Acunetix Web Vulnerability Scanner Python helper script

wvsscannerqueue.py
Version:python 2.7.*

Acunetix the first version of the Web vulnerability Scanner Auxiliary python script.
Function:
Scan all URLs in the URL.TXT file
The scan completes a URL immediately after the report is filtered, and the title of the vulnerability is sent to itself

Problems that exist:
Scanning some websites is slow
After all, this is a direct scan of the console that calls Acunetix Web vulnerability Scanner.
Sometimes scan a website for several days, did not write the corresponding method to cancel, later read write not write

Sometimes he's out there, sweeping a serious loophole and going straight back to duang~.

Source Address:

Https://github.com/yanyueoo7/WvsScannerQueue

#! / usr / bin / env python
#-*-coding: utf-8-*-
#Author: Tea
#date 2014/06/25
#The WVS Scanner Report Auxiliary Tool

import os
import sys
import time
import Queue
import smtplib
import threading
import subprocess
from xml.dom import minidom #Parse the XML module
from email.mime.text import MIMEText #Send Email Module

mailto_list = [‘[email protected]’] #To
mail_host = "smtp.126.com"
mail_user = "mail126" #Sending account
mail_pass = "mail126123" #Send password
mail_postfix = "126.com"

#Read the file content, remove the URL, and remove the duplicate
def read_url (filepath):
tmpfileurl = []
filecontent = open (filepath)
for url in filecontent:
if url .__ len __ ()> 4:
tmpfileurl.append (url.replace (‘\ n‘, ‘‘))
filecontent.close ()
fileurl = () .fromkeys (tmpfileurl) .keys ()
return fileurl

#Judge the result after calling the scan function
def call_wvsscan_result (url):
Rcode = start_wvsscanner (url)
check_result_load (Rcode)

#Scan the results for reading, and send an email, here you can also write concisely
def check_result_load (Rcode):
(RRcode, Mtag, RRdir) = Rcode.split (‘|‘)
MTitle = ‘WvsScanner Report--’ + Mtag
RRdir + = ‘\\ export.xml’
if int (RRcode) == 3:
MResult = ‘\ n’.join (laod_xml_report (RRdir))
send_mail (mailto_list, MTitle, MResult)
elif int (RRcode) == 2:
MResult = ‘\ n’.join (laod_xml_report (RRdir))
send_mail (mailto_list, MTitle, MResult)
elif int (RRcode) == 1:
MResult = ‘\ n’.join (laod_xml_report (RRdir))
send_mail (mailto_list, MTitle, MResult)
else:
print ‘Info’

#Call the software for scanning
def start_wvsscanner (url):
wvs = ‘D: \ Software \ Web Vulnerability Scanner 9.5 \ wvs_console.exe’ #WVS_CONSLEL path defined
Time = time.strftime (‘% Y-% m-% d’, time.localtime (time.time ()))
savefolder = ‘D: \\ Log \\ Wvs \\’ + Time + ‘\\’ + httpreplace (url) #Define the log results after scanning
if os.path.lexists (savefolder) is False:
os.makedirs (savefolder)
wvscommand = wvs + ‘/ Scan‘ + url + ‘/ Profile default / Save / SaveFolder‘ + savefolder + ‘/ exportxml --UseAcuSensor = FALSE --ScanningMode = Heuristic‘
print wvscommand
doscan = subprocess.call (wvscommand)
retresult = str (doscan) + ‘|‘ + url + ‘|’ + savefolder
return retresult

#Replace the http: // characters and special characters of the URL in order to create the log save directory without illegal characters
def httpreplace (httpstr):
return httpstr.replace (‘https: //‘, ‘‘) .replace (‘http: //‘, ‘‘) .replace (‘/‘, ‘) .replace (‘: ‘,‘-’)

#Parse the XML report file and extract the vulnerability title
def laod_xml_report (xmlname):
Result = []
HeadInfo = []
tmpResult = []
ResultContact = {‘red’: ‘High’, ‘orange’: ‘Medium’, ‘blue’: ‘Low’, ‘green’: ‘Info’}
dom = minidom.parse (xmlname)
count = dom.getElementsByTagName (‘ReportItem’)
HeadInfo.append (dom.getElementsByTagName ("StartURL") [0])
HeadInfo.append (dom.getElementsByTagName ("StartTime") [0])
HeadInfo.append (dom.getElementsByTagName ("FinishTime") [0])
HeadInfo.append (dom.getElementsByTagName ("ScanTime") [0])
for i in HeadInfo:
for n in i.childNodes:
Result.append (n.nodeValue)
for i in xrange (len (count)):
color = dom.getElementsByTagName (‘ReportItem’) [i] .getAttribute (‘color’)
ReportItem = dom.getElementsByTagName ("ReportItem") [i]
Name = ReportItem.getElementsByTagName ("Name") [0]
if color in ResultContact:
colorResult = ResultContact [color] + ‘\ t’
else:
colorResult = ‘Other \ t’
for textNode in Name.childNodes:
tmpResult.append (colorResult + textNode.nodeValue)
Result2 = () .fromkeys (tmpResult) .keys ()
Result2 = sortresultlist (Result2)
Result.append (‘Vulnerable Count:’ + str (len (Result2)))
for n in xrange (len (Result2)):
Result.append (Result2 [n])
return Result

#Sort the scan results, this is too scum
def sortresultlist (List):
Result = []
for i in List:
if i.startswith (‘High‘):
Result.append (i)
for i in List:
if i.startswith (‘Medium’):
Result.append (i)
for i in List:
if i.startswith (‘Low‘):
Result.append (i)
for i in List:
if i.startswith (‘Info‘):
Result.append (i)
for i in List:
if i.startswith (‘Other‘):
Result.append (i)
return Result

#Send notification email
def send_mail (to_list, sub, content):
me = "WvsScanner <" + mail_user + "@" + mail_postfix + ">"
msg = MIMEText (content, _subtype = ‘plain’, _charset = ‘utf-8’)
msg [‘Subject’] = sub
msg [‘From‘] = me
msg [‘To‘] = ";". join (to_list)
try:
server = smtplib.SMTP ()
server.connect (mail_host)
server.login (mail_user, mail_pass)
server.sendmail (me, to_list, msg.as_string ())
server.close ()
return True
except Exception, e:
catchwrite (str (e))
return False

#Exception write file record
def catchwrite (errcode):
filestr = "mailerror.txt"
errtime = time.strftime (‘% Y-% m-% d% H:% M:% S’, time.localtime (time.time ()))
errfile = open (filestr, ‘a’)
errfile.write (errtime + ‘\ t’ + errcode + ‘\ n’)
errfile.close ()

class ScanManager (object):
def __init __ (self, work_num = 100, thread_num = 5, res_list = []):
self.work_queue = Queue.Queue ()
self.threads = []
self.work_list = res_list
print work_num
self .__ init_work_queue (work_num)
self .__ init_thread_pool (thread_num)

def __init_thread_pool (self, thread_num):
for i in xrange (thread_num):
self.threads.append (ScanWork (self.work_queue))

def __init_work_queue (self, jobs_num):
for i in xrange (jobs_num):
self.add_job (do_job, self.work_list [i])

def add_job (self, func, * args):
self.work_queue.put ((func, list (args)))

def wait_allcomplete (self):
for item in self.threads:
if item.isAlive ():
item.join ()

class ScanWork (threading.Thread):
def __init __ (self, work_queue):
threading.Thread .__ init __ (self)
self.work_queue = work_queue
self.start ()

def run (self):
while True:
try:
do, args = self.work_queue.get (block = False)
do (args)
self.work_queue.task_done ()
except:
break

#Advance Url to start scanning
def do_job (args):
for i in args:
call_wvsscan_result (i)

def main ():
if len (sys.argv)! = 2:
print "Usage:% s D: \\ Url.txt"% sys.argv [0]
print "WvsScanner Auxiliary Tool"
return
filestr = sys.argv [1]
Result = read_url (filestr)
thread_count = 6 #Cannot exceed 10 here, open up to 10 wvs_consoe for scanning under WIN
start_time = time.time ()
do_count = len (Result)
work_manager = ScanManager (do_count, thread_count, Result)
work_manager.wait_allcomplete ()
end_time = time.time ()
print "Complete Time:% s"% (end_time-start_time)

if __name__ == ‘__main__’:
main ()

Acunetix Web Vulnerability Scanner Python helper script