie":scan_cookie}],"debug":False,"client_certificate_password":"","issue_tracker_id":"","excluded_hours_id":""} 183 | else: 184 | 185 | data = {"scan_speed": scan_speed, "login": {"kind": "none"}, "ssh_credentials": {"kind": "none"},"default_scanning_profile_id":default_scanning_profile_id, 186 | "sensor": False, "user_agent": 'User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)', "case_sensitive": "auto", 187 | "limit_crawler_scope": limit_crawler_scope, "excluded_paths": excluded_paths, 188 | "authentication": {"enabled": False}, 189 | "proxy": {"enabled": proxy_enabled, "protocol": "http", "address": proxy_server.split(':')[0], "port": proxy_server.split(':')[1]}, 190 | "technologies": [], "custom_headers": custom_headers, "custom_cookies": [], 191 | "debug": False, "client_certificate_password": "", "issue_tracker_id": "", "excluded_hours_id": ""} 192 | 193 | r = requests.patch(url=configuration_url,data=json.dumps(data), headers=headers, timeout=30, verify=False) 194 | #print(configuration_url,r.text) 195 | 196 | def delete_task():#删除全部扫描任务 197 | global awvs_url, apikey, headers 198 | #print(123123) 199 | while 1: 200 | quer = '/api/v1/scans?l=20' 201 | try: 202 | r = requests.get(awvs_url+quer, headers=headers, timeout=30, verify=False) 203 | result = json.loads(r.content.decode()) 204 | if int(len(result['scans'])) == 0: 205 | print('已全部删除扫描任务,当前任务为空') 206 | return 0 207 | for targetsid in range(len(result['scans'])): 208 | task_id = result['scans'][targetsid]['scan_id'] 209 | task_address = result['scans'][targetsid]['target']['address'] 210 | try: 211 | del_log=requests.delete(awvs_url+'/api/v1/scans/'+task_id,headers=headers, timeout=30, verify=False) 212 | if del_log.status_code == 204: 213 | print(task_address,' 删除扫描任务成功') 214 | except Exception as e: 215 | print(task_address,e) 216 | except Exception as e: 217 | print(awvs_url+quer,e) 218 | 219 | 220 | 221 | 222 | 223 | def delete_targets():#删除全部扫描目标与任务 224 | global awvs_url,apikey,headers 225 | while 1: 226 | quer='/api/v1/targets' 227 | try: 228 | r = requests.get(awvs_url+quer, headers=headers, timeout=30, verify=False) 229 | result = json.loads(r.content.decode()) 230 | if int(result['pagination']['count'])==0: 231 | print('已全部删除扫描目标,当前目标为空') 232 | return 0 233 | for targetsid in range(len(result['targets'])): 234 | targets_id=result['targets'][targetsid]['target_id'] 235 | targets_address = result['targets'][targetsid]['address'] 236 | #print(targets_id,targets_address) 237 | try: 238 | del_log=requests.delete(awvs_url+'/api/v1/targets/'+targets_id,headers=headers, timeout=30, verify=False) 239 | if del_log.status_code == 204: 240 | print(targets_address,' 删除目标成功') 241 | except Exception as e: 242 | print(targets_address,e) 243 | except Exception as e: 244 | print(awvs_url+quer,e) 245 | 246 | def delete_finish():#删除已扫描完成的扫描 247 | global awvs_url,apikey,headers 248 | while 1: 249 | quer='/api/v1/scans?l=10&q=status:completed;&s=status:asc' 250 | try: 251 | r = requests.get(awvs_url+quer, headers=headers, timeout=30, verify=False) 252 | result = json.loads(r.content.decode()) 253 | if int(result['pagination']['count']) == 0: 254 | print('已删除扫描完成目标,当前已扫描完成目标为空') 255 | return 0 256 | for target_id in result['scans']: 257 | #print(target_id['target_id']) 258 | try: 259 | del_log=requests.delete(awvs_url+'/api/v1/scans/'+target_id['scan_id'],headers=headers, timeout=30, verify=False) 260 | if del_log.status_code == 204: 261 | print(target_id['target']['address'],' 完成目标,删除扫描成功') 262 | except Exception as e: 263 | print(target_id['target']['address'],e) 264 | except Exception as e: 265 | print('报错,删除已扫描完成的扫描',e) 266 | 267 | def custom_log4j(): # 增加自定义扫描log4j 268 | get_target_url = awvs_url + '/api/v1/scanning_profiles' 269 | # log4j 270 | post_data = {"name":"Apache Log4j RCE","custom":'true',"checks":["wvs/Scripts/PerFile","wvs/Scripts/PerFolder","wvs/Scripts/PerScheme/ASP_Code_Injection.script","wvs/Scripts/PerScheme/PHP_Deserialization_Gadgets.script","wvs/Scripts/PerScheme/Arbitrary_File_Creation.script","wvs/Scripts/PerScheme/Arbitrary_File_Deletion.script","wvs/Scripts/PerScheme/Blind_XSS.script","wvs/Scripts/PerScheme/CRLF_Injection.script","wvs/Scripts/PerScheme/Code_Execution.script","wvs/Scripts/PerScheme/Directory_Traversal.script","wvs/Scripts/PerScheme/Email_Header_Injection.script","wvs/Scripts/PerScheme/Email_Injection.script","wvs/Scripts/PerScheme/Error_Message.script","wvs/Scripts/PerScheme/Expression_Language_Injection.script","wvs/Scripts/PerScheme/File_Inclusion.script","wvs/Scripts/PerScheme/File_Tampering.script","wvs/Scripts/PerScheme/File_Upload.script","wvs/Scripts/PerScheme/Generic_Oracle_Padding.script","wvs/Scripts/PerScheme/HTTP_Parameter_Pollution.script","wvs/Scripts/PerScheme/Host_Based_Attack_Reset_Password.script","wvs/Scripts/PerScheme/LDAP_Injection.script","wvs/Scripts/PerScheme/Long_Password_Denial_of_Service.script","wvs/Scripts/PerScheme/MongoDB_Injection.script","wvs/Scripts/PerScheme/NodeJs_Injection.script","wvs/Scripts/PerScheme/PHP_Code_Injection.script","wvs/Scripts/PerScheme/RubyOnRails_Code_Injection.script","wvs/Scripts/PerScheme/Perl_Code_Injection.script","wvs/Scripts/PerScheme/PHP_User_Controlled_Vulns.script","wvs/Scripts/PerScheme/Rails_Mass_Assignment.script","wvs/Scripts/PerScheme/Rails_Where_SQL_Injection.script","wvs/Scripts/PerScheme/Rails_render_inline_RCE.script","wvs/Scripts/PerScheme/Remote_File_Inclusion_XSS.script","wvs/Scripts/PerScheme/Script_Source_Code_Disclosure.script","wvs/Scripts/PerScheme/Server_Side_Request_Forgery.script","wvs/Scripts/PerScheme/Sql_Injection.script","wvs/Scripts/PerScheme/Struts_RCE_S2-053_CVE-2017-12611.script","wvs/Scripts/PerScheme/Struts_RCE_S2_029.script","wvs/Scripts/PerScheme/Unsafe_preg_replace.script","wvs/Scripts/PerScheme/XFS_and_Redir.script","wvs/Scripts/PerScheme/XML_External_Entity_Injection.script","wvs/Scripts/PerScheme/XPath_Injection.script","wvs/Scripts/PerScheme/XSS.script","wvs/Scripts/PerScheme/ESI_Injection.script","wvs/Scripts/PerScheme/Java_Deserialization.script","wvs/Scripts/PerScheme/Pickle_Serialization.script","wvs/Scripts/PerScheme/Python_Code_Injection.script","wvs/Scripts/PerScheme/Argument_Injection.script","wvs/Scripts/PerScheme/DotNet_BinaryFormatter_Deserialization.script","wvs/Scripts/PerScheme/Apache_Solr_Parameter_Injection.script","wvs/Scripts/PerScheme/Cmd_Hijack_Windows.script","wvs/Scripts/PerScheme/JWT_Param_Audit.script","wvs/Scripts/PerServer","wvs/Scripts/PostCrawl","wvs/Scripts/PostScan","wvs/Scripts/WebApps","wvs/RPA","wvs/Crawler","wvs/httpdata","wvs/target/rails_sprockets_path_traversal.js","wvs/target/web_cache_poisoning.js","wvs/target/aux_systems_ssrf.js","wvs/target/proxy_misrouting_ssrf.js","wvs/target/http_01_ACME_challenge_xss.js","wvs/target/java_melody_detection_plus_xxe.js","wvs/target/uwsgi_path_traversal.js","wvs/target/weblogic_rce_CVE-2018-3245.js","wvs/target/php_xdebug_rce.js","wvs/target/nginx_integer_overflow_CVE-2017-7529.js","wvs/target/jupyter_notebook_rce.js","wvs/target/hadoop_yarn_resourcemanager.js","wvs/target/couchdb_rest_api.js","wvs/target/activemq_default_credentials.js","wvs/target/apache_mod_jk_access_control_bypass.js","wvs/target/mini_httpd_file_read_CVE-2018-18778.js","wvs/target/osgi_management_console_default_creds.js","wvs/target/docker_engine_API_exposed.js","wvs/target/docker_registry_API_exposed.js","wvs/target/jenkins_audit.js","wvs/target/thinkphp_5_0_22_rce.js","wvs/target/uwsgi_unauth.js","wvs/target/fastcgi_unauth.js","wvs/target/apache_balancer_manager.js","wvs/target/cisco_ise_stored_xss.js","wvs/target/horde_imp_rce.js","wvs/target/nagiosxi_556_rce.js","wvs/target/next_js_arbitrary_file_read.js","wvs/target/php_opcache_status.js","wvs/target/opencms_solr_xxe.js","wvs/target/redis_open.js","wvs/target/memcached_open.js","wvs/target/Weblogic_async_rce_CVE-2019-2725.js","wvs/target/Weblogic_T3_XXE_CVE-2019-2647.js","wvs/target/RevProxy_Detection.js","wvs/target/cassandra_open.js","wvs/target/nagiosxi_sqli_CVE-2018-8734.js","wvs/target/backdoor_bootstrap_sass.js","wvs/target/apache_spark_audit.js","wvs/target/fortigate_file_reading.js","wvs/target/pulse_sslvpn_file_reading.js","wvs/target/SAP_Hybris_virtualjdbc_RCE_CVE-2019-0344.js","wvs/target/webmin_rce_1_920_CVE-2019-15107.js","wvs/target/Weblogic_T3_XXE_CVE-2019-2888.js","wvs/target/citrix_netscaler_CVE-2019-19781.js","wvs/target/DotNet_HTTP_Remoting.js","wvs/target/opensearch-target.js","wvs/target/adminer-4.6.2-file-disclosure-vulnerability.js","wvs/target/apache_mod_rewrite_open_redirect_CVE-2019-10098.js","wvs/target/default_apple-app-site-association.js","wvs/target/golang-debug-pprof.js","wvs/target/openid_connect_discovery.js","wvs/target/nginx-plus-unprotected-status.js","wvs/target/nginx-plus-unprotected-api.js","wvs/target/nginx-plus-unprotected-dashboard.js","wvs/target/nginx-plus-unprotected-upstream.js","wvs/target/Kentico_CMS_Audit.js","wvs/target/Rails_DoubleTap_RCE_CVE-2019-5418.js","wvs/target/Oracle_EBS_Audit.js","wvs/target/rce_sql_server_reporting_services.js","wvs/target/liferay_portal_jsonws_rce.js","wvs/target/php_opcache_gui.js","wvs/target/check_acumonitor.js","wvs/target/spring_cloud_config_server_CVE-2020-5410.js","wvs/target/f5_big_ip_tmui_rce_CVE-2020-5902.js","wvs/target/rack_mini_profiler_information_disclosure.js","wvs/target/grafana_ssrf_rce_CVE-2020-13379.js","wvs/target/h2-console.js","wvs/target/jolokia_xxe.js","wvs/target/rails_rce_locals_CVE-2020-8163.js","wvs/target/Cisco_ASA_Path_Traversal_CVE-2020-3452.js","wvs/target/DNN_Deser_Cookie_CVE-2017-9822.js","wvs/target/404_text_search.js","wvs/target/totaljs_dir_traversal_CVE-2019-8903.js","wvs/target/OFBiz_xmlrpc_deser_rce_CVE-2020-9496.js","wvs/target/http_redirections.js","wvs/target/apache_zookeeper_open.js","wvs/target/apache_kafka_open.js","wvs/target/nette_framework_rce_CVE-2020-15227.js","wvs/target/vmware_vcenter_unauth_file_read.js","wvs/target/mobile_iron_rce_CVE-2020-15505.js","wvs/target/web_cache_poisoning_dos.js","wvs/target/prototype_pollution_target.js","wvs/target/openfire_admin_console_ssrf_CVE-2019-18394.js","wvs/target/weblogic_rce_CVE-2020-14882.js","wvs/target/Weblogic_IIOP_RCE_CVE-2020-2551.js","wvs/target/Odoo_audit.js","wvs/target/citrix_xenmobile_arbitrary_file_read_CVE-2020-8209.js","wvs/target/sonarqube_default_credentials.js","wvs/target/common_api_endpoints.js","wvs/target/Unomi_MVEL_RCE_CVE-2020-13942.js","wvs/target/symfony_weak_secret_rce.js","wvs/target/lucee_arbitrary_file_write.js","wvs/target/dynamic_rendering_engines.js","wvs/target/open_prometheus.js","wvs/target/open_monitoring.js","wvs/target/apache_flink_path_traversal_CVE-2020-17519.js","wvs/target/imageresizer_debug.js","wvs/target/unprotected_apache_nifi.js","wvs/target/unprotected_kong_gateway_adminapi_interface.js","wvs/target/sap_solution_manager_rce_CVE-2020-6207.js","wvs/target/sonicwall_ssl_vpn_rce_jarrewrite.js","wvs/target/nodejs_debugger_open.js","wvs/target/vmware_vcenter_server_unauth_rce_CVE-2021-21972.js","wvs/target/paloalto-pan-os-xss-CVE-2020-2036.js","wvs/target/golang_delve_debugger_open.js","wvs/target/microsoft_exchange-server-ssrf-CVE-2021-26855.js","wvs/target/python_debugpy_debugger_open.js","wvs/target/AppWeb_auth_bypass_CVE-2018-8715.js","wvs/target/OFBiz_SOAPService_deser_rce_CVE-2021-26295.js","wvs/target/vhost_files_locs_misconfig.js","wvs/target/cockpit_nosqli_CVE-2020-35847.js","wvs/target/f5_iControl_REST_RCE_CVE-2021-22986.js","wvs/target/Cisco_RV_auth_bypass_CVE-2021-1472.js","wvs/target/web_installer_exposed.js","wvs/target/ntopng_auth_bypass_CVE-2021-28073.js","wvs/target/request_smuggling.js","wvs/target/Hashicorp_Consul_exposed.js","wvs/target/django_debug_toolbar.js","wvs/target/VMware_vRealize_SSRF_CVE-2021-21975.js","wvs/target/GravCMS_unauth_RCE_CVE-2021-21425.js","wvs/target/caddy_unprotected_api.js","wvs/target/dragonfly_arbitrary_file_read_CVE-2021-33564.js","wvs/target/bitrix_audit.js","wvs/target/open_redirect.js","wvs/target/gitlab_audit.js","wvs/target/nacos_auth_bypass_CVE-2021-29441.js","wvs/target/sap_bo_bip_ssrf_CVE-2020-6308.js","wvs/target/detect_apache_shiro_server.js","wvs/target/jetty_concat_inf_disc_CVE-2021-28164.js","wvs/target/RethinkDB_open.js","wvs/target/spring_boot_actuator_logview_path_trav_CVE-2021-21234.js","wvs/target/open_webpagetest.js","wvs/target/buddypress_rest_api_privesc_CVE-2021-21389.js","wvs/target/Hasura_GraphQL_SSRF.js","wvs/target/grandnode_path_traversal_CVE-2019-12276.js","wvs/target/SearchBlox_File_Inclusion_CVE-2020-35580.js","wvs/target/Zimbra_SSRF_CVE-2020-7796.js","wvs/target/jetty_inf_disc_CVE-2021-34429.js","wvs/target/Cisco_ASA_XSS_CVE-2020-3580.js","wvs/target/haproxy_unprotected_api.js","wvs/target/kong_unprotected_api.js","wvs/target/OData_feed_accessible_anonymously.js","wvs/target/Confluence_OGNL_Injection_CVE-2021-26084.js","wvs/target/microsoft_exchange_preauth_path_confusion_CVE-2021-34473.js","wvs/target/Atlassian_Jira_File_Read_CVE-2021-26086.js","wvs/target/ManageEngine_ADSelfService_Plus_auth_bypass_CVE-2021-40539.js","wvs/target/Django_Debug_Mode.js","wvs/target/Payara_Micro_File_Read_CVE-2021-41381.js","wvs/target/keycloak_request_uri_SSRF_CVE-2020-10770.js","wvs/target/apache_mod_proxy_SSRF_CVE-2021-40438.js","wvs/target/apache_insecure_path_norm_CVE-2021-41773_CVE-2021-42013.js","wvs/target/gitlab_exiftool_rce_CVE-2021-22205.js","wvs/target/http2/http2_pseudo_header_ssrf.js","wvs/target/Sitecore_XP_RCE_CVE-2021-42237.js","wvs/target/http2/http2_misrouting_ssrf.js","wvs/target/http2/http2_web_cache_poisoning.js","wvs/target/http2/http2_web_cache_poisoning_dos.js","wvs/input_group","wvs/deepscan","wvs/custom-scripts","wvs/MalwareScanner","wvs/location/zabbix/zabbix_audit.js","wvs/location/reverse_proxy_path_traversal.js","wvs/location/cors_origin_validation.js","wvs/location/yii2/yii2_gii.js","wvs/location/nodejs_source_code_disclosure.js","wvs/location/npm_debug_log.js","wvs/location/php_cs_cache.js","wvs/location/laravel_log_viewer_lfd.js","wvs/location/sap_b2b_lfi.js","wvs/location/nodejs_path_traversal_CVE-2017-14849.js","wvs/location/jquery_file_upload_rce.js","wvs/location/goahead_web_server_rce.js","wvs/location/file_upload_via_put_method.js","wvs/location/coldfusion/coldfusion_rds_login.js","wvs/location/coldfusion/coldfusion_request_debugging.js","wvs/location/coldfusion/coldfusion_robust_exception.js","wvs/location/coldfusion/coldfusion_add_paths.js","wvs/location/coldfusion/coldfusion_amf_deser.js","wvs/location/coldfusion/coldfusion_jndi_inj_rce.js","wvs/location/coldfusion/coldfusion_file_uploading_CVE-2018-15961.js","wvs/location/python_source_code_disclosure.js","wvs/location/ruby_source_code_disclosure.js","wvs/location/confluence/confluence_widget_SSTI_CVE-2019-3396.js","wvs/location/shiro/apache-shiro-deserialization-rce.js","wvs/location/coldfusion/coldfusion_flashgateway_deser_CVE-2019-7091.js","wvs/location/oraclebi/oracle_biee_convert_xxe_CVE-2019-2767.js","wvs/location/oraclebi/oracle_biee_adfresource_dirtraversal_CVE-2019-2588.js","wvs/location/oraclebi/oracle_biee_authbypass_CVE-2019-2768.js","wvs/location/oraclebi/oracle_biee_ReportTemplateService_xxe_CVE-2019-2616.js","wvs/location/oraclebi/oracle_biee_default_creds.js","wvs/location/hidden_parameters.js","wvs/location/asp_net_resolveurl_xss.js","wvs/location/oraclebi/oracle_biee_amf_deser_rce_CVE-2020-2950.js","wvs/location/composer_installed_json.js","wvs/location/typo3/typo3_audit.js","wvs/location/config_json_files_secrets_leakage.js","wvs/location/import_swager_files_from_common_locations.js","wvs/location/forgerock/forgerock_openam_deser_rce_CVE-2021-35464.js","wvs/location/web_cache_poisoning_dos_for_js.js","wvs/location/forgerock/forgerock_openam_ldap_inj_CVE-2021-29156.js","wvs/location/ghost/Ghost_Theme_Preview_XSS_CVE-2021-29484.js","wvs/location/qdpm/qdPM_Inf_Disclosure.js","wvs/location/apache_source_code_disclosure.js","wvs/location/oraclebi/oracle_biee_ReportTemplateService_xxe_CVE-2021-2400.js","ovas/"]} 271 | 272 | r = requests.post(get_target_url, data=json.dumps(post_data), headers=headers, timeout=30, verify=False) 273 | result = json.loads(r.content.decode()) 274 | get_target_url = awvs_url + '/api/v1/scanning_profiles' 275 | r = requests.get(get_target_url, headers=headers, timeout=30, verify=False) 276 | result = json.loads(r.content.decode()) 277 | for xxx in result['scanning_profiles']: 278 | if xxx['name']=='Apache Log4j RCE': 279 | return xxx['profile_id'] 280 | 281 | def custom_bug_bounty(): # 增加自定义扫描bug_bounty 282 | get_target_url = awvs_url + '/api/v1/scanning_profiles' 283 | # log4j 284 | post_data = {"name":"Bug Bounty","custom":'true',"checks":["wvs/Crawler","wvs/deepscan","wvs/custom-scripts","wvs/MalwareScanner","wvs/Scripts/PerFile/Backup_File.script","wvs/Scripts/PerFile/Bash_RCE.script","wvs/Scripts/PerFile/HTML_Form_In_Redirect_Page.script","wvs/Scripts/PerFile/Hashbang_Ajax_Crawling.script","wvs/Scripts/PerFile/Javascript_AST_Parse.script","wvs/Scripts/PerFile/Javascript_Libraries_Audit.script","wvs/Scripts/PerFile/PHP_SuperGlobals_Overwrite.script","wvs/Scripts/PerFile/REST_Discovery_And_Audit_File.script","wvs/Scripts/PerFolder/APC.script","wvs/Scripts/PerFolder/ASP-NET_Application_Trace.script","wvs/Scripts/PerFolder/ASP-NET_Debugging_Enabled.script","wvs/Scripts/PerFolder/ASP-NET_Diagnostic_Page.script","wvs/Scripts/PerFolder/Access_Database_Found.script","wvs/Scripts/PerFolder/Apache_Solr.script","wvs/Scripts/PerFolder/Backup_Folder.script","wvs/Scripts/PerFolder/Basic_Auth_Over_HTTP.script","wvs/Scripts/PerFolder/Bazaar_Repository.script","wvs/Scripts/PerFolder/CVS_Repository.script","wvs/Scripts/PerFolder/Core_Dump_Files.script","wvs/Scripts/PerFolder/Development_Files.script","wvs/Scripts/PerFolder/Dreamweaver_Scripts.script","wvs/Scripts/PerFolder/GIT_Repository.script","wvs/Scripts/PerFolder/Grails_Database_Console.script","wvs/Scripts/PerFolder/HTML_Form_In_Redirect_Page_Dir.script","wvs/Scripts/PerFolder/Http_Verb_Tampering.script","wvs/Scripts/PerFolder/IIS51_Directory_Auth_Bypass.script","wvs/Scripts/PerFolder/JetBrains_Idea_Project_Directory.script","wvs/Scripts/PerFolder/Mercurial_Repository.script","wvs/Scripts/PerFolder/Possible_Sensitive_Directories.script","wvs/Scripts/PerFolder/Possible_Sensitive_Files.script","wvs/Scripts/PerFolder/REST_Discovery_And_Audit_Folder.script","wvs/Scripts/PerFolder/Readme_Files.script","wvs/Scripts/PerFolder/SFTP_Credentials_Exposure.script","wvs/Scripts/PerFolder/SQL_Injection_In_Basic_Auth.script","wvs/Scripts/PerFolder/Trojan_Scripts.script","wvs/Scripts/PerFolder/WS_FTP_log_file.script","wvs/Scripts/PerFolder/Webadmin_script.script","wvs/Scripts/PerFolder/htaccess_File_Readable.script","wvs/Scripts/PerFolder/Deadjoe_file.script","wvs/Scripts/PerFolder/Symfony_Databases_YML.script","wvs/Scripts/PerFolder/dotenv_File.script","wvs/Scripts/PerFolder/Spring_Boot_WhiteLabel_Error_Page_SPEL.script","wvs/Scripts/PerFolder/Nginx_Path_Traversal_Misconfigured_Alias.script","wvs/Scripts/PerFolder/Spring_Security_Auth_Bypass_CVE-2016-5007.script","wvs/Scripts/PerScheme/ASP_Code_Injection.script","wvs/Scripts/PerScheme/PHP_Deserialization_Gadgets.script","wvs/Scripts/PerScheme/Email_Header_Injection.script","wvs/Scripts/PerScheme/Email_Injection.script","wvs/Scripts/PerScheme/Error_Message.script","wvs/Scripts/PerScheme/Expression_Language_Injection.script","wvs/Scripts/PerScheme/Generic_Oracle_Padding.script","wvs/Scripts/PerScheme/Host_Based_Attack_Reset_Password.script","wvs/Scripts/PerScheme/LDAP_Injection.script","wvs/Scripts/PerScheme/Long_Password_Denial_of_Service.script","wvs/Scripts/PerScheme/MongoDB_Injection.script","wvs/Scripts/PerScheme/NodeJs_Injection.script","wvs/Scripts/PerScheme/PHP_Code_Injection.script","wvs/Scripts/PerScheme/RubyOnRails_Code_Injection.script","wvs/Scripts/PerScheme/Perl_Code_Injection.script","wvs/Scripts/PerScheme/PHP_User_Controlled_Vulns.script","wvs/Scripts/PerScheme/Rails_Mass_Assignment.script","wvs/Scripts/PerScheme/Rails_Where_SQL_Injection.script","wvs/Scripts/PerScheme/Rails_render_inline_RCE.script","wvs/Scripts/PerScheme/Unsafe_preg_replace.script","wvs/Scripts/PerScheme/XFS_and_Redir.script","wvs/Scripts/PerScheme/XPath_Injection.script","wvs/Scripts/PerScheme/ESI_Injection.script","wvs/Scripts/PerScheme/Java_Deserialization.script","wvs/Scripts/PerScheme/Pickle_Serialization.script","wvs/Scripts/PerScheme/Python_Code_Injection.script","wvs/Scripts/PerScheme/DotNet_BinaryFormatter_Deserialization.script","wvs/Scripts/PerScheme/Apache_Solr_Parameter_Injection.script","wvs/Scripts/PerScheme/Cmd_Hijack_Windows.script","wvs/Scripts/WebApps","wvs/Scripts/PerScheme/HTTP_Parameter_Pollution.script","wvs/Scripts/PerServer/AJP_Audit.script","wvs/Scripts/PerServer/ASP_NET_Error_Message.script","wvs/Scripts/PerServer/ASP_NET_Forms_Authentication_Bypass.script","wvs/Scripts/PerServer/Apache_Proxy_CONNECT_Enabled.script","wvs/Scripts/PerServer/Apache_Roller_Audit.script","wvs/Scripts/PerServer/Apache_Running_As_Proxy.script","wvs/Scripts/PerServer/Apache_Server_Information.script","wvs/Scripts/PerServer/Apache_XSS_via_Malformed_Method.script","wvs/Scripts/PerServer/Apache_httpOnly_Cookie_Disclosure.script","wvs/Scripts/PerServer/Apache_mod_negotiation_Filename_Bruteforcing.script","wvs/Scripts/PerServer/Barracuda_locale_Directory_Traversal.script","wvs/Scripts/PerServer/Bash_RCE_Server_Audit.script","wvs/Scripts/PerServer/ColdFusion_Audit.script","wvs/Scripts/PerServer/ColdFusion_User_Agent_XSS.script","wvs/Scripts/PerServer/ColdFusion_v8_File_Upload.script","wvs/Scripts/PerServer/ColdFusion_v9_Solr_Exposed.script","wvs/Scripts/PerServer/CoreDumpCheck.script","wvs/Scripts/PerServer/Error_Page_Path_Disclosure.script","wvs/Scripts/PerServer/Frontpage_Extensions_Enabled.script","wvs/Scripts/PerServer/Frontpage_Information.script","wvs/Scripts/PerServer/Frontpage_authors_pwd.script","wvs/Scripts/PerServer/GlassFish_41_Directory_Traversal.script","wvs/Scripts/PerServer/GlassFish_Audit.script","wvs/Scripts/PerServer/Hadoop_Cluster_Web_Interface.script","wvs/Scripts/PerServer/Horde_IMP_Webmail_Exploit.script","wvs/Scripts/PerServer/IBM_WCM_XPath_Injection.script","wvs/Scripts/PerServer/IBM_WebSphere_Audit.script","wvs/Scripts/PerServer/IIS_Global_Asa.script","wvs/Scripts/PerServer/IIS_Internal_IP_Address.script","wvs/Scripts/PerServer/IIS_Unicode_Directory_Traversal.script","wvs/Scripts/PerServer/IIS_service_cnf.script","wvs/Scripts/PerServer/IIS_v5_NTML_Basic_Auth_Bypass.script","wvs/Scripts/PerServer/Ioncube_Loader_Wizard.script","wvs/Scripts/PerServer/JBoss_Audit.script","wvs/Scripts/PerServer/JBoss_Status_Servlet_Information_Leak.script","wvs/Scripts/PerServer/JBoss_Web_Service_Console.script","wvs/Scripts/PerServer/JMX_RMI_service.script","wvs/Scripts/PerServer/Java_Application_Servers_Fuzz.script","wvs/Scripts/PerServer/Java_Debug_Wire_Protocol_Audit.script","wvs/Scripts/PerServer/Jetty_Audit.script","wvs/Scripts/PerServer/Lotus_Domino_crlf_xss.script","wvs/Scripts/PerServer/Misfortune_Cookie.script","wvs/Scripts/PerServer/MongoDB_Audit.script","wvs/Scripts/PerServer/Movable_Type_4_RCE.script","wvs/Scripts/PerServer/Nginx_PHP_FastCGI_Code_Execution_File_Upload.script","wvs/Scripts/PerServer/Oracle_Application_Logs.script","wvs/Scripts/PerServer/Oracle_Reports_Audit.script","wvs/Scripts/PerServer/PHP_CGI_RCE_Force_Redirect.script","wvs/Scripts/PerServer/PHP_Hash_Collision_Denial_Of_Service.script","wvs/Scripts/PerServer/Parallels_Plesk_Audit.script","wvs/Scripts/PerServer/Plesk_Agent_SQL_Injection.script","wvs/Scripts/PerServer/Plesk_SSO_XXE.script","wvs/Scripts/PerServer/Plone&Zope_Remote_Command_Execution.script","wvs/Scripts/PerServer/Pyramid_Debug_Mode.script","wvs/Scripts/PerServer/Railo_Audit.script","wvs/Scripts/PerServer/Reverse_Proxy_Bypass.script","wvs/Scripts/PerServer/RubyOnRails_Database_File.script","wvs/Scripts/PerServer/SSL_Audit.script","wvs/Scripts/PerServer/Same_Site_Scripting.script","wvs/Scripts/PerServer/Snoop_Servlet.script","wvs/Scripts/PerServer/Tomcat_Audit.script","wvs/Scripts/PerServer/Tomcat_Examples.script","wvs/Scripts/PerServer/Tomcat_Hello_JSP_XSS.script","wvs/Scripts/PerServer/Tomcat_Status_Page.script","wvs/Scripts/PerServer/Tornado_Debug_Mode.script","wvs/Scripts/PerServer/Track_Trace_Server_Methods.script","wvs/Scripts/PerServer/Unprotected_phpMyAdmin_Interface.script","wvs/Scripts/PerServer/VMWare_Directory_Traversal.script","wvs/Scripts/PerServer/Version_Check.script","wvs/Scripts/PerServer/VirtualHost_Audit.script","wvs/Scripts/PerServer/WAF_Detection.script","wvs/Scripts/PerServer/WEBrick_Directory_Traversal.script","wvs/Scripts/PerServer/WebLogic_Audit.script","wvs/Scripts/PerServer/Web_Server_Default_Welcome_Page.script","wvs/Scripts/PerServer/Web_Statistics.script","wvs/Scripts/PerServer/XML_External_Entity_Injection_Server.script","wvs/Scripts/PerServer/Zend_Framework_Config_File.script","wvs/Scripts/PerServer/elasticsearch_Audit.script","wvs/Scripts/PerServer/elmah_Information_Disclosure.script","wvs/Scripts/PerServer/lighttpd_v1434_Sql_Injection.script","wvs/Scripts/PerServer/ms12-050.script","wvs/Scripts/PerServer/phpMoAdmin_Remote_Code_Execution.script","wvs/Scripts/PerServer/Weblogic_wls-wsat_RCE.script","wvs/Scripts/PerServer/phpunit_RCE_CVE-2017-9841.script","wvs/Scripts/PerServer/Atlassian_OAuth_Plugin_IconUriServlet_SSRF.script","wvs/Scripts/PerServer/PHP_FPM_Status_Page.script","wvs/Scripts/PerServer/Test_CGI_Script.script","wvs/Scripts/PerServer/Cisco_ASA_Path_Traversal_CVE-2018-0296.script","wvs/Scripts/PerServer/JBoss_RCE_CVE-2015-7501.script","wvs/Scripts/PerServer/JBoss_RCE_CVE-2017-7504.script","wvs/Scripts/PerServer/WebSphere_RCE_CVE-2015-7450.script","wvs/Scripts/PerServer/Liferay_RCE_tra-2017-01.script","wvs/Scripts/PerServer/Liferay_Xmlrpc_SSRF.script","wvs/Scripts/PostCrawl/Adobe_Flex_Audit.script","wvs/Scripts/PostCrawl/Amazon_S3_Buckets_Audit.script","wvs/Scripts/PostCrawl/Apache_CN_Discover_New_Files.script","wvs/Scripts/PostCrawl/Azure_Blobs_Audit.script","wvs/Scripts/PostCrawl/CKEditor_Audit.script","wvs/Scripts/PostCrawl/CakePHP_Audit.script","wvs/Scripts/PostCrawl/Config_File_Disclosure.script","wvs/Scripts/PostCrawl/ExtJS_Examples_Arbitrary_File_Read.script","wvs/Scripts/PostCrawl/FCKEditor_Audit.script","wvs/Scripts/PostCrawl/GWT_Audit.script","wvs/Scripts/PostCrawl/Genericons_Audit.script","wvs/Scripts/PostCrawl/IIS_Tilde_Dir_Enumeration.script","wvs/Scripts/PostCrawl/J2EE_Audit.script","wvs/Scripts/PostCrawl/JAAS_Authentication_Bypass.script","wvs/Scripts/PostCrawl/JBoss_Seam_Remoting.script","wvs/Scripts/PostCrawl/JBoss_Seam_actionOutcome.script","wvs/Scripts/PostCrawl/JSP_Authentication_Bypass.script","wvs/Scripts/PostCrawl/MS15-034.script","wvs/Scripts/PostCrawl/Minify_Audit.script","wvs/Scripts/PostCrawl/OFC_Upload_Image_Audit.script","wvs/Scripts/PostCrawl/Oracle_JSF2_Path_Traversal.script","wvs/Scripts/PostCrawl/PHP_CGI_RCE.script","wvs/Scripts/PostCrawl/PrimeFaces5_EL_Injection.script","wvs/Scripts/PostCrawl/Rails_Audit.script","wvs/Scripts/PostCrawl/Rails_Audit_Routes.script","wvs/Scripts/PostCrawl/Rails_Devise_Authentication_Password_Reset.script","wvs/Scripts/PostCrawl/Rails_Weak_secret_token.script","wvs/Scripts/PostCrawl/Session_Fixation.script","wvs/Scripts/PostCrawl/SharePoint_Audit.script","wvs/Scripts/PostCrawl/Struts2_ClassLoader_Manipulation.script","wvs/Scripts/PostCrawl/Struts2_ClassLoader_Manipulation2.script","wvs/Scripts/PostCrawl/Struts2_Remote_Code_Execution_S2014.script","wvs/Scripts/PostCrawl/Timthumb_Audit.script","wvs/Scripts/PostCrawl/Tiny_MCE_Audit.script","wvs/Scripts/PostCrawl/Uploadify_Audit.script","wvs/Scripts/PostCrawl/WADL_Files.script","wvs/Scripts/PostCrawl/WebDAV_Audit.script","wvs/Scripts/PostCrawl/XML_Quadratic_Blowup_Attack.script","wvs/Scripts/PostCrawl/Zend_Framework_LFI_via_XXE.script","wvs/Scripts/PostCrawl/nginx-redir-headerinjection.script","wvs/Scripts/PostCrawl/phpLiteAdmin_Audit.script","wvs/Scripts/PostCrawl/phpThumb_Audit.script","wvs/Scripts/PostCrawl/tcpdf_Audit.script","wvs/Scripts/PostScan/10-Webmail_Audit.script","wvs/Scripts/PostScan/4-Stored_File_Inclusion.script","wvs/Scripts/PostScan/7-Stored_File_Tampering.script","wvs/Scripts/PostScan/9-Multiple_Web_Servers.script","wvs/location/zabbix/zabbix_audit.js","wvs/location/reverse_proxy_path_traversal.js","wvs/location/cors_origin_validation.js","wvs/location/yii2/yii2_gii.js","wvs/location/nodejs_source_code_disclosure.js","wvs/location/npm_debug_log.js","wvs/location/php_cs_cache.js","wvs/location/laravel_log_viewer_lfd.js","wvs/location/sap_b2b_lfi.js","wvs/location/nodejs_path_traversal_CVE-2017-14849.js","wvs/location/jquery_file_upload_rce.js","wvs/location/goahead_web_server_rce.js","wvs/location/file_upload_via_put_method.js","wvs/location/coldfusion/coldfusion_rds_login.js","wvs/location/coldfusion/coldfusion_request_debugging.js","wvs/location/coldfusion/coldfusion_robust_exception.js","wvs/location/coldfusion/coldfusion_add_paths.js","wvs/location/coldfusion/coldfusion_amf_deser.js","wvs/location/coldfusion/coldfusion_jndi_inj_rce.js","wvs/location/coldfusion/coldfusion_file_uploading_CVE-2018-15961.js","wvs/location/python_source_code_disclosure.js","wvs/location/ruby_source_code_disclosure.js","wvs/location/confluence/confluence_widget_SSTI_CVE-2019-3396.js","wvs/location/shiro/apache-shiro-deserialization-rce.js","wvs/location/coldfusion/coldfusion_flashgateway_deser_CVE-2019-7091.js","wvs/location/oraclebi/oracle_biee_convert_xxe_CVE-2019-2767.js","wvs/location/oraclebi/oracle_biee_adfresource_dirtraversal_CVE-2019-2588.js","wvs/location/oraclebi/oracle_biee_authbypass_CVE-2019-2768.js","wvs/location/oraclebi/oracle_biee_ReportTemplateService_xxe_CVE-2019-2616.js","wvs/location/oraclebi/oracle_biee_default_creds.js","wvs/location/asp_net_resolveurl_xss.js","wvs/location/oraclebi/oracle_biee_amf_deser_rce_CVE-2020-2950.js","wvs/location/composer_installed_json.js","wvs/location/typo3/typo3_audit.js","wvs/location/config_json_files_secrets_leakage.js","wvs/location/import_swager_files_from_common_locations.js","wvs/location/forgerock/forgerock_openam_deser_rce_CVE-2021-35464.js","wvs/location/web_cache_poisoning_dos_for_js.js","wvs/location/forgerock/forgerock_openam_ldap_inj_CVE-2021-29156.js","wvs/location/ghost/Ghost_Theme_Preview_XSS_CVE-2021-29484.js","wvs/location/qdpm/qdPM_Inf_Disclosure.js","wvs/location/apache_source_code_disclosure.js","wvs/location/oraclebi/oracle_biee_ReportTemplateService_xxe_CVE-2021-2400.js","wvs/target/rails_sprockets_path_traversal.js","wvs/target/proxy_misrouting_ssrf.js","wvs/target/http_01_ACME_challenge_xss.js","wvs/target/java_melody_detection_plus_xxe.js","wvs/target/uwsgi_path_traversal.js","wvs/target/weblogic_rce_CVE-2018-3245.js","wvs/target/nginx_integer_overflow_CVE-2017-7529.js","wvs/target/jupyter_notebook_rce.js","wvs/target/hadoop_yarn_resourcemanager.js","wvs/target/couchdb_rest_api.js","wvs/target/apache_log4j_deser_rce.js","wvs/target/activemq_default_credentials.js","wvs/target/apache_mod_jk_access_control_bypass.js","wvs/target/mini_httpd_file_read_CVE-2018-18778.js","wvs/target/osgi_management_console_default_creds.js","wvs/target/docker_engine_API_exposed.js","wvs/target/docker_registry_API_exposed.js","wvs/target/jenkins_audit.js","wvs/target/thinkphp_5_0_22_rce.js","wvs/target/uwsgi_unauth.js","wvs/target/fastcgi_unauth.js","wvs/target/apache_balancer_manager.js","wvs/target/cisco_ise_stored_xss.js","wvs/target/horde_imp_rce.js","wvs/target/nagiosxi_556_rce.js","wvs/target/next_js_arbitrary_file_read.js","wvs/target/php_opcache_status.js","wvs/target/opencms_solr_xxe.js","wvs/target/redis_open.js","wvs/target/memcached_open.js","wvs/target/Weblogic_async_rce_CVE-2019-2725.js","wvs/target/Weblogic_T3_XXE_CVE-2019-2647.js","wvs/target/RevProxy_Detection.js","wvs/target/cassandra_open.js","wvs/target/nagiosxi_sqli_CVE-2018-8734.js","wvs/target/backdoor_bootstrap_sass.js","wvs/target/apache_spark_audit.js","wvs/target/fortigate_file_reading.js","wvs/target/pulse_sslvpn_file_reading.js","wvs/target/SAP_Hybris_virtualjdbc_RCE_CVE-2019-0344.js","wvs/target/webmin_rce_1_920_CVE-2019-15107.js","wvs/target/Weblogic_T3_XXE_CVE-2019-2888.js","wvs/target/citrix_netscaler_CVE-2019-19781.js","wvs/target/DotNet_HTTP_Remoting.js","wvs/target/opensearch-target.js","wvs/target/adminer-4.6.2-file-disclosure-vulnerability.js","wvs/target/apache_mod_rewrite_open_redirect_CVE-2019-10098.js","wvs/target/default_apple-app-site-association.js","wvs/target/golang-debug-pprof.js","wvs/target/openid_connect_discovery.js","wvs/target/nginx-plus-unprotected-status.js","wvs/target/nginx-plus-unprotected-api.js","wvs/target/nginx-plus-unprotected-dashboard.js","wvs/target/nginx-plus-unprotected-upstream.js","wvs/target/Kentico_CMS_Audit.js","wvs/target/Rails_DoubleTap_RCE_CVE-2019-5418.js","wvs/target/Oracle_EBS_Audit.js","wvs/target/rce_sql_server_reporting_services.js","wvs/target/liferay_portal_jsonws_rce.js","wvs/target/php_opcache_gui.js","wvs/target/check_acumonitor.js","wvs/target/spring_cloud_config_server_CVE-2020-5410.js","wvs/target/f5_big_ip_tmui_rce_CVE-2020-5902.js","wvs/target/rack_mini_profiler_information_disclosure.js","wvs/target/grafana_ssrf_rce_CVE-2020-13379.js","wvs/target/h2-console.js","wvs/target/jolokia_xxe.js","wvs/target/rails_rce_locals_CVE-2020-8163.js","wvs/target/Cisco_ASA_Path_Traversal_CVE-2020-3452.js","wvs/target/DNN_Deser_Cookie_CVE-2017-9822.js","wvs/target/404_text_search.js","wvs/target/totaljs_dir_traversal_CVE-2019-8903.js","wvs/target/OFBiz_xmlrpc_deser_rce_CVE-2020-9496.js","wvs/target/http_redirections.js","wvs/target/apache_zookeeper_open.js","wvs/target/apache_kafka_open.js","wvs/target/nette_framework_rce_CVE-2020-15227.js","wvs/target/vmware_vcenter_unauth_file_read.js","wvs/target/mobile_iron_rce_CVE-2020-15505.js","wvs/target/web_cache_poisoning_dos.js","wvs/target/prototype_pollution_target.js","wvs/target/openfire_admin_console_ssrf_CVE-2019-18394.js","wvs/target/weblogic_rce_CVE-2020-14882.js","wvs/target/Weblogic_IIOP_RCE_CVE-2020-2551.js","wvs/target/Odoo_audit.js","wvs/target/citrix_xenmobile_arbitrary_file_read_CVE-2020-8209.js","wvs/target/sonarqube_default_credentials.js","wvs/target/common_api_endpoints.js","wvs/target/Unomi_MVEL_RCE_CVE-2020-13942.js","wvs/target/symfony_weak_secret_rce.js","wvs/target/lucee_arbitrary_file_write.js","wvs/target/dynamic_rendering_engines.js","wvs/target/open_prometheus.js","wvs/target/open_monitoring.js","wvs/target/apache_flink_path_traversal_CVE-2020-17519.js","wvs/target/imageresizer_debug.js","wvs/target/unprotected_apache_nifi.js","wvs/target/unprotected_kong_gateway_adminapi_interface.js","wvs/target/sap_solution_manager_rce_CVE-2020-6207.js","wvs/target/sonicwall_ssl_vpn_rce_jarrewrite.js","wvs/target/nodejs_debugger_open.js","wvs/target/vmware_vcenter_server_unauth_rce_CVE-2021-21972.js","wvs/target/paloalto-pan-os-xss-CVE-2020-2036.js","wvs/target/golang_delve_debugger_open.js","wvs/target/microsoft_exchange-server-ssrf-CVE-2021-26855.js","wvs/target/python_debugpy_debugger_open.js","wvs/target/AppWeb_auth_bypass_CVE-2018-8715.js","wvs/target/OFBiz_SOAPService_deser_rce_CVE-2021-26295.js","wvs/target/vhost_files_locs_misconfig.js","wvs/target/cockpit_nosqli_CVE-2020-35847.js","wvs/target/f5_iControl_REST_RCE_CVE-2021-22986.js","wvs/target/Cisco_RV_auth_bypass_CVE-2021-1472.js","wvs/target/web_installer_exposed.js","wvs/target/ntopng_auth_bypass_CVE-2021-28073.js","wvs/target/request_smuggling.js","wvs/target/Hashicorp_Consul_exposed.js","wvs/target/django_debug_toolbar.js","wvs/target/VMware_vRealize_SSRF_CVE-2021-21975.js","wvs/target/GravCMS_unauth_RCE_CVE-2021-21425.js","wvs/target/caddy_unprotected_api.js","wvs/target/dragonfly_arbitrary_file_read_CVE-2021-33564.js","wvs/target/bitrix_audit.js","wvs/target/nacos_auth_bypass_CVE-2021-29441.js","wvs/target/sap_bo_bip_ssrf_CVE-2020-6308.js","wvs/target/detect_apache_shiro_server.js","wvs/target/jetty_concat_inf_disc_CVE-2021-28164.js","wvs/target/RethinkDB_open.js","wvs/target/spring_boot_actuator_logview_path_trav_CVE-2021-21234.js","wvs/target/open_webpagetest.js","wvs/target/buddypress_rest_api_privesc_CVE-2021-21389.js","wvs/target/Hasura_GraphQL_SSRF.js","wvs/target/grandnode_path_traversal_CVE-2019-12276.js","wvs/target/SearchBlox_File_Inclusion_CVE-2020-35580.js","wvs/target/Zimbra_SSRF_CVE-2020-7796.js","wvs/target/jetty_inf_disc_CVE-2021-34429.js","wvs/target/Cisco_ASA_XSS_CVE-2020-3580.js","wvs/target/haproxy_unprotected_api.js","wvs/target/kong_unprotected_api.js","wvs/target/OData_feed_accessible_anonymously.js","wvs/target/Confluence_OGNL_Injection_CVE-2021-26084.js","wvs/target/microsoft_exchange_preauth_path_confusion_CVE-2021-34473.js","wvs/target/Atlassian_Jira_File_Read_CVE-2021-26086.js","wvs/target/ManageEngine_ADSelfService_Plus_auth_bypass_CVE-2021-40539.js","wvs/target/Django_Debug_Mode.js","wvs/target/Payara_Micro_File_Read_CVE-2021-41381.js","wvs/target/keycloak_request_uri_SSRF_CVE-2020-10770.js","wvs/target/apache_mod_proxy_SSRF_CVE-2021-40438.js","wvs/target/apache_insecure_path_norm_CVE-2021-41773_CVE-2021-42013.js","wvs/target/gitlab_exiftool_rce_CVE-2021-22205.js","wvs/target/http2/http2_pseudo_header_ssrf.js","wvs/target/Sitecore_XP_RCE_CVE-2021-42237.js","wvs/target/http2/http2_misrouting_ssrf.js","wvs/target/http2/http2_web_cache_poisoning.js","wvs/target/http2/http2_web_cache_poisoning_dos.js","wvs/target/Apache_Log4j_RCE_404.js","wvs/httpdata/AjaxControlToolkit_Audit.js","wvs/httpdata/cache-vary.js","wvs/httpdata/spring_jsonp_enabled.js","wvs/httpdata/spring_web_flow_rce.js","wvs/httpdata/telerik_web_ui_cryptographic_weakness.js","wvs/httpdata/analyze_parameter_values.js","wvs/httpdata/apache_struts_rce_S2-057.js","wvs/httpdata/cors_acao.js","wvs/httpdata/yii2_debug.js","wvs/httpdata/CSP_not_implemented.js","wvs/httpdata/adobe_experience_manager.js","wvs/httpdata/httpoxy.js","wvs/httpdata/firebase_db_dev_mode.js","wvs/httpdata/blazeds_amf_deserialization.js","wvs/httpdata/text_search.js","wvs/httpdata/rails_accept_file_content_disclosure.js","wvs/httpdata/atlassian-crowd-CVE-2019-11580.js","wvs/httpdata/opensearch-httpdata.js","wvs/httpdata/csp_report_uri.js","wvs/httpdata/BigIP_iRule_Tcl_code_injection.js","wvs/httpdata/password_cleartext_storage.js","wvs/httpdata/web_applications_default_credentials.js","wvs/httpdata/HSTS_not_implemented.js","wvs/httpdata/laravel_audit.js","wvs/httpdata/whoops_debug.js","wvs/httpdata/html_auth_weak_creds.js","wvs/httpdata/clockwork_debug.js","wvs/httpdata/php_debug_bar.js","wvs/httpdata/php_console_addon.js","wvs/httpdata/tracy_debugging_tool.js","wvs/httpdata/IIS_path_disclosure.js","wvs/httpdata/missing_parameters.js","wvs/httpdata/broken_link_hijacking.js","wvs/httpdata/symfony_audit.js","wvs/httpdata/jira_servicedesk_misconfiguration.js","wvs/httpdata/iframe_sandbox.js","wvs/httpdata/search_paths_in_headers.js","wvs/httpdata/envoy_metadata_disclosure.js","wvs/httpdata/insecure_referrer_policy.js","wvs/httpdata/web_cache_poisoning_via_host.js","wvs/httpdata/sourcemap_detection.js","wvs/httpdata/parse_hateoas.js","wvs/httpdata/typo3_debug.js","wvs/httpdata/header_reflected_in_cached_response.js","wvs/httpdata/X_Frame_Options_not_implemented.js","wvs/httpdata/405_method_not_allowed.js","wvs/httpdata/javascript_library_audit_external.js","wvs/httpdata/http_splitting_cloud_storage.js","wvs/httpdata/apache_shiro_auth_bypass_CVE-2020-17523.js","wvs/httpdata/acusensor-packages.js","wvs/httpdata/joomla_debug_console.js","wvs/httpdata/mitreid_connect_ssrf_CVE-2021-26715.js","wvs/httpdata/saml_endpoint_audit.js","wvs/httpdata/sca_analyze_package_files.js","wvs/httpdata/pyramid_debugtoolbar.js","wvs/httpdata/adminer_ssrf_CVE-2021-21311.js","wvs/httpdata/Tapestry_audit.js","wvs/target/web_cache_poisoning.js","wvs/target/php_xdebug_rce.js","wvs/input_group/json/expressjs_layout_lfr_json.js","wvs/input_group/query/expressjs_layout_lfr_query.js","wvs/input_group/query/prototype_pollution_query.js","ovas/"]} 285 | 286 | r = requests.post(get_target_url, data=json.dumps(post_data), headers=headers, timeout=30, verify=False) 287 | result = json.loads(r.content.decode()) 288 | get_target_url = awvs_url + '/api/v1/scanning_profiles' 289 | r = requests.get(get_target_url, headers=headers, timeout=30, verify=False) 290 | result = json.loads(r.content.decode()) 291 | for xxx in result['scanning_profiles']: 292 | if xxx['name']=='Bug Bounty': 293 | return xxx['profile_id'] 294 | 295 | 296 | def custom_cves(): # 增加自定义扫描常见cve 297 | get_target_url = awvs_url + '/api/v1/scanning_profiles' 298 | # log4j 299 | post_data = {"name":"cves","custom":'true',"checks":["wvs/Crawler","wvs/deepscan","wvs/custom-scripts","wvs/MalwareScanner","wvs/Scripts/PerFile","wvs/Scripts/PerFolder","wvs/Scripts/PerScheme","wvs/Scripts/PerServer/AJP_Audit.script","wvs/Scripts/PerServer/ASP_NET_Error_Message.script","wvs/Scripts/PerServer/ASP_NET_Forms_Authentication_Bypass.script","wvs/Scripts/PerServer/Apache_Axis2_Audit.script","wvs/Scripts/PerServer/Apache_Geronimo_Default_Administrative_Credentials.script","wvs/Scripts/PerServer/Apache_Proxy_CONNECT_Enabled.script","wvs/Scripts/PerServer/Apache_Roller_Audit.script","wvs/Scripts/PerServer/Apache_Running_As_Proxy.script","wvs/Scripts/PerServer/Apache_Server_Information.script","wvs/Scripts/PerServer/Apache_Solr_Exposed.script","wvs/Scripts/PerServer/Apache_Unfiltered_Expect_Header_Injection.script","wvs/Scripts/PerServer/Apache_XSS_via_Malformed_Method.script","wvs/Scripts/PerServer/Apache_httpOnly_Cookie_Disclosure.script","wvs/Scripts/PerServer/Apache_mod_negotiation_Filename_Bruteforcing.script","wvs/Scripts/PerServer/Arbitrary_file_existence_disclosure_in_Action_Pack.script","wvs/Scripts/PerServer/Barracuda_locale_Directory_Traversal.script","wvs/Scripts/PerServer/Bash_RCE_Server_Audit.script","wvs/Scripts/PerServer/CRLF_Injection_PerServer.script","wvs/Scripts/PerServer/ColdFusion_Audit.script","wvs/Scripts/PerServer/ColdFusion_User_Agent_XSS.script","wvs/Scripts/PerServer/ColdFusion_v8_File_Upload.script","wvs/Scripts/PerServer/ColdFusion_v9_Solr_Exposed.script","wvs/Scripts/PerServer/CoreDumpCheck.script","wvs/Scripts/PerServer/Database_Backup.script","wvs/Scripts/PerServer/Django_Admin_Weak_Password.script","wvs/Scripts/PerServer/Error_Page_Path_Disclosure.script","wvs/Scripts/PerServer/Flask_Debug_Mode.script","wvs/Scripts/PerServer/Frontpage_Extensions_Enabled.script","wvs/Scripts/PerServer/Frontpage_Information.script","wvs/Scripts/PerServer/Frontpage_authors_pwd.script","wvs/Scripts/PerServer/GlassFish_41_Directory_Traversal.script","wvs/Scripts/PerServer/GlassFish_Audit.script","wvs/Scripts/PerServer/Hadoop_Cluster_Web_Interface.script","wvs/Scripts/PerServer/Horde_IMP_Webmail_Exploit.script","wvs/Scripts/PerServer/IBM_WCM_XPath_Injection.script","wvs/Scripts/PerServer/IBM_WebSphere_Audit.script","wvs/Scripts/PerServer/IIS_Global_Asa.script","wvs/Scripts/PerServer/IIS_Internal_IP_Address.script","wvs/Scripts/PerServer/IIS_Unicode_Directory_Traversal.script","wvs/Scripts/PerServer/IIS_service_cnf.script","wvs/Scripts/PerServer/IIS_v5_NTML_Basic_Auth_Bypass.script","wvs/Scripts/PerServer/Ioncube_Loader_Wizard.script","wvs/Scripts/PerServer/JBoss_Audit.script","wvs/Scripts/PerServer/JBoss_Status_Servlet_Information_Leak.script","wvs/Scripts/PerServer/JBoss_Web_Service_Console.script","wvs/Scripts/PerServer/JMX_RMI_service.script","wvs/Scripts/PerServer/Java_Application_Servers_Fuzz.script","wvs/Scripts/PerServer/Java_Debug_Wire_Protocol_Audit.script","wvs/Scripts/PerServer/Jetty_Audit.script","wvs/Scripts/PerServer/Lotus_Domino_crlf_xss.script","wvs/Scripts/PerServer/Misfortune_Cookie.script","wvs/Scripts/PerServer/MongoDB_Audit.script","wvs/Scripts/PerServer/Movable_Type_4_RCE.script","wvs/Scripts/PerServer/Nginx_PHP_FastCGI_Code_Execution_File_Upload.script","wvs/Scripts/PerServer/Oracle_Application_Logs.script","wvs/Scripts/PerServer/Oracle_Reports_Audit.script","wvs/Scripts/PerServer/PHP_CGI_RCE_Force_Redirect.script","wvs/Scripts/PerServer/PHP_Hash_Collision_Denial_Of_Service.script","wvs/Scripts/PerServer/Parallels_Plesk_Audit.script","wvs/Scripts/PerServer/Plesk_Agent_SQL_Injection.script","wvs/Scripts/PerServer/Plesk_SSO_XXE.script","wvs/Scripts/PerServer/Plone&Zope_Remote_Command_Execution.script","wvs/Scripts/PerServer/Pyramid_Debug_Mode.script","wvs/Scripts/PerServer/Railo_Audit.script","wvs/Scripts/PerServer/Registration_Page.script","wvs/Scripts/PerServer/Reverse_Proxy_Bypass.script","wvs/Scripts/PerServer/RubyOnRails_Database_File.script","wvs/Scripts/PerServer/SSL_Audit.script","wvs/Scripts/PerServer/Same_Site_Scripting.script","wvs/Scripts/PerServer/Snoop_Servlet.script","wvs/Scripts/PerServer/Spring_Boot_Actuator.script","wvs/Scripts/PerServer/Subdomain_Takeover.script","wvs/Scripts/PerServer/Tomcat_Audit.script","wvs/Scripts/PerServer/Tomcat_Default_Credentials.script","wvs/Scripts/PerServer/Tomcat_Examples.script","wvs/Scripts/PerServer/Tomcat_Hello_JSP_XSS.script","wvs/Scripts/PerServer/Tomcat_Status_Page.script","wvs/Scripts/PerServer/Tornado_Debug_Mode.script","wvs/Scripts/PerServer/Track_Trace_Server_Methods.script","wvs/Scripts/PerServer/Unprotected_phpMyAdmin_Interface.script","wvs/Scripts/PerServer/VMWare_Directory_Traversal.script","wvs/Scripts/PerServer/VirtualHost_Audit.script","wvs/Scripts/PerServer/WAF_Detection.script","wvs/Scripts/PerServer/WEBrick_Directory_Traversal.script","wvs/Scripts/PerServer/WebInfWebXML_Audit.script","wvs/Scripts/PerServer/WebLogic_Audit.script","wvs/Scripts/PerServer/Web_Server_Default_Welcome_Page.script","wvs/Scripts/PerServer/Web_Statistics.script","wvs/Scripts/PerServer/XML_External_Entity_Injection_Server.script","wvs/Scripts/PerServer/Zend_Framework_Config_File.script","wvs/Scripts/PerServer/elasticsearch_Audit.script","wvs/Scripts/PerServer/elmah_Information_Disclosure.script","wvs/Scripts/PerServer/lighttpd_v1434_Sql_Injection.script","wvs/Scripts/PerServer/ms12-050.script","wvs/Scripts/PerServer/phpMoAdmin_Remote_Code_Execution.script","wvs/Scripts/PerServer/Weblogic_wls-wsat_RCE.script","wvs/Scripts/PerServer/Atlassian_OAuth_Plugin_IconUriServlet_SSRF.script","wvs/Scripts/PerServer/PHP_FPM_Status_Page.script","wvs/Scripts/PerServer/Test_CGI_Script.script","wvs/Scripts/PerServer/Cisco_ASA_Path_Traversal_CVE-2018-0296.script","wvs/Scripts/PerServer/Liferay_RCE_tra-2017-01.script","wvs/Scripts/PerServer/Liferay_Xmlrpc_SSRF.script","wvs/Scripts/PerServer/Spring_RCE_CVE-2016-4977.script","wvs/Scripts/PostScan","wvs/input_group/query/prototype_pollution_query.js","wvs/input_group/json/expressjs_layout_lfr_json.js","wvs/input_group/query/expressjs_layout_lfr_query.js","ovas/"]} 300 | 301 | r = requests.post(get_target_url, data=json.dumps(post_data), headers=headers, timeout=30, verify=False) 302 | result = json.loads(r.content.decode()) 303 | get_target_url = awvs_url + '/api/v1/scanning_profiles' 304 | r = requests.get(get_target_url, headers=headers, timeout=30, verify=False) 305 | result = json.loads(r.content.decode()) 306 | for xxx in result['scanning_profiles']: 307 | if xxx['name']=='cves': 308 | return xxx['profile_id'] 309 | 310 | def main(): 311 | global add_count_suss,error_count,target_scan,scan_label,input_urls,scan_speed,custom_headers,profile_id 312 | ########################################################AWVS扫描配置参数######################################### 313 | input_urls=input_urls 314 | mod_id = { 315 | "1": "11111111-1111-1111-1111-111111111111", # 完全扫描 316 | "2": "11111111-1111-1111-1111-111111111112", # 高风险漏洞 317 | "3": "11111111-1111-1111-1111-111111111116", # XSS漏洞 318 | "4": "11111111-1111-1111-1111-111111111113", # SQL注入漏洞 319 | "5": "11111111-1111-1111-1111-111111111115", # 弱口令检测 320 | "6": "11111111-1111-1111-1111-111111111117", # Crawl Only 321 | "7": "11111111-1111-1111-1111-111111111120", # 恶意软件扫描 322 | "8": "11111111-1111-1111-1111-111111111120", #仅添加,这行不会生效 323 | "9": "apache-log4j", 324 | "10": "custom-Bounty", 325 | "11": "custom-cve", 326 | "12": "custom", 327 | } 328 | if target_scan==False: 329 | print("""选择要扫描的类型: 330 | 1 【开始 完全扫描】 331 | 2 【开始 扫描高风险漏洞】 332 | 3 【开始 扫描XSS漏洞】 333 | 4 【开始 扫描SQL注入漏洞】 334 | 5 【开始 弱口令检测】 335 | 6 【开始 Crawl Only,,建议config.ini配置好上级代理地址,联动被动扫描器】 336 | 7 【开始 扫描意软件扫描】 337 | 8 【仅添加 目标到扫描器,不做任何扫描】 338 | 9 【仅扫描apache-log4j】(请需先确保当前版本已支持log4j扫描,awvs 14.6.211220100及以上) 339 | 10 【开始扫描Bug Bounty高频漏洞】 340 | 11 【扫描已知漏洞】(常见CVE,POC等) 341 | 12 【自定义模板】 342 | """) 343 | else: 344 | print("""对扫描器中已有目标进行扫描,选择要扫描的类型: 345 | 1 【完全扫描】 346 | 2 【扫描高风险漏洞】 347 | 3 【扫描XSS漏洞】 348 | 4 【扫描SQL注入漏洞】 349 | 5 【弱口令检测】 350 | 6 【Crawl Only,仅爬虫无意义,建议config.ini配置好上级代理地址,联动被动扫描器】 351 | 7 【扫描意软件扫描】 352 | 9 【仅扫描apache-log4j】(请需先确保当前版本已支持log4j扫描,awvs 14.6.211220100及以上) 353 | 10 【开始扫描Bug Bounty高频漏洞】 354 | 11 【扫描已知漏洞】(常见CVE,POC等) 355 | 12 【自定义模板】 356 | """) 357 | 358 | scan_type = str(input('请输入数字:')) 359 | scan_label = str(input('输入本次要扫描的资产标签(可空):')) 360 | try: 361 | is_to_scan = True 362 | if target_scan==False: 363 | if '8'==scan_type: 364 | is_to_scan = False 365 | profile_id = mod_id[scan_type] # 获取扫描漏洞类型 366 | if '9' == scan_type: 367 | profile_id=custom_log4j() 368 | pass 369 | if '10' == scan_type: 370 | profile_id=custom_bug_bounty() 371 | if '11' == scan_type: 372 | profile_id=custom_cves() 373 | if '12' == scan_type: 374 | profile_id=str(input('输入已定义好模板profile_id:')) 375 | 376 | except Exception as e: 377 | print('输入有误,检查',e) 378 | sys.exit() 379 | 380 | targets = open(input_urls, 'r', encoding='utf-8').read().split('\n') 381 | 382 | if target_scan==False: 383 | for target in targets: 384 | if target: 385 | target = target.strip() 386 | #if '://' not in target and 'http' not in target: 387 | if 'http' not in target[0:7]: 388 | target='http://'+target 389 | 390 | target_state=scan(awvs_url,target,profile_id,is_to_scan) 391 | try: 392 | if target_state[0]==1: 393 | open('./add_log/success.txt','a',encoding='utf-8').write(target+'\n') 394 | add_count_suss=add_count_suss+1 395 | print("{0} 已加入到扫描队列 ,第:".format(target),str(add_count_suss)) 396 | elif target_state[0]==2: 397 | pass 398 | else: 399 | open('./add_log/error_url.txt', 'a', encoding='utf-8').write(target + '\n') 400 | error_count=error_count+1 401 | print("{0} 添加失败".format(target),str(error_count)) 402 | except Exception as e: 403 | print(target,'添加扫描失败', e) 404 | 405 | elif target_scan==True:#对已有目标扫描 406 | scanUrl2= ''.join((awvs_url, '/api/v1/scans')) 407 | for target_for in get_target_list(): 408 | data = {"target_id": target_for['target_id'], "profile_id": profile_id, "incremental": False, 409 | "schedule": {"disable": False, "start_date": None, "time_sensitive": False}} 410 | 411 | configuration(awvs_url, target_for['target_id'], target_for['address'],profile_id) #已有目标扫描时配置 412 | try: 413 | response = requests.post(scanUrl2, data=json.dumps(data), headers=headers, timeout=30, verify=False) 414 | result = json.loads(response.content) 415 | if 'profile_id' in str(result) and 'target_id' in str(result): 416 | print(target_for['address'],'添加到扫描队列,开始扫描') 417 | except Exception as e: 418 | print(str(target_for['address'])+' 扫描失败 ',e) 419 | 420 | if __name__ == '__main__': 421 | print( """ 422 | ******************************************************************** 423 | AWVS14 批量添加,批量扫描,支持awvs14批量联动被动扫描器等功能 424 | 作者微信:SRC-ALL 425 | ******************************************************************** 426 | 1 【批量添加url到AWVS扫描器扫描】 427 | 2 【删除扫描器内所有目标与扫描任务】 428 | 3 【删除所有扫描任务(不删除目标)】 429 | 4 【对扫描器中已有目标,进行扫描】 430 | 5 【高危漏洞消息推送】 企业微信机器人 431 | 6 【删除已扫描完成的目标】 432 | """) 433 | selection=int(input('请输入数字:')) 434 | if selection==1: 435 | main() 436 | elif selection==2: 437 | delete_targets() 438 | elif selection==3: 439 | delete_task() 440 | elif selection==4: 441 | target_scan=True 442 | main() 443 | elif selection==5: 444 | push_wechat_group('已开启高危漏洞消息推送,需保持脚本前台运行,不会被结束') 445 | message_push() 446 | elif selection==6: 447 | delete_finish() 448 | --------------------------------------------------------------------------------