AWVS13.X API学习记录


AWVS 还是比较经典的,最近想用 Django 去调用 AWVS 的 API,在前辈们公开的 AWVS11 的 API 基础上,国光均一个个测试接口是否正常工作,对工作异常的接口国光也抓包来进行了分析,本文的 AWVS13 API 国光均一一验证过。

准备工作

获取 API-KEY

「Administrator」-「Profile」-「API Key」-「Generate New Api Key」

国光此时的 API Key 为:

1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01

Header 设置

X-Auth: API-KEY
Content-type: application/json; charset=utf8

下面分别用 curl 和 Python 的 requests 库来简单演示一下 API Key 的使用

查看账户信息的 api 是:

Method:GET 
URL: /api/v1/me

curl

curl 'https://127.0.0.1:13443/api/v1/me' -H 'Content-Type: application/json;charset=utf8' -H 'X-Auth: 1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01' -k
  • -H: 自定义 HTTP头
  • -k: 关闭 curl 的 SSL 安全验证,跳过 SSL 检测

requests

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

api_url = 'https://127.0.0.1:13443/api/v1/info'
headers = {
    'X-Auth': '1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01',
    'Content-type': 'application/json'
}
r = requests.get(url=api_url, headers=headers, verify=False)
print(r.json())

因为 Python 的 requests 模块会在控制台输出 SSL 不安全的警告信息,除了添加了verify=False之外,还添加了下面这两行代码,来手动关闭警告信息:

from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

接口设置

  1. 传参内容均为JSON格式
  2. 接口均为https

接口验证

浏览器审查元素配合AWVS的界面,再结合AWVS11的文档,基本上还是很容易上手接口的,因为文档叙述能力有限,建议大家有需求的话 自己抓包去看一下请求头和返回头,加深对AWVS13接口的理解。

Dashboard

证书信息

Method:GET 
URL: /api/v1/info

返回参数说明:

参数说明
build_number版本号
license授权信息
license_key授权信息
limits主要版本号
maintenance_expires小版本号
major_version”:创建时间
max_network_scan_time最大网络扫描时间
max_web_scan_time最大Web扫描时间
minor_version次版本号
update_info更新信息

AWVS13接口详细返回信息:

{
 "acumonitor": false,
 "build_number": "200217097",
 "license": {
  "access": true,
  "activated": true,
  "email": "test@test.com",
  "error": null,
  "expired": false,
  "expires": "false",
  "features": [
   "pause_resume",
   "compliance_reports",
   "target_business_criticality",
   "network_scans",
   "export_waf",
   "updates",
   "multi_user",
   "offline_activations",
   "multi_engine",
   "api_key",
   "target_groups",
   "trending_graphs",
   "vuln_retest",
   "scanning_profiles",
   "continuous_scans",
   "bug_tracking_integration",
   "acumonitor"
  ],
  "grace_period_end": null,
  "license_key": "Cracked-By-nszy007-Funning",
  "limits": {
   "demo_targets": 5,
   "standard_targets": 999999,
   "engines": 999999,
   "users": null
  },
  "maintenance_expired": false,
  "maintenance_expires": "2099-10-01T20:17:52",
  "product_code": "AOPENT"
 },
 "licensing_extra": {
  "extra_std_target_count": 0,
  "extra_user_count": 0,
  "can_create_new_std_target": true,
  "can_create_new_demo_target": true,
  "can_create_new_user": true,
  "target_deletion_allowance": 2,
  "unique_std_target_count": 19,
  "unique_net_target_count": 0,
  "user_count": 1
 },
 "major_version": "13",
 "max_network_scan_time": 2880,
 "max_web_scan_time": 2880,
 "minor_version": "0",
 "update_info": {
  "build_number": "-",
  "major_version": "12",
  "minor_version": "-",
  "new_update": false,
  "update_status": "none"
 }
}

账户信息

Method:GET 
URL: /api/v1/me

返回参数说明:

参数说明
child_account是否子账户
emailEmail地址
enabled当前账户是否启用
first_name当前账户名
user_id当前用户id
totp_enabled是否启用toptp
su是否最高权限

AWVS13接口详细返回信息:

{
 "child_account": false,
 "email": "admin@admin.com",
 "enabled": true,
 "first_name": "Administrator",
 "user_id": "986ad8c0-a5b3-df4d-7028-d5f3c06e936c",
 "totp_enabled": false,
 "su": true
}

节点引擎信息

Method:GET 
URL: /api/v1/workers

返回参数说明:

参数说明
workers工作的节点引擎
endpoint节点信息
scanning_app扫描应用程序
app_version应用程序版本信息
authorization授权状态
description节点引擎描述
status节点引擎状态
worker_id节点引擎id

详细返回信息:

{
 "workers": [
  {
   "endpoint": "Main Installation",
   "scanning_app": "wvs",
   "app_version": "13.0.200217097",
   "authorization": "authorized",
   "description": "Main Installation",
   "status": "online",
   "worker_id": "ffffffff-ffff-ffff-ffff-ffffffffffff"
  }
 ]
}

通知信息

Method:GET 
URL: /api/v1/notifications

返回参数说明:

参数说明
notifications通知
pagination分页

AWVS13 接口详细返回信息:

{
 "notifications": [
  {
   "consumed": false,
   "created": "2020-04-13T23:44:19.592629+00:00",
   "data": {
    "name": "20200413_Affected_Items_http_testphp_vulnweb_com_",
    "source": "http://testphp.vulnweb.com/;AWVS\u6d4b\u8bd5\u9776\u573a",
    "creator": "admin@admin.com",
    "source_type": "scans",
    "template_name": "Affected Items",
    "file_attachments": [
     {
      "name": "20200413_Affected_Items_http_testphp_vulnweb_com_.pdf",
      "path": "/home/acunetix/.acunetix/data/reports/20822f5f-59c9-4ce1-921a-76f3ec1493f1.pdf",
      "type": "file"
     }
    ]
   },
   "email": null,
   "notification_id": "2286746570391029408",
   "resource_id": "20822f5f-59c9-4ce1-921a-76f3ec1493f1",
   "resource_type": 7,
   "severity": 0,
   "type_id": 601,
   "user_id": null
  }
 ],
 "pagination": {
  "count": 1,
  "cursor_hash": "d16cdad638d278c14a209a6189016393",
  "cursors": [
   null
  ],
  "sort": null
 }
}

Dashboard 信息

Method:GET 
URL: /api/v1/me/stats

返回参数说明:

参数说明
most_vulnerable_targets最脆弱的目标
scans_conducted_count总进行扫描个数
scans_running_count正在扫描的个数
scans_waiting_count等待扫描的个数
targets_count总进行扫描个数
top_vulnerabilities排名靠前漏洞分布
vuln_count_by_criticality通过危险程度进行漏洞等级个数分布
vuln_count漏洞数据
vuln_count_by_criticality通过危险程度进行漏洞等级个数分布
top_vulnerabilities排名靠前漏洞分布
vulnerabilities_open_count共发现漏洞总数

AWVS13 接口详细返回信息:

{
 "most_vulnerable_targets": [
  {
   "address": "http://testphp.vulnweb.com/",
   "criticality": 10,
   "high_vuln_count": 45,
   "med_vuln_count": 66,
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66"
  }
 ],
 "scans_conducted_count": 1,
 "scans_running_count": 0,
 "scans_waiting_count": 0,
 "targets_count": 1,
 "top_vulnerabilities": [
  {
   "count": 21,
   "name": "SQL injection",
   "severity": 3,
   "vt_id": "db04b846-7dec-fb62-f12d-1a152945cdae"
  },
  {
   "count": 21,
   "name": "HTML form without CSRF protection",
   "severity": 2,
   "vt_id": "ca3a4dd5-3f3b-4b43-527e-3210a52f9c8c"
  },
  {
   "count": 16,
   "name": "Cross site scripting",
   "severity": 3,
   "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809"
  },
  {
   "count": 14,
   "name": "Directory listing",
   "severity": 2,
   "vt_id": "b53afc6c-83c3-7ea8-ce7b-d5f5fb01b7d7"
  },
  {
   "count": 7,
   "name": "Error message on page",
   "severity": 2,
   "vt_id": "d6b36f54-09ec-af8d-df8a-5f76932151ca"
  },
  {
   "count": 4,
   "name": "Application error message",
   "severity": 2,
   "vt_id": "760d5a01-dc58-fcbe-6c21-4f04c64a2467"
  },
  {
   "count": 2,
   "name": "Backup files",
   "severity": 2,
   "vt_id": "7777c336-316c-a967-2acd-45b7ee798413"
  },
  {
   "count": 2,
   "name": "Source code disclosure",
   "severity": 2,
   "vt_id": "61125d6e-3fdf-a73d-1c2d-1bf8a3bef84d"
  },
  {
   "count": 2,
   "name": "User credentials are sent in clear text",
   "severity": 2,
   "vt_id": "92a2df52-5f25-bff6-2e5b-64717a2a417e"
  },
  {
   "count": 1,
   "name": "Macromedia Dreamweaver remote database scripts",
   "severity": 3,
   "vt_id": "78a18edd-b1fd-7d7f-cc43-df8d6b43dba1"
  }
 ],
 "vuln_count": {
  "high": 45,
  "low": 10,
  "med": 66
 },
 "vuln_count_by_criticality": {
  "critical": null,
  "high": null,
  "low": null,
  "normal": {
   "high": 45,
   "low": 10,
   "med": 66
  }
 },
 "vulnerabilities_open_count": 121
}                                    

Targets

所有目标信息

Method:GET 
URL: /api/v1/targets

返回参数说明:

参数说明
targets目标详细信息
pagination分页信息

targets

参数说明
address扫描目标网址
continuous_mode是否连续模式
criticality危险程度
description描述
last_scan_date最近扫描的日期
last_scan_id最近扫描的id
last_scan_session_id最近扫描的session id
last_scan_session_status最近的扫描状态
manual_intervention手动干预
severity_counts漏洞等级个数分布
target_id目标id
threat威胁等级
type类型
verification验证

AWVS13 接口详细返回信息:

{
 "targets": [
  {
   "address": "http://testphp.vulnweb.com/",
   "continuous_mode": false,
   "criticality": 10,
   "description": "AWVS\u6d4b\u8bd5\u9776\u573a",
   "last_scan_date": "2020-04-13T10:17:09.880580+00:00",
   "last_scan_id": "506a2238-aaf2-487a-884b-b152fedffb10",
   "last_scan_session_id": "21124419-2a02-458e-82bf-fabab3462ddc",
   "last_scan_session_status": "completed",
   "manual_intervention": null,
   "severity_counts": {
    "high": 45,
    "info": 26,
    "low": 10,
    "medium": 66
   },
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "threat": 3,
   "type": "demo",
   "verification": "demo"
  }
 ],
 "pagination": {
  "count": 1,
  "cursor_hash": "8f629dd49f910b9202eb0da5d51fdb6e",
  "cursors": [
   null
  ],
  "sort": null
 }
}

筛选目标信息

发送参数说明:

参数类型说明
threatint威胁等级;高->低:[3,2,1,0]
criticalityint危险程度;高->低:[30,20,10,0]
Method:GET 
URL: /api/v1/targets?q=threat:{list};criticality:{list};

Demo:

curl 'https://127.0.0.1:13443/api/v1/targets?q=threat:3;criticality:10,20' -H 'Content-Type: application/json;charset=utf8' -H 'X-Auth: 1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01' -k

返回内容:

{
 "targets": [
  {
   "address": "http://testphp.vulnweb.com/",
   "continuous_mode": false,
   "criticality": 10,
   "description": "AWVS\u6d4b\u8bd5\u9776\u573a",
   "last_scan_date": "2020-04-13T10:17:09.880580+00:00",
   "last_scan_id": "506a2238-aaf2-487a-884b-b152fedffb10",
   "last_scan_session_id": "21124419-2a02-458e-82bf-fabab3462ddc",
   "last_scan_session_status": "completed",
   "manual_intervention": null,
   "severity_counts": {
    "high": 45,
    "info": 26,
    "low": 10,
    "medium": 66
   },
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "threat": 3,
   "type": "demo",
   "verification": "demo"
  }
 ],
 "pagination": {
  "count": 1,
  "cursor_hash": "86f4a853c258889b8e418b3d8f493679",
  "cursors": [
   null
  ],
  "sort": null
 }
}

添加目标

Method:POST 
URL: /api/v1/targets

Data:

{"address":"http://www.sqlsec.com","description":"xxxx","criticality":"10"}

发送参数说明:

参数类型说明
addressstring目标网址:需http或https开头
criticalityInt危险程度;范围:[30,20,10,0];默认为10
descriptionstring备注

返回参数说明:

参数说明
address目标网址
criticality危险程度
description备注
type类型
domain域名
target_id目标id
target_type目标类型
canonical_address根域名
canonical_address_hash根域名hash

Demo:

curl -d '{"address":"http://www.sqlsec.com","description":"xxxx","criticality":"10"}' 'https://127.0.0.1:13443/api/v1/targets'  -H 'Content-Type: application/json;charset=utf8' -H 'X-Auth: 1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01' -k

返回信息:

{
 "address": "http://www.sqlsec.com",
 "criticality": 10,
 "description": "xxxx",
 "type": "default",
 "domain": "www.sqlsec.com",
 "target_id": "28b11aa7-9c55-4a65-9cdd-70998e216af8",
 "target_type": null,
 "canonical_address": "sqlsec.com",
 "canonical_address_hash": "bad762b4a4bf172ab58592476b6d9ee7"
}

删除目标

Method:DELETE
URL: /api/v1/targets/{target_id}

Demo:

curl -X DELETE 'https://127.0.0.1:13443/api/v1/targets/28b11aa7-9c55-4a65-9cdd-70998e216af8' -H 'Content-Type: application/json;charset=utf8' -H 'X-Auth: 1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01' -k

无返回信息

规则设置

General 设置

criticality 设置

Method:PATCH 
URL: /api/v1/targets/{target_id}

Data:

{"description":"xxxx","criticality":20}

发送参数说明:

参数类型说明
descriptionString备注
criticalityInt危险程度;范围:[30,20,10,0]

Demo:

curl -X PATCH -d '{"description":"国光的测试","criticality":10}' 'https://127.0.0.1:13443/api/v1/targets/8fe7fcfd-660a-4d70-a5ae-1e599bd8ff8a' -H 'Content-Type: application/json;charset=utf8' -H 'X-Auth: 1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01' -k

无返回信息

连续扫描(Continuous Scanning)

Method:POST 
URL: /api/v1/targets/{target_id}/continuous_scan

Data:

{"enabled":false}

发送参数说明:

参数类型说明
enabledbool关闭:false;开启:true

Demo:

curl -d '{"enabled":true}' 'https://127.0.0.1:13443/api/v1/targets/8fe7fcfd-660a-4d70-a5ae-1e599bd8ff8a/continuous_scan' -H 'Content-Type: application/json;charset=utf8' -H 'X-Auth: 1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01' -k

返回信息:

{
 "enabled": false
}

连续扫描:在运行完了第一次初始化扫描之后,确认并且修复了已经检测到的漏洞缺陷,并且确认目标网站没有包含漏洞和安全问题之后,需要连续扫描来确保目标站点处于安全状态。对目标url进行连续扫描,并且给予每天的的日常扫描报告是否检测到了新的安全漏洞。

扫描速度(Scan Speed)

Method:PATCH 
URL: /api/v1/targets/{target_id}/configuration

Data:

{"scan_speed":"sequential"}

发送参数说明:

参数类型说明
scan_speedstring由慢到快:sequential slow moderate fast

Demo:

curl -X PATCH -d '{"scan_speed":"sequential"}' 'https://127.0.0.1:13443/api/v1/targets/8fe7fcfd-660a-4d70-a5ae-1e599bd8ff8a/configuration' -H 'Content-Type: application/json;charset=utf8' -H 'X-Auth: 1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01' -k

无返回信息

速度越慢扫描的也越仔细,鱼和熊掌不可兼得。

登录设置(Site Login)

Method: PATCH 
URL: /api/v1/targets/{target_id}/configuration

使用设定好的用户名和密码登录:

{"login":{"kind":"automatic","credentials":{"enabled":true,"username":"admin","password":"P@ssw0rd"}},"ssh_credentials":{"kind":"none"},"sensor":false}

不使用站点登录:

{"login":{"kind":"none"},"ssh_credentials":{"kind":"none"},"sensor":false,}

发送参数说明:

参数类型说明
logindict站点预设登录
kindstring启用:automatic; 不启用:none(默认); 使用登录序列:sequence
credentialsdict登录凭证
enabledboolfalse/true
usernamestring用户名
passwordstring密码
ssh_credentialsdictSSH凭证
sensorbool传感器

Demo:

curl -X PATCH -d '{"login":{"kind":"automatic","credentials":{"enabled":true,"username":"admin","password":"P@ssw0rd"}},"ssh_credentials":{"kind":"none"},"sensor":false}' 'https://127.0.0.1:13443/api/v1/targets/8fe7fcfd-660a-4d70-a5ae-1e599bd8ff8a/configuration' -H 'Content-Type: application/json;charset=utf8' -H 'X-Auth: 1986ad8c0a5b3df4d7028d5f3c06e936c67fe2c92688a43729821dfd939635a01' -k

无返回信息

Crawl 爬虫

Method:PATCH 
URL: /api/v1/targets/{target_id}/configuration

Data:

{"user_agent":"Opera/9.80 (Windows NT 6.0; U; en) Presto/2.8.99 Version/11.10","limit_crawler_scope":true,"excluded_paths":[],
}

发送参数说明:

参数类型说明
user_agentboolUA设置
case_sensitivestring路径大小写敏感设置 值:auto(默认)/no/yes
limit_crawler_scopebool将抓取限制为仅包含地址和子目录 值:true(默认)/false
excluded_pathslist排除路径

HTTP 设置

认证方式

支持Basic,Digest,NTLM和Kerberos(仅Windows)的认证方式

Method:PATCH 
URL: /api/v1/targets/{target_id}/configuration

发送参数说明:

参数类型说明
enabledboolfalse/true
usernamestring用户名
passwordstring密码

Data:

{"authentication":{"enabled":true,"username":"administrator","password":"P@ssw0rd"}}

客户端证书设置

Method:PATCH 
URL: /api/v1/targets/{target_id}/configuration

发送参数说明:

参数说明
client_certificate_password客户端证书密码
client_certificate_url客户端证书URL

Demo:

{"client_certificate_password":"","client_certificate_url":null}

代理设置

Method:PATCH 
URL: /api/v1/targets/{target_id}/configuration

发送参数说明:

参数说明
enabledfalse/true
protocol协议 默认http
address代理ip地址
port代理端口
username用户名 (可选参数)
password密码 (可选参数)
{"proxy":{"enabled":true,"protocol":"http","address":"127.0.0.1","port":2333,"username":"test","password":"P@ssw0rd"}}

高级设置

Method:PATCH 
URL: /api/v1/targets/{target_id}/configuration

参数说明:

参数说明
technologies检测技术
custom_headers自定义cookie
debug是否开启Debug
issue_tracker_id问题追踪器ID
excluded_hours_id排除的工作时间id

Demo:

{"technologies":["PHP"],"custom_headers":[],"custom_cookies":[],"debug":false,"issue_tracker_id":"","excluded_hours_id":""}

Scan 扫描

添加扫描

Method:POST
URL: /api/v1/scans

Data:

{
"target_id":"64496c9e-b340-4227-90d4-ac43e78d4a0d",
"profile_id":"11111111-1111-1111-1111-111111111112",
"schedule":    
      {"disable":false,
       "start_date":null,
       "time_sensitive":false
       }
}

发送参数说明:

参数类型说明
profile_idstring扫描类型
ui_session_istring可不传
incrementalbool增加的?
schedulejson扫描时间设置(默认即时)
report_template_idstring扫描报告类型(可不传)
target_idstring目标id

AWVS13扫描类型profile_id对照表:

类型国光翻译的理解
Full Scan11111111-1111-1111-1111-111111111111完全扫描
High Risk Vulnerabilities11111111-1111-1111-1111-111111111112高风险漏洞
Cross-site Scripting Vulnerabilities11111111-1111-1111-1111-111111111116XSS漏洞
SQL Injection Vulnerabilities11111111-1111-1111-1111-111111111113SQL注入漏洞
Weak Passwords11111111-1111-1111-1111-111111111115弱口令检测
Crawl Only11111111-1111-1111-1111-111111111117Crawl Only
Malware Scan11111111-1111-1111-1111-111111111120恶意软件扫描

请求头Data:

{"profile_id":"11111111-1111-1111-1111-111111111111","ui_session_id":"968396ab3b580c3abb4e56a6a7ace40b","incremental":false,"schedule":{"disable":false,"start_date":null,"time_sensitive":false},"report_template_id":"11111111-1111-1111-1111-111111111111","target_id":"f054de11-783a-4978-9186-3346f167c471"}

返回值:

{
 "profile_id": "11111111-1111-1111-1111-111111111111",
 "schedule": {
  "disable": false,
  "start_date": null,
  "time_sensitive": false,
  "triggerable": false
 },
 "target_id": "f054de11-783a-4978-9186-3346f167c471",
 "incremental": false,
 "max_scan_time": 0,
 "report_template_id": "11111111-1111-1111-1111-111111111111",
 "ui_session_id": null
}

获取目标的扫描id

Method:GET 
URL: /api/v1/scans/{target_id}

返回参数说明:

参数说明
criticality危险程度
current_session当前会话
start_date开始扫描时间
status扫描状态
threat威胁性
incremental额外的?
manual_intervention人工干预
max_scan_time最大扫描时间
next_run下一轮
profile_id扫描类型
profile_name扫描类型名称
report_template_id扫描报告模板id
scan_id扫描id
schedule时间表
target目标相关的信息
target_id目标id

详细返回信息:

{
 "criticality": 10,
 "current_session": {
  "event_level": 0,
  "progress": 0,
  "scan_session_id": "25a99e14-6301-41b8-8ed8-3bec989936d5",
  "severity_counts": {
   "high": 0,
   "info": 0,
   "low": 0,
   "medium": 0
  },
  "start_date": "2020-04-14T04:22:15.311735+00:00",
  "status": "queued",
  "threat": 0
 },
 "incremental": false,
 "manual_intervention": false,
 "max_scan_time": 0,
 "next_run": null,
 "profile_id": "11111111-1111-1111-1111-111111111111",
 "profile_name": "Full Scan",
 "report_template_id": null,
 "scan_id": "f20b7ffe-a8e4-4b1a-912d-7b319e02bddc",
 "schedule": {
  "disable": false,
  "history_limit": null,
  "recurrence": null,
  "start_date": null,
  "time_sensitive": false,
  "triggerable": false
 },
 "target": {
  "address": "https://www.baidu.com",
  "criticality": 10,
  "description": "Baidu",
  "type": "default"
 },
 "target_id": "f054de11-783a-4978-9186-3346f167c471"
}

评论区网友补充:api/v1/targets/target_id 获取 scan_id

删除扫描

Method:DELETE
URL: /api/v1/scans/{scan_id}

删除成功,返回024的状态码

获取所有扫描状态

Method:GET 
URL: /api/v1/scans?l={count}

请求参数说明:

参数类型说明
lint每页的显示结果

返回参数说明:

参数说明
pagination分页
criticality危险程度
current_session当前会话
event_level事件等级
progress新增
scan_session_id扫描会话id
severity_counts漏洞等级分布
start_date开始时间
status扫描状态
threat威胁等级
incremental增加的?
max_scan_time最大扫描时间
next_run下一轮
profile_id扫描类型
schedule时间表
target目标
target_id目标id

实际返回信息:

{
 "pagination": {
  "count": 2,
  "cursor_hash": "ad1285c42f54aace75b8c6704ab6d933",
  "cursors": [
   null
  ],
  "sort": null
 },
 "scans": [
  {
   "criticality": 10,
   "current_session": {
    "event_level": 1,
    "progress": 0,
    "scan_session_id": "7c3a3d93-1c30-4584-9fd8-3db84e6c1b8e",
    "severity_counts": {
     "high": 0,
     "info": 0,
     "low": 0,
     "medium": 0
    },
    "start_date": "2020-04-14T08:12:34.383931+00:00",
    "status": "processing",
    "threat": 0
   },
   "incremental": false,
   "max_scan_time": 0,
   "next_run": null,
   "profile_id": "11111111-1111-1111-1111-111111111111",
   "profile_name": "Full Scan",
   "report_template_id": null,
   "scan_id": "e6b32641-7576-4a5e-8e1e-640b2256e681",
   "schedule": {
    "disable": false,
    "history_limit": null,
    "recurrence": null,
    "start_date": null,
    "time_sensitive": false,
    "triggerable": false
   },
   "target": {
    "address": "https://www.baidu.com",
    "criticality": 10,
    "description": "Baidu",
    "type": "default"
   },
   "target_id": "f054de11-783a-4978-9186-3346f167c471"
  },
  {
   "criticality": 10,
   "current_session": {
    "acusensor": true,
    "event_level": 1,
    "progress": 100,
    "scan_session_id": "21124419-2a02-458e-82bf-fabab3462ddc",
    "severity_counts": {
     "high": 45,
     "info": 26,
     "low": 10,
     "medium": 66
    },
    "start_date": "2020-04-13T10:17:09.880580+00:00",
    "status": "completed",
    "threat": 3
   },
   "incremental": false,
   "max_scan_time": 0,
   "next_run": null,
   "profile_id": "11111111-1111-1111-1111-111111111111",
   "profile_name": "Full Scan",
   "report_template_id": null,
   "scan_id": "506a2238-aaf2-487a-884b-b152fedffb10",
   "schedule": {
    "disable": false,
    "history_limit": null,
    "recurrence": null,
    "start_date": null,
    "time_sensitive": false,
    "triggerable": false
   },
   "target": {
    "address": "http://testphp.vulnweb.com/",
    "criticality": 10,
    "description": "AWVS\u6d4b\u8bd5\u9776\u573a",
    "type": "default"
   },
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66"
  }
 ]
}

获取单个扫描状态

Method:GET 
URL: /api/v1/scans/{scan_id}

返回参数说明:

参数说明
criticality危险程度
current_session当前会话
acusensor是否启用acu传感器
event_level时间级别
progress新增数
scan_session_id扫描会话id
severity_counts漏洞等级分布
start_date开始扫描时间
status扫描状态
threat威胁
incremental增加的?
manual_intervention人工干预
max_scan_time最大扫描时间
next_run下一轮
profile_id扫描类型id
profile_name扫描类型名称
report_template_id报告模板id
scan_id扫描id
schedule时间表
target目标
target_id目标id

实际返回信息:

{
 "criticality": 10,
 "current_session": {
  "acusensor": true,
  "event_level": 1,
  "progress": 100,
  "scan_session_id": "21124419-2a02-458e-82bf-fabab3462ddc",
  "severity_counts": {
   "high": 45,
   "info": 26,
   "low": 10,
   "medium": 66
  },
  "start_date": "2020-04-13T10:17:09.880580+00:00",
  "status": "completed",
  "threat": 3
 },
 "incremental": false,
 "manual_intervention": false,
 "max_scan_time": 0,
 "next_run": null,
 "profile_id": "11111111-1111-1111-1111-111111111111",
 "profile_name": "Full Scan",
 "report_template_id": null,
 "scan_id": "506a2238-aaf2-487a-884b-b152fedffb10",
 "schedule": {
  "disable": false,
  "history_limit": null,
  "recurrence": null,
  "start_date": null,
  "time_sensitive": false,
  "triggerable": false
 },
 "target": {
  "address": "http://testphp.vulnweb.com/",
  "criticality": 10,
  "description": "AWVS\u6d4b\u8bd5\u9776\u573a",
  "type": "default"
 },
 "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66"
}

评论区网友补充:通过

api/v1/targets/{target_id}

可以获取最后一次 scan_id

单个扫描概况信息

Method:GET
URL: /api/v1/scans/{scan_id}/results/{scan_session_id}/statistics

返回参数信息:

参数说明
scanning_app正在扫描的app
vulns漏洞
name漏洞名称
time漏洞发现时间
vuln_id漏洞id
severity严重程度
target_info目标信息
host目标域名
target_id目标id
status扫描状态
duration持续时间
messages消息
data消息data
kind消息类别
time消息时间
level消息级别
target_info目标信息
progress新增
web_scan_statusWeb扫描状态
locations位置
request_count请求数
avg_response_time平均响应时间
max_response_time最大响应时间
status_statistics状态统计
operationStatsByRun运行状态
locationStatsByRequest按请求列出的位置统计信息
locationStatsByAvgDuration按平均持续时间列出的位置统计
locationStatsByTotalDuration按总持续时间列出的位置统计
operationStatsByTotalDuration按总持续时间列出的操作状态
hosthosts id
aborted中止
target_info目标信息
os操作系统
serverWeb Server
responsive有反应的
aborted_reason中止理由
external_hosts其他相关域名
web_scan_statusweb扫描状态
locations位置
request_count请求数
avg_response_time平均响应时间
max_response_time最长响应时间
is_starting_host是否开始扫描
status扫描状态
abort_requested请求终止
start_date开始日期
end_date结束日期
end_deadline截止日期

实际返回信息:

{
 "scanning_app": {
  "wvs": {
   "main": {
    "vulns": [
     {
      "name": "Subresource Integrity (SRI) not implemented",
      "time": "2020-04-14T08:13:15.849264+00:00",
      "vuln_id": "2287002727030458306",
      "severity": 0,
      "target_info": {
       "host": "www.baidu.com",
       "target_id": "f054de11-783a-4978-9186-3346f167c471"
      }
     },
     {
      "name": "Cookie(s) without Secure flag set",
      "time": "2020-04-14T08:13:15.780950+00:00",
      "vuln_id": "2287002726451644352",
      "severity": 1,
      "target_info": {
       "host": "www.baidu.com",
       "target_id": "f054de11-783a-4978-9186-3346f167c471"
      }
     },
     {
      "name": "Cookie(s) without Secure flag set",
      "time": "2020-04-14T08:13:15.713772+00:00",
      "vuln_id": "2287002725897996222",
      "severity": 1,
      "target_info": {
       "host": "www.baidu.com",
       "target_id": "f054de11-783a-4978-9186-3346f167c471"
      }
     },
     {
      "name": "Cookie(s) without Secure flag set",
      "time": "2020-04-14T08:13:15.649198+00:00",
      "vuln_id": "2287002725335959484",
      "severity": 1,
      "target_info": {
       "host": "www.baidu.com",
       "target_id": "f054de11-783a-4978-9186-3346f167c471"
      }
     },
     {
      "name": "Cookie(s) without HttpOnly flag set",
      "time": "2020-04-14T08:13:15.581567+00:00",
      "vuln_id": "2287002724773922746",
      "severity": 1,
      "target_info": {
       "host": "www.baidu.com",
       "target_id": "f054de11-783a-4978-9186-3346f167c471"
      }
     }
    ],
    "status": "finished",
    "duration": 39,
    "messages": [
     {
      "data": "",
      "kind": "antivirus_not_found",
      "time": "2020-04-14T08:12:38.058683+00:00",
      "level": 1,
      "target_info": null
     },
     {
      "data": "",
      "kind": "scanning",
      "time": "2020-04-14T08:12:37.842455+00:00",
      "level": -1,
      "target_info": {
       "host": "www.baidu.com",
       "target_id": "f054de11-783a-4978-9186-3346f167c471"
      }
     }
    ],
    "progress": 100,
    "web_scan_status": {
     "locations": 17,
     "request_count": 2033,
     "avg_response_time": 11,
     "max_response_time": 2085
    },
    "status_statistics": {
     "operationStatsByRun": [
      {
       "number_of_runs": 9,
       "operation_name": "/location/forceful_browsing.js",
       "total_duration": 722,
       "average_duration": 80
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/reverse_proxy_path_traversal.js",
       "total_duration": 40,
       "average_duration": 4
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/ruby_source_code_disclosure.js",
       "total_duration": 96,
       "average_duration": 10
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/sap_b2b_lfi.js",
       "total_duration": 10,
       "average_duration": 1
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/nodejs_source_code_disclosure.js",
       "total_duration": 66,
       "average_duration": 7
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/jquery_file_upload_rce.js",
       "total_duration": 548,
       "average_duration": 60
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/laravel_log_viewer_lfd.js",
       "total_duration": 36,
       "average_duration": 4
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/nodejs_path_traversal_CVE-2017-14849.js",
       "total_duration": 50,
       "average_duration": 5
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/npm_debug_log.js",
       "total_duration": 33,
       "average_duration": 3
      },
      {
       "number_of_runs": 9,
       "operation_name": "/location/python_source_code_disclosure.js",
       "total_duration": 184,
       "average_duration": 20
      }
     ],
     "locationStatsByRequest": [
      {
       "location_name": "https://www.baidu.com/",
       "total_duration": 24732,
       "average_duration": 27,
       "number_of_requests": 912
      },
      {
       "location_name": "https://www.baidu.com/s",
       "total_duration": 19702,
       "average_duration": 98,
       "number_of_requests": 200
      },
      {
       "location_name": "https://www.baidu.com/baidu.html",
       "total_duration": 21521,
       "average_duration": 29,
       "number_of_requests": 727
      },
      {
       "location_name": "https://www.baidu.com/ups/submit/",
       "total_duration": 1080,
       "average_duration": 38,
       "number_of_requests": 28
      },
      {
       "location_name": "https://www.baidu.com/ups/submit/addtips/",
       "total_duration": 2772,
       "average_duration": 24,
       "number_of_requests": 112
      },
      {
       "location_name": "https://www.baidu.com/cache/",
       "total_duration": 1286,
       "average_duration": 51,
       "number_of_requests": 25
      },
      {
       "location_name": "https://www.baidu.com/cache/sethelp/",
       "total_duration": 952,
       "average_duration": 35,
       "number_of_requests": 27
      },
      {
       "location_name": "https://www.baidu.com/cache/sethelp/index.html",
       "total_duration": 44,
       "average_duration": 22,
       "number_of_requests": 2
      }
     ],
     "locationStatsByAvgDuration": [
      {
       "location_name": "https://www.baidu.com/",
       "total_duration": 24732,
       "average_duration": 27,
       "number_of_requests": 912
      },
      {
       "location_name": "https://www.baidu.com/s",
       "total_duration": 19702,
       "average_duration": 98,
       "number_of_requests": 200
      },
      {
       "location_name": "https://www.baidu.com/baidu.html",
       "total_duration": 21521,
       "average_duration": 29,
       "number_of_requests": 727
      },
      {
       "location_name": "https://www.baidu.com/ups/submit/",
       "total_duration": 1080,
       "average_duration": 38,
       "number_of_requests": 28
      },
      {
       "location_name": "https://www.baidu.com/ups/submit/addtips/",
       "total_duration": 2772,
       "average_duration": 24,
       "number_of_requests": 112
      },
      {
       "location_name": "https://www.baidu.com/cache/",
       "total_duration": 1286,
       "average_duration": 51,
       "number_of_requests": 25
      },
      {
       "location_name": "https://www.baidu.com/cache/sethelp/",
       "total_duration": 952,
       "average_duration": 35,
       "number_of_requests": 27
      },
      {
       "location_name": "https://www.baidu.com/cache/sethelp/index.html",
       "total_duration": 44,
       "average_duration": 22,
       "number_of_requests": 2
      }
     ],
     "locationStatsByTotalDuration": [
      {
       "location_name": "https://www.baidu.com/",
       "total_duration": 24732,
       "average_duration": 27,
       "number_of_requests": 912
      },
      {
       "location_name": "https://www.baidu.com/s",
       "total_duration": 19702,
       "average_duration": 98,
       "number_of_requests": 200
      },
      {
       "location_name": "https://www.baidu.com/baidu.html",
       "total_duration": 21521,
       "average_duration": 29,
       "number_of_requests": 727
      },
      {
       "location_name": "https://www.baidu.com/ups/submit/",
       "total_duration": 1080,
       "average_duration": 38,
       "number_of_requests": 28
      },
      {
       "location_name": "https://www.baidu.com/ups/submit/addtips/",
       "total_duration": 2772,
       "average_duration": 24,
       "number_of_requests": 112
      },
      {
       "location_name": "https://www.baidu.com/cache/",
       "total_duration": 1286,
       "average_duration": 51,
       "number_of_requests": 25
      },
      {
       "location_name": "https://www.baidu.com/cache/sethelp/",
       "total_duration": 952,
       "average_duration": 35,
       "number_of_requests": 27
      },
      {
       "location_name": "https://www.baidu.com/cache/sethelp/index.html",
       "total_duration": 44,
       "average_duration": 22,
       "number_of_requests": 2
      }
     ],
     "operationStatsByTotalDuration": [
      {
       "number_of_runs": 1,
       "operation_name": "/Scripts/PerServer/Apache_Solr_Exposed.script",
       "total_duration": 18373,
       "average_duration": 18373
      },
      {
       "number_of_runs": 1,
       "operation_name": "/target/cassandra_open.js",
       "total_duration": 29964,
       "average_duration": 29964
      },
      {
       "number_of_runs": 1,
       "operation_name": "/target/weblogic_rce_CVE-2018-3245.js",
       "total_duration": 29964,
       "average_duration": 29964
      },
      {
       "number_of_runs": 1,
       "operation_name": "/target/redis_open.js",
       "total_duration": 29958,
       "average_duration": 29958
      },
      {
       "number_of_runs": 1,
       "operation_name": "/Scripts/PerServer/Hadoop_Cluster_Web_Interface.script",
       "total_duration": 27959,
       "average_duration": 27959
      },
      {
       "number_of_runs": 1,
       "operation_name": "/target/fastcgi_unauth.js",
       "total_duration": 29971,
       "average_duration": 29971
      },
      {
       "number_of_runs": 1,
       "operation_name": "/target/memcached_open.js",
       "total_duration": 29958,
       "average_duration": 29958
      },
      {
       "number_of_runs": 1,
       "operation_name": "/target/apache_spark_audit.js",
       "total_duration": 20232,
       "average_duration": 20232
      },
      {
       "number_of_runs": 1,
       "operation_name": "/Scripts/PerServer/JMX_RMI_service.script",
       "total_duration": 20964,
       "average_duration": 20964
      },
      {
       "number_of_runs": 1,
       "operation_name": "/target/docker_engine_API_exposed.js",
       "total_duration": 19986,
       "average_duration": 19986
      }
     ]
    }
   },
   "hosts": {
    "f054de11-783a-4978-9186-3346f167c471": {
     "host": "www.baidu.com",
     "aborted": null,
     "target_info": {
      "os": "Unknown",
      "server": "BWS/1.1",
      "responsive": true
     },
     "aborted_reason": null,
     "external_hosts": [
      "https://dss0.bdstatic.com",
      "https://ss1.bdstatic.com",
      "https://sp1.baidu.com",
      "https://ss1.baidu.com",
      "https://ss0.baidu.com",
      "https://ss3.baidu.com",
      "https://ss2.baidu.com",
      "https://dss1.bdstatic.com",
      "https://passport.baidu.com",
      "https://wappass.baidu.com",
      "https://passport.bdimg.com",
      "https://nsclick.baidu.com",
      "https://sp0.baidu.com",
      "https://sp2.baidu.com",
      "http://www.baidu.com",
      "https://voice.baidu.com",
      "http://news.baidu.com",
      "https://www.hao123.com",
      "http://map.baidu.com",
      "http://v.baidu.com",
      "http://tieba.baidu.com",
      "http://xueshu.baidu.com",
      "https://home.baidu.com",
      "http://ir.baidu.com",
      "http://e.baidu.com",
      "https://help.baidu.com",
      "http://www.beian.gov.cn",
      "http://zhidao.baidu.com",
      "http://music.taihe.com",
      "http://image.baidu.com",
      "http://wenku.baidu.com",
      "https://dss1.baidu.com",
      "https://dss3.bdstatic.com",
      "https://cambrian-images.cdn.bcebos.com",
      "https://dss0.baidu.com",
      "https://dss2.bdstatic.com",
      "https://timg01.bdimg.com",
      "https://img1.bdstatic.com",
      "https://img0.bdstatic.com",
      "https://imgstat.baidu.com",
      "https://timgsa.baidu.com",
      "https://img2.bdstatic.com",
      "https://image.baidu.com",
      "http://home.baidu.com",
      "http://jianyi.baidu.com",
      "https://ss2.bdstatic.com"
     ],
     "web_scan_status": {
      "locations": 17,
      "request_count": 1899,
      "avg_response_time": 10,
      "max_response_time": 1496
     },
     "is_starting_host": true
    }
   },
   "status": "aborted",
   "abort_requested": true,
   "start_date": "2020-04-14T08:12:34.369124+00:00",
   "end_date": "2020-04-14T08:13:18.287592+00:00",
   "end_deadline": "2020-04-16T08:12:34.365524+00:00",
   "event_level": 1
  }
 },
 "status": "aborted",
 "severity_counts": {
  "high": 0,
  "medium": 2,
  "low": 26,
  "info": 3
 }
}

单个扫描漏洞结果

Method:GET
URL: /api/v1/scans/{scan_id}/results/{scan_session_id}/vulnerabilities?l={count}&s=severity:desc

请求接口信息:

接口说明
l显示数量

返回接口信息:

接口说明
vulnerabilities脆弱性
affects_detail影响详细信息
affects_url影响URL
confidence信心
criticality危险程度
last_seenlast_seen
loc_idloc id
status状态
tags漏洞标签
target_id目标id
vt_idvt_id
vt_name漏洞名称
vuln_id漏洞类别id
pagination分页

返回详细信息:

{
 "vulnerabilities": [
  {
   "affects_detail": "searchFor",
   "affects_url": "http://testphp.vulnweb.com/search.php",
   "confidence": 100,
   "criticality": 10,
   "last_seen": null,
   "loc_id": 129,
   "severity": 3,
   "status": "open",
   "tags": [
    "verified",
    "CWE-79",
    "xss"
   ],
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
   "vt_name": "Cross site scripting",
   "vuln_id": "2286341152976143767"
  },
  {
   "affects_detail": "uaddress",
   "affects_url": "http://testphp.vulnweb.com/secured/newuser.php",
   "confidence": 100,
   "criticality": 10,
   "last_seen": null,
   "loc_id": 317,
   "severity": 3,
   "status": "open",
   "tags": [
    "verified",
    "CWE-79",
    "xss"
   ],
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
   "vt_name": "Cross site scripting",
   "vuln_id": "2286341419087955369"
  },
  {
   "affects_detail": "ucc",
   "affects_url": "http://testphp.vulnweb.com/secured/newuser.php",
   "confidence": 100,
   "criticality": 10,
   "last_seen": null,
   "loc_id": 317,
   "severity": 3,
   "status": "open",
   "tags": [
    "verified",
    "CWE-79",
    "xss"
   ],
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
   "vt_name": "Cross site scripting",
   "vuln_id": "2286341419515774379"
  },
  {
   "affects_detail": "uemail",
   "affects_url": "http://testphp.vulnweb.com/secured/newuser.php",
   "confidence": 100,
   "criticality": 10,
   "last_seen": null,
   "loc_id": 317,
   "severity": 3,
   "status": "open",
   "tags": [
    "verified",
    "CWE-79",
    "xss"
   ],
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
   "vt_name": "Cross site scripting",
   "vuln_id": "2286341419935204781"
  }
 ],
 "pagination": {
  "count": 147,
  "cursor_hash": "212c913db3a92b9f3eb3a0a44d611667",
  "cursors": [
   null,
   "5",
   "10"
  ],
  "sort": "severity:desc"
 }
}

获取当前扫描单个漏洞信息

Method: GET
URL: /api/v1/scans/{scan_id}/results/{scan_session_id}/vulnerabilities/{vuln_id}

返回参数说明:

参数说明
affects_detail影响细节
affects_url影响URL
confidence准确率
criticality危险程度
cvss2cvss2信息
cvss3cvss3信息
cvss_scorecvss评分
description漏洞描述
highlights高亮
impact影响
loc_idloc id
long_description更多描述
references参考链接来源
request请求头信息
response_info返回头信息
severity漏洞等级(0-3)
source使用的脚本链接
status状态
tags标签
target_id目标id
vt_id漏洞id
vt_name漏洞名称
vuln_id漏洞所属类型id

返回详细信息:

{
 "affects_detail": "searchFor",
 "affects_url": "http://testphp.vulnweb.com/search.php",
 "confidence": 100,
 "criticality": 10,
 "cvss2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
 "cvss3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
 "cvss_score": 5.3,
 "description": "Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.",
 "details": "   URL encoded POST input <strong><span class=\"bb-dark\">searchFor</span></strong> was set to <strong><span class=\"bb-dark\">the&#x27;&quot;()&amp;%&lt;acx&gt;&lt;ScRiPt &gt;Dta8(9300)&lt;/ScRiPt&gt;</span></strong><br/>    ",
 "highlights": [
  {
   "index": 2289,
   "length": 6,
   "in": "body"
  },
  {
   "index": 2297,
   "length": 10,
   "in": "body"
  }
 ],
 "impact": "Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then impersonate that user.<br/><br/>\n\nFurthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user. Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.",
 "loc_id": 129,
 "long_description": "In order for a Cross-site scripting (XSS) attack to take place, an attacker does not directly target a victim. Instead, an attacker exploits a vulnerability in a web application visited by a victim, where the web application is used to deliver the malicious JavaScript. The victim's browser is not able to distinguish between malicious and legitimate JavaScript, and therefore, executes the attacker's malicious payload.<br/><br/>  Since cross-site scripting (XSS) is user input which is interpreted as code. In order to prevent XSS, secure input handling is necessary. The two fundamental methods of handling untrusted user input are <strong>encoding</strong> and <strong>validation</strong>.<br/><br/>  <ul>   <li><strong>Encoding</strong> - Escapes user input so that browsers interpret it as <strong>data</strong>, not as code</li>   <li><strong>Validation</strong> - Filters user input so that browsers interpret it as code without malicious commands</li> </ul><br/>  Encoding and validation are two different techniques to preventing cross-site scripting (XSS). Deciding which should be used highly depends on the <strong>context</strong> within which the untrusted user input is being inserted.<br/><br/>  The following are two examples of the most common cross-site scripting (XSS) contexts.<br/> <pre> &lt;!-- HTML element --&gt; &lt;div&gt;<strong><span class=\"bb-dark\">userInput</span></strong>&lt;/div&gt;  &lt;!-- HTML attribute --&gt; &lt;input value=&quot;<strong><span class=\"bb-dark\">userInput</strong></span>&quot;&gt; </pre>  The method for preventing cross-site (XSS) scripting in the two examples above is different. In the first example, where user input is inserted in an HTML element, HTML encoding is the correct way to prevent XSS. However, in the second example, where user input is inserted in an HTML attribute, validation (in this case, filtering out <code>'</code> and <code>&quot;</code>)is the appropriate prevention method.<br/> <pre> &lt;!-- Application code --&gt; &lt;input value=&quot;<strong><span class=\"bb-dark\">userInput</span></strong>&quot;&gt;  &lt;!-- Malicious string --&gt; &quot;&gt;&lt;script&gt;...&lt;/script&gt;&lt;input value=&quot;  &lt;!-- Resulting code --&gt; &lt;input value=&quot;<strong><span class=\"bb-dark\">&quot;&gt;&lt;script&gt;...&lt;/script&gt;&lt;input value=&quot;</strong></span>&quot;&gt; </pre>  In <strong>most</strong> of the time, encoding should be performed whenever user input is included in a page, however, as with the above example, in some cases, encoding has to be replaced by or complemented with validation.<br/><br/>  It's important to remember that secure input handling has to take into account which context of a page the user input is inserted into.",
 "recommendation": "Apply context-dependent encoding and/or validation to user input rendered on a page",
 "references": [
  {
   "href": "https://www.acunetix.com/websitesecurity/cross-site-scripting/",
   "rel": "Cross-site Scripting (XSS) Attack - Acunetix"
  },
  {
   "href": "https://www.acunetix.com/websitesecurity/xss/",
   "rel": "Types of XSS - Acunetix"
  },
  {
   "href": "https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet",
   "rel": "XSS Filter Evasion Cheat Sheet"
  },
  {
   "href": "https://excess-xss.com/",
   "rel": "Excess XSS, a comprehensive tutorial on cross-site scripting"
  },
  {
   "href": "https://en.wikipedia.org/wiki/Cross-site_scripting ",
   "rel": "Cross site scripting"
  }
 ],
 "request": "POST /search.php?test=query HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nReferer: http://testphp.vulnweb.com/\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate\r\nContent-Length: 70\r\nHost: testphp.vulnweb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36\r\nConnection: Keep-alive\r\n\r\ngoButton=go&searchFor=the'\"()%26%25<acx><ScRiPt%20>Dta8(9300)</ScRiPt>",
 "response_info": true,
 "severity": 3,
 "source": "/Scripts/PerScheme/XSS.script",
 "status": "open",
 "tags": [
  "verified",
  "CWE-79",
  "xss"
 ],
 "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
 "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
 "vt_name": "Cross site scripting",
 "vuln_id": "2286341152976143767"
}

Vulnerabilities 脆弱性

获取所有漏洞信息

Method:GET 
URL: /api/v1/vulnerabilities?l=20&q=status:open

l: 分页查询

status: 默认为open

说明
open公开
fixed已修复
ignored已忽略
false_positive误报
!open不公开

返回参数说明:

参数说明
pagination页码信息
vulnerabilities漏洞信息

实际返回信息:

{
 "vulnerabilities": [
  {
   "affects_detail": "searchFor",
   "affects_url": "http://testphp.vulnweb.com/search.php",
   "confidence": 100,
   "continuous": false,
   "criticality": 10,
   "issue_id": null,
   "last_seen": "2020-04-13T10:18:50.070007+00:00",
   "severity": 3,
   "status": "open",
   "tags": [
    "verified",
    "CWE-79",
    "xss"
   ],
   "target_description": "AWVS\u6d4b\u8bd5\u9776\u573a",
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
   "vt_name": "Cross site scripting",
   "vuln_id": "2286341152959366550"
  },
  {
   "affects_detail": "uaddress",
   "affects_url": "http://testphp.vulnweb.com/secured/newuser.php",
   "confidence": 100,
   "continuous": false,
   "criticality": 10,
   "issue_id": null,
   "last_seen": "2020-04-13T10:19:21.793149+00:00",
   "severity": 3,
   "status": "open",
   "tags": [
    "verified",
    "CWE-79",
    "xss"
   ],
   "target_description": "AWVS\u6d4b\u8bd5\u9776\u573a",
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
   "vt_name": "Cross site scripting",
   "vuln_id": "2286341419071178152"
  },
  {
   "affects_detail": "ucc",
   "affects_url": "http://testphp.vulnweb.com/secured/newuser.php",
   "confidence": 100,
   "continuous": false,
   "criticality": 10,
   "issue_id": null,
   "last_seen": "2020-04-13T10:19:21.843254+00:00",
   "severity": 3,
   "status": "open",
   "tags": [
    "verified",
    "CWE-79",
    "xss"
   ],
   "target_description": "AWVS\u6d4b\u8bd5\u9776\u573a",
   "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
   "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
   "vt_name": "Cross site scripting",
   "vuln_id": "2286341419490608554"
  }
 ],
 "pagination": {
  "count": 188,
  "cursor_hash": "94d01e070606634a4efab4c82395e7ce",
  "cursors": [
   null,
   "WzEwLCAzLCAiQ3Jvc3Mgc2l0ZSBzY3JpcHRpbmciLCAyMjg2MzQxNDE5OTE4NDI3NTY0XQ==",
   "WzEwLCAzLCAiQ3Jvc3Mgc2l0ZSBzY3JpcHRpbmciLCAyMjg2MzQxNDIxMTUxNTUyOTQ2XQ=="
  ],
  "sort": null
 }
}

条件筛选漏洞信息

Method:GET 
URL: /api/v1/vulnerabilities?q=severity:{int};criticality:{int};status:{string};cvss_score:{logic expression};cvss_score:{logic expression};target_id:{target_id};group_id:{group_id}

这里实际上就是对应AWVS的这一块的过滤筛选器,如果接口有误差就参考过滤器自己抓包即可:

img

获取单个漏洞信息

说明: 此处的vuln_id 应是根据本模块中获取全部漏洞信息中得到的vuln_id, 不能将scans模块得到的vuln_id传入,否则无法获取到漏洞信息。

Method:GET 
URL: api/v1/vulnerabilities/{vuln_id}

实际返回信息:

{
 "affects_detail": "searchFor",
 "affects_url": "http://testphp.vulnweb.com/search.php",
 "confidence": 100,
 "continuous": false,
 "criticality": 10,
 "cvss2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
 "cvss3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
 "cvss_score": 5.3,
 "description": "Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.",
 "details": "   URL encoded POST input <strong><span class=\"bb-dark\">searchFor</span></strong> was set to <strong><span class=\"bb-dark\">the&#x27;&quot;()&amp;%&lt;acx&gt;&lt;ScRiPt &gt;Dta8(9300)&lt;/ScRiPt&gt;</span></strong><br/>    ",
 "highlights": [
  {
   "index": 2289,
   "length": 6,
   "in": "body"
  },
  {
   "index": 2297,
   "length": 10,
   "in": "body"
  }
 ],
 "impact": "Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then impersonate that user.<br/><br/>\n\nFurthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user. Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.",
 "issue_id": null,
 "last_seen": "2020-04-13T10:18:50.070007+00:00",
 "loc_id": null,
 "long_description": "In order for a Cross-site scripting (XSS) attack to take place, an attacker does not directly target a victim. Instead, an attacker exploits a vulnerability in a web application visited by a victim, where the web application is used to deliver the malicious JavaScript. The victim's browser is not able to distinguish between malicious and legitimate JavaScript, and therefore, executes the attacker's malicious payload.<br/><br/>  Since cross-site scripting (XSS) is user input which is interpreted as code. In order to prevent XSS, secure input handling is necessary. The two fundamental methods of handling untrusted user input are <strong>encoding</strong> and <strong>validation</strong>.<br/><br/>  <ul>   <li><strong>Encoding</strong> - Escapes user input so that browsers interpret it as <strong>data</strong>, not as code</li>   <li><strong>Validation</strong> - Filters user input so that browsers interpret it as code without malicious commands</li> </ul><br/>  Encoding and validation are two different techniques to preventing cross-site scripting (XSS). Deciding which should be used highly depends on the <strong>context</strong> within which the untrusted user input is being inserted.<br/><br/>  The following are two examples of the most common cross-site scripting (XSS) contexts.<br/> <pre> &lt;!-- HTML element --&gt; &lt;div&gt;<strong><span class=\"bb-dark\">userInput</span></strong>&lt;/div&gt;  &lt;!-- HTML attribute --&gt; &lt;input value=&quot;<strong><span class=\"bb-dark\">userInput</strong></span>&quot;&gt; </pre>  The method for preventing cross-site (XSS) scripting in the two examples above is different. In the first example, where user input is inserted in an HTML element, HTML encoding is the correct way to prevent XSS. However, in the second example, where user input is inserted in an HTML attribute, validation (in this case, filtering out <code>'</code> and <code>&quot;</code>)is the appropriate prevention method.<br/> <pre> &lt;!-- Application code --&gt; &lt;input value=&quot;<strong><span class=\"bb-dark\">userInput</span></strong>&quot;&gt;  &lt;!-- Malicious string --&gt; &quot;&gt;&lt;script&gt;...&lt;/script&gt;&lt;input value=&quot;  &lt;!-- Resulting code --&gt; &lt;input value=&quot;<strong><span class=\"bb-dark\">&quot;&gt;&lt;script&gt;...&lt;/script&gt;&lt;input value=&quot;</strong></span>&quot;&gt; </pre>  In <strong>most</strong> of the time, encoding should be performed whenever user input is included in a page, however, as with the above example, in some cases, encoding has to be replaced by or complemented with validation.<br/><br/>  It's important to remember that secure input handling has to take into account which context of a page the user input is inserted into.",
 "recommendation": "Apply context-dependent encoding and/or validation to user input rendered on a page",
 "references": [
  {
   "href": "https://www.acunetix.com/websitesecurity/cross-site-scripting/",
   "rel": "Cross-site Scripting (XSS) Attack - Acunetix"
  },
  {
   "href": "https://www.acunetix.com/websitesecurity/xss/",
   "rel": "Types of XSS - Acunetix"
  },
  {
   "href": "https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet",
   "rel": "XSS Filter Evasion Cheat Sheet"
  },
  {
   "href": "https://excess-xss.com/",
   "rel": "Excess XSS, a comprehensive tutorial on cross-site scripting"
  },
  {
   "href": "https://en.wikipedia.org/wiki/Cross-site_scripting ",
   "rel": "Cross site scripting"
  }
 ],
 "request": "POST /search.php?test=query HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nReferer: http://testphp.vulnweb.com/\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate\r\nContent-Length: 70\r\nHost: testphp.vulnweb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36\r\nConnection: Keep-alive\r\n\r\ngoButton=go&searchFor=the'\"()%26%25<acx><ScRiPt%20>Dta8(9300)</ScRiPt>",
 "response_info": true,
 "severity": 3,
 "source": "/Scripts/PerScheme/XSS.script",
 "status": "open",
 "tags": [
  "verified",
  "CWE-79",
  "xss"
 ],
 "target_description": "AWVS\u6d4b\u8bd5\u9776\u573a",
 "target_id": "7b70e73f-bad0-4531-99a8-69d916ed7e66",
 "vt_id": "7a2fa5a4-7125-1062-0651-ed5219f05809",
 "vt_name": "Cross site scripting",
 "vuln_id": "2286341152959366550"
}

Reports 报告

获取所有扫描报告

Method:GET 
URL: /api/v1/reports?l={count}?l={count}

返回参数说明:

参数说明
pagination分页
reports报告
download下载链接[html, pdf]
generation_date生成日期
report_id报告ID
source来源
status状态
template_id模板id
template_name模板名称

实际返回信息:

{
 "pagination": {
  "count": 1,
  "cursor_hash": "ad1285c42f54aace75b8c6704ab6d933",
  "cursors": [
   null
  ],
  "sort": null
 },
 "reports": [
  {
   "download": [
    "/api/v1/reports/download/d934580e86291e1b0f725892e0c0296ae4c26db14a346de4766e104d3fc5b4796326ad115e9597c1f4ee8dd5-2234-4d91-a93b-f5039242b1ab.html",
    "/api/v1/reports/download/ccd08287711e89344cfd66b90e53c89e03a9396b73e1f672ca1c6bbd22a715043f6f08ac5e9597c1f4ee8dd5-2234-4d91-a93b-f5039242b1ab.pdf"
   ],
   "generation_date": "2020-04-13T04:30:38.044204+00:00",
   "report_id": "f4ee8dd5-2234-4d91-a93b-f5039242b1ab",
   "source": {
    "list_type": "scan_result",
    "description": "http://testphp.vulnweb.com/;AWVS\u9776\u573a",
    "id_list": [
     "df99f637-fe77-403d-866e-ba1d36286bb9"
    ]
   },
   "status": "completed",
   "template_id": "11111111-1111-1111-1111-111111111115",
   "template_name": "Affected Items",
   "template_type": 0
  }
 ]
}

AWVS13扫描类型template_id对照表:

类型
Affected Items11111111-1111-1111-1111-111111111115
Developer11111111-1111-1111-1111-111111111111
Executive Summary11111111-1111-1111-1111-111111111113
Quick11111111-1111-1111-1111-111111111112
CWE 201111111111-1111-1111-1111-111111111116
HIPAA11111111-1111-1111-1111-111111111114
ISO 2700111111111-1111-1111-1111-111111111117
NIST SP800 5311111111-1111-1111-1111-111111111118
OWASP Top 10 201311111111-1111-1111-1111-111111111119
OWASP Top 10 201711111111-1111-1111-1111-111111111125
PCI DSS 3.211111111-1111-1111-1111-111111111120
Sarbanes Oxley11111111-1111-1111-1111-111111111121
STIG DISA11111111-1111-1111-1111-111111111122
WASC Threat Classification11111111-1111-1111-1111-111111111123

删除单个报告

Method:DELETE 
URL: /api/v1/reports/{report_id}

总结

再参考了前辈h4rdy的 AWVS11 的 API 后,国光根据前辈的文档全部都一个个验证尝试了,发现 AWVS13 的 API 变动不大,期间只有几个小功能没有复现验证成功,有的通过抓包解决了,有的现在依然没有解决(AWVS13 上传登录序列这一块),如果有解决方法的朋友欢迎评论分享解决方法,目前评论区已经指出了几个问题了,大家也可以参考下评论区的解决方法。

参考资料

支持一下

本文可能实际上也没有啥技术含量,但是写起来还是比较浪费时间的,在这个喧嚣浮躁的时代,个人博客越来越没有人看了,写博客感觉一直是用爱发电的状态。如果你恰巧财力雄厚,感觉本文对你有所帮助的话,可以考虑打赏一下本文,用以维持高昂的服务器运营费用(域名费用、服务器费用、CDN费用等)

微信
支付宝

没想到文章加入打赏列表没几天 就有热心网友打赏了 于是国光我用 Bootstrap 重写了一个页面用以感谢支持我的朋友,详情请看 打赏列表 | 国光


文章作者:  国光
版权声明:  本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 国光 !
 上一篇
xray Web 扫描器学习记录 xray Web 扫描器学习记录
长亭科技的 xray 扫描器的扫描效果还不错,在国内颇受好评,很有幸以前在长亭科技工作,技术氛围很好。扯得有点远了,话不多说,本文是是 xray 国光的学习记录,也可以当做新手的 xray 教程来用,不过我还是建议大家看看官方文档,只是国光
2020-04-14
下一篇 
AWVS13.X 破解版Windows、Linux、Docker AWVS13.X 破解版Windows、Linux、Docker
Acunetix Web Vulnerability Scanner(AWVS)经典商业漏扫工具,最近更新了 13 的版本,本文分享的 AWVS 的破解版是网上大佬们分享出来的国光我只是一个小小搬运工,折腾 AWVS 的原因是正好最近准备用
2020-04-12
  目录