Java Acunetix11 Curl (Java uses the Curl command to invoke ACUNETIX11 API interface implementation to scan and generate reports) __java

Source: Internet
Author: User
Tags auth

First, the editing environment:

1. The confidential Installation Curl command, download address: https://curl.haxx.se/download.html (note: There are too many versions, we download a as long as there are curl.exe)


2. Need Jsoup jar, this search on Baidu can see a lot of.

3. Test words need to install Acunetix11, this well, the current online has not provided (anyway, I did not find) free, we first temporarily ignore this point, continue to go on, cut to the chase.


It takes 4 steps to first invoke the ACUNETIX11 API to generate a scan report. Explain the steps with the API documentation:

1. Set up a scanning target to http://www.baidu.com (not recommended to use Baidu Web site test, scanning time is too long) before you show a scan, you will need to set up a scan target on the site you want to scan. You will need to use the (POST) target terminal to implement it. Use Curl:
Curl-k--request POST--url https://127.0.0.1:3443/api/v1/targets--header "X-auth:api-key"--header Plication/json "--data" {\ "address\": \ "www.baidu.com\", \ "description\": \ "baidu\", \ "criticality\": \ " 10\ "}"
Where:-https://127.0.0.1:3443-is the Acunetix11 port URL (that is, you installed the Acunetix11 computer)
-Api-key-This is Acunetix11 's api-key, and if you install it, you can generate KEY in the administration of the upper-right corner of the page. -Www.baidu.com-is a scan target URL you want to add-Baidu-is the expression that describes the target of the scan(not required)-10-is the target's critical value (Critical [+], high [], Normal [ten], low [0])
The command succeeds after 201, along with some other data, including target_id (returns the last truncated string in the result locations)
2. Run a scan on a created target. To start a scan the (POST) scans endpoint. Using CURL:
Curl-k-I--request POST--url https://127.0.0.1:3443/api/v1/scans--header "X-auth:api-key"--header Pplication/json "--data" {\ "target_id\": \ " Target-id\ ", \" profile_id\ ": \" 11111111-1111-1111-1111-111111111111\ ", \" schedule\ ": {\" disable\ ": False,\" start_date\ ": Null,\" time_sensitive\ ": False}} "

Where:-https://127.0.0.1:3443-is Acunetix11 port Url-api-key-is the API Key-target-id you generated in step 1th-is the target_id value you get from the previous JSON reply -11111111-1111-1111-1111-111111111111-is the scan profile ID. The list includes the scan profile and their IDs by using the (get) Scanning_profiles endpoint. (Back in explanation)
This will feed back a 201 OK JSON reply that contains many details of the scan, including scan_id.
3. Generate ReportsTo generate a developer report, you need to use the (POST) reporting endpoint. Use Curl:
Curl-k-I--request POST--url https://127.0.0.1:3443/api/v1/reports--header "X-auth:api-key"--header: Application/json "--data" {\ "template_id\": \ "11111111-1111-1111-1111-111111111111\", \ "source\": {\ "list_type\": \ " Scans\ ", \" id_list\ ": [\" scan-id\ "]}}"
Where:-https://127.0.0.1:3443-is the Acunetix11 port Url-api-key-is the API Key-scan-id you generated in step 1th-is the scan_id you obtained from the previous JSON reply.

A 201HTTP reply shows that the request was successful and would contain a Location header with an ID (for example, Location:/api/v1/reports/ 54F402F6-7A60-4934-952F-45BFE6C4ABF4). Once the report is accessed by url:https://127.0.0.1:3443/reports/download/54f402f6-7a60-4934-952f-45bfe6c4abf4.pdf, this ID can be used to download the report. The latest version also provides an HTML version of the report and can be accessed from https://127.0.0.1:3443/reports/download/54f402f6-7a60-4934-952f-45bfe6c4abf4.html.
4. Download report (note: At present, this feature seems to have a problem, at least I have not yet, the manufacturer has also been slow to reply, I said the other way to download the report)
In order to generate an XML report, you will need to take advantage of the (POST) exports endpoint. Use Curl:
Curl-k-I--request POST--url https://127.0.0.1:3443/api/v1/exports--header "X-auth:api-key"--header: Application/json "--data" {\ "export_id\": \ "21111111-1111-1111-1111-111111111111\", \ "source\": {\ "list_type\": \ " Scan_result\ ", \" id_list\ ": [\" scan_id\ "]}}"

Where:-https://127.0.0.1:3443-is the Acunetix11 port Url-api-key-is the API Key-scan-id you generated in step 1th-is what you get from the previous JSON reply scan_id

It can be seen that there are several places where a series of 11111-111 or so, these are the return values of some interfaces, we can not change them, you can see them as a constant, representing the selected template. where profile_id is the type of scan, such as partial scan, full scan, and so on, the above represents full scan all scan; template_id is the template type of the generated report; export_id is the template type of the downloaded report, which represents the XML format type.
because of the time relationship, Java code operation, I just say the idea.
First write the Curl command, then Runtime.getruntime () exec ("Here is the Command statement"), then use the Java regular expression to parse the return result of the command, get the information we need and then take the next step. After the previous 1, 2, 3 commands are executed and the results are obtained, in the third step we can get the HTML version report based on the method written above, and then download the generated report to the local disk with Curl-k-o e:\\myfile.html--url xxx.html. Finally, we use Jsoup to parse the HTML to get the scanned report information we want to save the database.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.