Acunetix Web Vulnerability Scanner Python輔助指令碼

標籤：

WvsScannerQueue.py
Version: Python 2.7.*

Acunetix Web Vulnerability Scanner 輔助Python指令碼的第一個版本。
功能：
掃描URL.TXT檔案中所有URL
掃描完成一個URL後立即過濾報告，並且提權漏洞標題發送給自己

存在的問題：
掃描一些網站很慢
畢竟這個就是調用Acunetix Web Vulnerability Scanner 的Console端直接進行掃描的
有時候掃描個網站好幾天，沒有寫相應的方法去取消，以後看寫不寫

有時候自己在外面，掃到了嚴重漏洞就可直接回去Duang~

 

源碼地址：

https://github.com/yanyueoo7/WvsScannerQueue

#!/usr/bin/env python# -*- coding: utf-8 -*-#Author:Tea#date 2014/06/25#The WVS Scanner Report Auxiliary Toolimport osimport sysimport timeimport Queueimport smtplibimport threadingimport subprocessfrom xml.dom import minidom #解析XML模組from email.mime.text import MIMEText  #發送郵件模組mailto_list = [‘[email protected]‘]#收件者mail_host = "smtp.126.com"mail_user = "mail126"#發件帳號mail_pass = "mail126123"#發件密碼mail_postfix = "126.com"#讀取檔案內容取出URL，並且去重def read_url(filepath):tmpfileurl = []filecontent = open(filepath)for url in filecontent:if url.__len__() > 4:tmpfileurl.append(url.replace(‘\n‘, ‘‘))filecontent.close()fileurl = {}.fromkeys(tmpfileurl).keys()return fileurl#調用掃描函數後判斷結果def call_wvsscan_result(url):Rcode = start_wvsscanner(url)check_result_load(Rcode)#掃描結果進行讀取，並且發送郵件，這裡還可以寫簡潔def check_result_load(Rcode):(RRcode, Mtag, RRdir) = Rcode.split(‘|‘)MTitle = ‘WvsScanner Report--‘ + MtagRRdir += ‘\\export.xml‘if int(RRcode) == 3:MResult = ‘\n‘.join(laod_xml_report(RRdir))send_mail(mailto_list, MTitle, MResult)elif int(RRcode) == 2:MResult = ‘\n‘.join(laod_xml_report(RRdir))send_mail(mailto_list, MTitle, MResult)elif int(RRcode) == 1:MResult = ‘\n‘.join(laod_xml_report(RRdir))send_mail(mailto_list, MTitle, MResult)else:print ‘Info‘#調用軟體進行掃描操作def start_wvsscanner(url):wvs = ‘D:\Software\Web Vulnerability Scanner 9.5\wvs_console.exe‘ #定義的WVS_CONSLEL路徑Time = time.strftime(‘%Y-%m-%d‘, time.localtime(time.time()))savefolder = ‘D:\\Log\\Wvs\\‘ + Time + ‘\\‘ + httpreplace(url)  #定義掃描以後的LOG結果if os.path.lexists(savefolder) is False:os.makedirs(savefolder)wvscommand = wvs + ‘ /Scan ‘ + url + ‘ /Profile default /Save /SaveFolder ‘ + savefolder + ‘ /exportxml --UseAcuSensor=FALSE --ScanningMode=Heuristic‘print wvscommanddoscan = subprocess.call(wvscommand)retresult = str(doscan) + ‘|‘ + url + ‘|‘ + savefolderreturn retresult#替換掉URL的http://字元跟特殊字元，為的是建立日誌儲存目錄沒得非法字元def httpreplace(httpstr):return httpstr.replace(‘https://‘, ‘‘).replace(‘http://‘, ‘‘).replace(‘/‘, ‘‘).replace(‘:‘, ‘-‘)#解析XML報告檔案，提取漏洞標題def laod_xml_report(xmlname):Result = []HeadInfo = []tmpResult = []ResultContact = {‘red‘: ‘High‘, ‘orange‘: ‘Medium‘, ‘blue‘: ‘Low‘, ‘green‘: ‘Info‘}dom = minidom.parse(xmlname)count = dom.getElementsByTagName(‘ReportItem‘)HeadInfo.append(dom.getElementsByTagName("StartURL")[0])HeadInfo.append(dom.getElementsByTagName("StartTime")[0])HeadInfo.append(dom.getElementsByTagName("FinishTime")[0])HeadInfo.append(dom.getElementsByTagName("ScanTime")[0])for i in HeadInfo:for n in i.childNodes:Result.append(n.nodeValue)for i in xrange(len(count)):color = dom.getElementsByTagName(‘ReportItem‘)[i].getAttribute(‘color‘)ReportItem = dom.getElementsByTagName("ReportItem")[i]Name = ReportItem.getElementsByTagName("Name")[0]if color in ResultContact:colorResult = ResultContact[color] + ‘\t‘else:colorResult = ‘Other\t‘for textNode in Name.childNodes:tmpResult.append(colorResult + textNode.nodeValue)Result2 = {}.fromkeys(tmpResult).keys()Result2 = sortresultlist(Result2)Result.append(‘Vulnerable Count:‘ + str(len(Result2)))for n in xrange(len(Result2)):Result.append(Result2[n])return Result#將掃描結果進行排序,這太渣了def sortresultlist(List):Result = []for i in List:if i.startswith(‘High‘):Result.append(i)for i in List:if i.startswith(‘Medium‘):Result.append(i)for i in List:if i.startswith(‘Low‘):Result.append(i)for i in List:if i.startswith(‘Info‘):Result.append(i)for i in List:if i.startswith(‘Other‘):Result.append(i)return Result#發送通知訊息def send_mail(to_list, sub, content):me = "WvsScanner<" + mail_user + "@" + mail_postfix + ">"msg = MIMEText(content, _subtype=‘plain‘, _charset=‘utf-8‘)msg[‘Subject‘] = submsg[‘From‘] = memsg[‘To‘] = ";".join(to_list)try:server = smtplib.SMTP()server.connect(mail_host)server.login(mail_user, mail_pass)server.sendmail(me, to_list, msg.as_string())server.close()return Trueexcept Exception, e:catchwrite(str(e))return False#異常寫入檔案記錄def catchwrite(errcode):filestr = "mailerror.txt"errtime = time.strftime(‘%Y-%m-%d %H:%M:%S‘, time.localtime(time.time()))errfile = open(filestr, ‘a‘)errfile.write(errtime + ‘\t‘ + errcode + ‘\n‘)errfile.close()class ScanManager(object):def __init__(self, work_num=100, thread_num=5,  res_list=[]):self.work_queue = Queue.Queue()self.threads = []self.work_list = res_listprint work_numself.__init_work_queue(work_num)self.__init_thread_pool(thread_num)def __init_thread_pool(self, thread_num):for i in xrange(thread_num):self.threads.append(ScanWork(self.work_queue))def __init_work_queue(self, jobs_num):for i in xrange(jobs_num):self.add_job(do_job, self.work_list[i])def add_job(self, func, *args):self.work_queue.put((func, list(args)))def wait_allcomplete(self):for item in self.threads:if item.isAlive():item.join()class ScanWork(threading.Thread):def __init__(self, work_queue):threading.Thread.__init__(self)self.work_queue = work_queueself.start()def run(self):while True:try:do, args = self.work_queue.get(block=False)do(args)self.work_queue.task_done()except:break#將Url推進去開始掃描def do_job(args):for i in args:call_wvsscan_result(i)def main():if len(sys.argv) != 2:print "Usage: %s D:\\Url.txt" % sys.argv[0]print "WvsScanner Auxiliary Tool"returnfilestr = sys.argv[1]Result = read_url(filestr)thread_count = 6#這裡不能超過10，WIN下最多開啟10個wvs_consoe進行掃描start_time = time.time()do_count = len(Result)work_manager = ScanManager(do_count, thread_count, Result)work_manager.wait_allcomplete()end_time = time.time()print "Complete Time:%s" % (end_time-start_time)if __name__ == ‘__main__‘:main()

　　

Acunetix Web Vulnerability Scanner Python輔助指令碼