Acunetix Web Vulnerability Scanner Python helper script

Source: Internet
Author: User
Tags python script



wvsscannerqueue.py
Version:python 2.7.*



Acunetix the first version of the Web vulnerability Scanner Auxiliary python script.
Function:
Scan all URLs in the URL.TXT file
The scan completes a URL immediately after the report is filtered, and the title of the vulnerability is sent to itself



Problems that exist:
Scanning some websites is slow
After all, this is a direct scan of the console that calls Acunetix Web vulnerability Scanner.
Sometimes scan a website for several days, did not write the corresponding method to cancel, later read write not write



Sometimes he's out there, sweeping a serious loophole and going straight back to duang~.






Source Address:



Https://github.com/yanyueoo7/WvsScannerQueue


#! / usr / bin / env python
#-*-coding: utf-8-*-
#Author: Tea
#date 2014/06/25
#The WVS Scanner Report Auxiliary Tool

import os
import sys
import time
import Queue
import smtplib
import threading
import subprocess
from xml.dom import minidom #Parse the XML module
from email.mime.text import MIMEText #Send Email Module

mailto_list = [‘[email protected]’] #To
mail_host = "smtp.126.com"
mail_user = "mail126" #Sending account
mail_pass = "mail126123" #Send password
mail_postfix = "126.com"

#Read the file content, remove the URL, and remove the duplicate
def read_url (filepath):
tmpfileurl = []
filecontent = open (filepath)
for url in filecontent:
if url .__ len __ ()> 4:
tmpfileurl.append (url.replace (‘\ n‘, ‘‘))
filecontent.close ()
fileurl = () .fromkeys (tmpfileurl) .keys ()
return fileurl

#Judge the result after calling the scan function
def call_wvsscan_result (url):
Rcode = start_wvsscanner (url)
check_result_load (Rcode)

#Scan the results for reading, and send an email, here you can also write concisely
def check_result_load (Rcode):
(RRcode, Mtag, RRdir) = Rcode.split (‘|‘)
MTitle = ‘WvsScanner Report--’ + Mtag
RRdir + = ‘\\ export.xml’
if int (RRcode) == 3:
MResult = ‘\ n’.join (laod_xml_report (RRdir))
send_mail (mailto_list, MTitle, MResult)
elif int (RRcode) == 2:
MResult = ‘\ n’.join (laod_xml_report (RRdir))
send_mail (mailto_list, MTitle, MResult)
elif int (RRcode) == 1:
MResult = ‘\ n’.join (laod_xml_report (RRdir))
send_mail (mailto_list, MTitle, MResult)
else:
print ‘Info’

#Call the software for scanning
def start_wvsscanner (url):
wvs = ‘D: \ Software \ Web Vulnerability Scanner 9.5 \ wvs_console.exe’ #WVS_CONSLEL path defined
Time = time.strftime (‘% Y-% m-% d’, time.localtime (time.time ()))
savefolder = ‘D: \\ Log \\ Wvs \\’ + Time + ‘\\’ + httpreplace (url) #Define the log results after scanning
if os.path.lexists (savefolder) is False:
os.makedirs (savefolder)
wvscommand = wvs + ‘/ Scan‘ + url + ‘/ Profile default / Save / SaveFolder‘ + savefolder + ‘/ exportxml --UseAcuSensor = FALSE --ScanningMode = Heuristic‘
print wvscommand
doscan = subprocess.call (wvscommand)
retresult = str (doscan) + ‘|‘ + url + ‘|’ + savefolder
return retresult

#Replace the http: // characters and special characters of the URL in order to create the log save directory without illegal characters
def httpreplace (httpstr):
return httpstr.replace (‘https: //‘, ‘‘) .replace (‘http: //‘, ‘‘) .replace (‘/‘, ‘) .replace (‘: ‘,‘-’)

#Parse the XML report file and extract the vulnerability title
def laod_xml_report (xmlname):
Result = []
HeadInfo = []
tmpResult = []
ResultContact = {‘red’: ‘High’, ‘orange’: ‘Medium’, ‘blue’: ‘Low’, ‘green’: ‘Info’}
dom = minidom.parse (xmlname)
count = dom.getElementsByTagName (‘ReportItem’)
HeadInfo.append (dom.getElementsByTagName ("StartURL") [0])
HeadInfo.append (dom.getElementsByTagName ("StartTime") [0])
HeadInfo.append (dom.getElementsByTagName ("FinishTime") [0])
HeadInfo.append (dom.getElementsByTagName ("ScanTime") [0])
for i in HeadInfo:
for n in i.childNodes:
Result.append (n.nodeValue)
for i in xrange (len (count)):
color = dom.getElementsByTagName (‘ReportItem’) [i] .getAttribute (‘color’)
ReportItem = dom.getElementsByTagName ("ReportItem") [i]
Name = ReportItem.getElementsByTagName ("Name") [0]
if color in ResultContact:
colorResult = ResultContact [color] + ‘\ t’
else:
colorResult = ‘Other \ t’
for textNode in Name.childNodes:
tmpResult.append (colorResult + textNode.nodeValue)
Result2 = () .fromkeys (tmpResult) .keys ()
Result2 = sortresultlist (Result2)
Result.append (‘Vulnerable Count:’ + str (len (Result2)))
for n in xrange (len (Result2)):
Result.append (Result2 [n])
return Result

#Sort the scan results, this is too scum
def sortresultlist (List):
Result = []
for i in List:
if i.startswith (‘High‘):
Result.append (i)
for i in List:
if i.startswith (‘Medium’):
Result.append (i)
for i in List:
if i.startswith (‘Low‘):
Result.append (i)
for i in List:
if i.startswith (‘Info‘):
Result.append (i)
for i in List:
if i.startswith (‘Other‘):
Result.append (i)
return Result

#Send notification email
def send_mail (to_list, sub, content):
me = "WvsScanner <" + mail_user + "@" + mail_postfix + ">"
msg = MIMEText (content, _subtype = ‘plain’, _charset = ‘utf-8’)
msg [‘Subject’] = sub
msg [‘From‘] = me
msg [‘To‘] = ";". join (to_list)
try:
server = smtplib.SMTP ()
server.connect (mail_host)
server.login (mail_user, mail_pass)
server.sendmail (me, to_list, msg.as_string ())
server.close ()
return True
except Exception, e:
catchwrite (str (e))
return False

#Exception write file record
def catchwrite (errcode):
filestr = "mailerror.txt"
errtime = time.strftime (‘% Y-% m-% d% H:% M:% S’, time.localtime (time.time ()))
errfile = open (filestr, ‘a’)
errfile.write (errtime + ‘\ t’ + errcode + ‘\ n’)
errfile.close ()

class ScanManager (object):
def __init __ (self, work_num = 100, thread_num = 5, res_list = []):
self.work_queue = Queue.Queue ()
self.threads = []
self.work_list = res_list
print work_num
self .__ init_work_queue (work_num)
self .__ init_thread_pool (thread_num)

def __init_thread_pool (self, thread_num):
for i in xrange (thread_num):
self.threads.append (ScanWork (self.work_queue))

def __init_work_queue (self, jobs_num):
for i in xrange (jobs_num):
self.add_job (do_job, self.work_list [i])

def add_job (self, func, * args):
self.work_queue.put ((func, list (args)))

def wait_allcomplete (self):
for item in self.threads:
if item.isAlive ():
item.join ()

class ScanWork (threading.Thread):
def __init __ (self, work_queue):
threading.Thread .__ init __ (self)
self.work_queue = work_queue
self.start ()

def run (self):
while True:
try:
do, args = self.work_queue.get (block = False)
do (args)
self.work_queue.task_done ()
except:
break

#Advance Url to start scanning
def do_job (args):
for i in args:
call_wvsscan_result (i)

def main ():
if len (sys.argv)! = 2:
print "Usage:% s D: \\ Url.txt"% sys.argv [0]
print "WvsScanner Auxiliary Tool"
return
filestr = sys.argv [1]
Result = read_url (filestr)
thread_count = 6 #Cannot exceed 10 here, open up to 10 wvs_consoe for scanning under WIN
start_time = time.time ()
do_count = len (Result)
work_manager = ScanManager (do_count, thread_count, Result)
work_manager.wait_allcomplete ()
end_time = time.time ()
print "Complete Time:% s"% (end_time-start_time)

if __name__ == ‘__main__’:
main ()





Acunetix Web Vulnerability Scanner Python helper script


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.