免责声明:内容仅供参考...
目录
AWVS自动添加任务字典
AWVS环境:
SQLmap api 自动扫描
Xray 扫描漏洞发现报告
AWVS自动添加任务字典
AWVS13批量脚本_111111111115-CSDN博客
import requests, json# https://blog.csdn.net/wy_97/article/details/106872773
# 创建任务
def new_id(key, url):api_add_url = "https://localhost:3443/api/v1/targets"headers = {'X-Auth': key,'Content-type': 'application/json'}data = '{"address":"%s","description":"create_by_reaper","criticality":"10"}' % urlr = requests.post(url=api_add_url, headers=headers, data=data, verify=False).json()id = r['target_id']if id is not None:print('新建任务ID成功,ID:' + id)return id# 启动任务
def start_id(key, id):headers = {'X-Auth': key,'Content-type': 'application/json'}api_run_url = 'https://localhost:3443/api/v1/scans'data1 = '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"target_id":"%s"}' % idr1 = requests.post(url=api_run_url, headers=headers, data=data1, verify=False).json()if r1['scan_id'] is not None:print('启动扫描ID成功,ID:' + id)if __name__ == '__main__':key = ' AWVS的key!!! 'for url in open('url.txt'):id = new_id(key, url.replace('\n', ''))start_id(key, id)
AWVS环境:
https://www.ddosi.org/awvs-5/
SQLmap api 自动扫描
import timeimport requests,json# 0.启用sqlmap-API服务 python sqlmapapi.py -s
# 1.创建新任务记录任务ID @get("/task/new")
# 2.设置任务ID扫描信息 @post("/option/<taskid>/set ")
# 3.开始扫描对应ID任务 @post("/scan/<taskid>/start")
# 4.读取扫描状态判断结果 @get("/scan/<taskid>/status")
# 5.如果结束删除ID并获取结果 @get("/task/<taskid>/delete")
# 6.扫描结果查看 @get("/scan/<taskid>/data")#创建任务
def new_id():headers = {'Content-type': 'application/json'}url='http://127.0.0.1:8775/task/new'resp=requests.get(url,headers=headers).json()if resp['success'] is True:print('->1、创建任务ID成功,ID:'+resp['taskid'])return resp['taskid']def set_id(id,scanurl):headers = {'Content-type': 'application/json'}data={'url':scanurl}url = 'http://127.0.0.1:8775/option/%s/set'%id#print(url)resp = requests.post(url,data=json.dumps(data),headers=headers).json()#print(resp)if resp['success'] is True:print('->2、设置任务ID成功,ID:' + id)print('->2、任务对应URL成功,URL:' + scanurl)def start_id(id,scanurl):headers = {'Content-type': 'application/json'}data = {'url': scanurl}url = 'http://127.0.0.1:8775/scan/%s/start'%idresp = requests.post(url, data=json.dumps(data),headers=headers).json()if resp['success'] is True:print('->3、启动任务ID成功,ID:' + id)print('->3、启动对应URL成功,URL:' + scanurl)def status_id(id):#get("/scan/<taskid>/status")headers = {'Content-type': 'application/json'}url = 'http://127.0.0.1:8775/scan/%s/status' % idprint('->4、扫描任务还没完成,请等待...')while True:resp = requests.get(url, headers=headers).json()if resp['status'] == 'running':continueelse:print('->4、扫描任务已完成')breakdef data_id(id,scanurl):#扫描结果查看 @ get("/scan/<taskid>/data")headers = {'Content-type': 'application/json'}url = 'http://127.0.0.1:8775/scan/%s/data' % idresp = requests.get(url, headers=headers)if resp.json()['data'][0]['status'] == 1:print("--->存在注入<---")print(scanurl)with open('result.txt','a+') as f:f.write(resp.text)f.write('\n' + '===========python sqlmapapi by xiaodisec=============' + '\n')f.write('-----------------------------------------------------' + '\n')f.close()print('->5、注入任务ID已完成,请查看结果:result.txt')def delete_id(id):#@get("/task/<taskid>/delete")headers = {'Content-type': 'application/json'}url = 'http://127.0.0.1:8775/task/%s/delete' % idresp = requests.get(url, headers=headers).json()if resp['success'] is True:print('->6、删除任务ID:%s成功' % id)time.sleep(3)if __name__ == '__main__':for url in open('url.txt'):id=new_id()set_id(id,url.replace('\n',''))start_id(id,url.replace('\n',''))status_id(id)data_id(id,url.replace(' \n',''))delete_id(id)print('----------------------------------')Xray 扫描漏洞发现报告
Github: https://github.com/chaitin/xray/releases
https://docs.xray.cool/#/webhook/webhook
from flask import Flask, request
import requestsapp = Flask(__name__)# https://docs.xray.cool/#/webhook/webhook
@app.route('/webhook', methods=['POST'])
def xray_webhook():url = 'https://sctapi.ftqq.com/SCT75428T2Fd9hkLOmLXk53uWeFtl17TD.send?title=Xray find vuln!!!'try:# 接受传递过来的数据转换json格式vuln = request.jsoncontent = """## xray 发现了新漏洞url: {url}插件: {plugin}漏洞类型: {vuln_class}请及时查看和处理""".format(url=vuln['data']['target']['url'], plugin=vuln['data']['plugin'], vuln_class=vuln['type'])print(content)data = {'desp': content}print(data)requests.post(url, data=data)return 'ok'except Exception as e:passif __name__ == '__main__':app.run()
)
RT5651解码芯片Codec驱动分析)
)
的微电网优化(MATLAB代码))
)
)
