Simple automation with AppScan for multi-station scanning

Source: Internet
Author: User

Because AppScan can only enter a target when creating a new scan task, and there is no awvs/nessus to provide the Web interface, I used to think that AppScan could not set up a task auto-scan in bulk like Awvs.

However, a little experience to share today is simply a simple appscan automated scan.

In fact, the AppScan GUI interface creates a new scan task that specifies only one target and does not provide a awvs/nessus-like web interface, but it provides a "AppScanCMD.exe".

The manufacturer's idea of providing this gadget might be to make it easier for users to use AppScan for automated scanning at the command line. Its function is divided into: perform scan task and generate scan report two block .

Then let's introduce the syntax of the tool.

First look at the help information provided by the tool itself:

Let's talk about the meaning of these parameters.

Parameters

Shorthand

Shorthand 2

Meaning

Parameter Value Description

Parameter type

Exec

Ex

E

Perform a scan task

Report

Rep

R

Perform report generation tasks

/base_scan

/base

/b

Specify the base file format for. scan

Must be an absolute path to a. scan file

Must fill in

/dest_scan

/dest

/d

Specifies the file name formatted as. Scan

Must be the absolute path to the. scan file, can be the same file as Base_scan, or you can specify a new file, simply meaning the location and file name where the scan results are saved

Must fill in

/report_file

/rf

Specify the location and file name where the report is saved (file name without extension)

Where to save the report

Options available

/report_type

/rt

Specify report type
(optional xml|pdf|rtf|txt|html)

The default value is XML

Options available

/min_severity

/ms

Specifies the level of vulnerability to be reflected in the report, and no level of vulnerability is written to the report
(optional low|medium|high|informational)

The default value is informational, which is the prompt information and the above level of vulnerability are written to the report, equivalent to the full scanning of the vulnerability content

Options available

/verbose

/V

Verbose mode

If this parameter is selected, the scan status is dynamically displayed when scanning
The default value is False, which means that the scan status is not displayed

Options available

/test_only

/to

The default value is False

Options available

/explore_only

/eo

The default value is False

Options available

/multi-step

/ms

The default value is False

Options available

/test_type

/tt

Optional all|application|infrastructure

The default value is all

Options available

The explanation here is not very detailed, but basically enough.

Understand the meaning and use of the parameters, then the next can be performed under DOS scan, because to achieve batch scanning, so I would generally write a bat script to execute.

Before the real start of the scan, we need to know one thing:

Appscancmd cannot use command line options to set scan parameters directly with Wvs_console, Appscancmd scan must be based on a base_scan to read the scan parameters.

So before using appscancmd we have to create a base_scan through the GUI. Create Base_scan the same as creating a new scan task under the GUI, the only difference in the Scan Configuration Wizard, select I'll start the scan later, and then save the scan to a file.

Complete the configuration, save the result file, and finally exit AppScan GUI.

Then, execute a DOS command or write a batch script to perform the scan:

@echo offappscancmd/e/b d:\merchant.scan/d d:\1.scan/vappscancmd/e/b d:\3.scan/d d:\2.scan/vappscancmd/e/b D:\4. SCAN/D d:\3.scan/vappscancmd/e/b d:\5.scan/d d:\4.scan/vappscancmd/e/b d:\6.scan/d d:\5.scan/vpause

Following the execution mechanism of a DOS command, the next command continues after the execution of the previous command, so that a batch is written to achieve the purpose of sequentially scanning multiple targets.

Following the explanation of the above parameters, the complete explanation of our commands in this batch is:

Perform a scan task, read the scan configuration information from the file D:\2.scan, and then save the scanned results to the same file, and display the scan details during the scan.

If you do not want to save the scan results to the same file, specify the new file name directly with the/d parameter.

OK, that's easy.

Simple automation with AppScan for multi-station scanning

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.