AWVS各类脚本

简述

Acunetix Web Vulnerability Scanner是一个网站及服务器漏洞扫描软件,它包含有收费和免费两种版本。

启动&停止脚本

strat awvs
service start awvs
service stop awvs

下面代码复制另存为awvs.bat

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
@echo off
mode con lines=30 cols=60
cls
color 2f
echo.-----------------------------------------------------------
echo.请选择使用:
echo.
echo. 1.启动Awvs 11(即在下面输入1
echo.
echo. 2.停止Awvs 11(即在下面输入2
echo.-----------------------------------------------------------
if exist "%SystemRoot%\System32\choice.exe" goto Win7Choice
set /p choice=请输入数字并按回车键确认:
echo.
if %choice%==1 goto StartAwvs
if %choice%==2 goto StopAwvs
cls
"set choice="
echo 您输入有误,请重新选择。
goto main
:Win7Choice
choice /c 12 /n /m "请输入相应数字:"
if errorlevel 2 goto StopAwvs
if errorlevel 1 goto StartAwvs
cls
goto main
:StartAwvs
cls
color 2f
net start Acunetix
net start "Acunetix Database"
echo.-----------------------------------------------------------
echo.
echo 成功启动 "Acunetix","Acunetix Database" 服务!
echo.
goto end
:StopAwvs
cls
color 2f
net stop Acunetix
net stop "Acunetix Database"
echo.-----------------------------------------------------------
echo.
echo 成功关闭 "Acunetix","Acunetix Database" 服务!
echo.
goto end
:end
echo 请按任意键退出。
@Pause>nul

批量添加扫描URL

该脚本为Python语言,使用前请安装Python.

1、将下列代码复制另存为”awvs11批量扫描删除.py”

2、全文搜索localhost:3443,全部替换为你awvs所在的服务器及端口

3、username填你的账户名,pw填你的密码,是sha256加密后的密码

4、把要添加的url列表保存成testawvs.txt文件,放在该脚本所在目录运行该脚本。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#-*- coding:utf-8 -*-
import urllib2
import ssl
import json
__author="jamesj"
#localhost:3443全部替换为awvs所在的服务器及端口
username='mail@mail.com'
#账号邮箱
pw='sha256加密后的密码'
#sha256加密后的密码,通过burp抓包可获取,也可以使用(http://tool.oschina.net/encrypt?type=2)把密码进行加密之后填入,请区分大小写、中英文字符。
#以上内容为配置内容,然后把要添加的url列表保存成testawvs.txt文件,放在该脚本下运行该脚本。
ssl._create_default_https_context = ssl._create_unverified_context
url_login="https://localhost:3443/api/v1/me/login"
send_headers_login={
'Host': 'localhost:3443',
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
'Accept-Encoding': 'gzip, deflate, br',
'Content-Type': 'application/json;charset=utf-8'
}
data_login='{"email":"'+username+'","password":"'+pw+'","remember_me":false}'
req_login = urllib2.Request(url_login,headers=send_headers_login)
response_login = urllib2.urlopen(req_login,data_login)
xauth = response_login.headers['X-Auth']
COOOOOOOOkie = response_login.headers['Set-Cookie']
print "当前验证信息如下\r\n cookie : %r \r\n X-Auth : %r "%(COOOOOOOOkie,xauth)
send_headers2={
'Host':'localhost:3443',
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
'Content-Type':'application/json;charset=utf-8',
'X-Auth':xauth,
'Cookie':COOOOOOOOkie
}
#以上代码实现登录(获取cookie)和校验值
def add_exec_scan():
url="https://localhost:3443/api/v1/targets"
try:
urllist=open('testawvs.txt','r')#这是要添加的url列表
formaturl=urllist.readlines()
for i in formaturl:
target_url='http://'+i.strip()
data='{"description":"222","address":"'+target_url+'","criticality":"10"}'
#data = urllib.urlencode(data)由于使用json格式所以不用添加
req = urllib2.Request(url,headers=send_headers2)
response = urllib2.urlopen(req,data)
jo=json.loads(response.read())
target_id=jo['target_id']#获取添加后的任务ID
#print target_id
#以上代码实现批量添加
url_scan="https://localhost:3443/api/v1/scans"
headers_scan={
'Host': 'localhost:3443',
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
'Accept-Encoding': 'gzip, deflate, br',
'Content-Type': 'application/json;charset=utf-8',
'X-Auth':xauth,
'Cookie':COOOOOOOOkie,
}
data_scan='{"target_id":'+'\"'+target_id+'\"'+',"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"ui_session_id":"66666666666666666666666666666666"}'
req_scan=urllib2.Request(url_scan,headers=headers_scan)
response_scan=urllib2.urlopen(req_scan,data_scan)
print response_scan.read()+"添加成功!"
#以上代码实现批量加入扫描
urllist.close()
except Exception,e:
print e
def count():
url_count="https://localhost:3443/api/v1/notifications/count"
req_count=urllib2.Request(url_count,headers=send_headers2)
response_count=urllib2.urlopen(req_count)
print "当前存在%r个通知!" % json.loads(response_count.read())['count']
print "-" * 50
print "已存在以下任务"
url_info="https://localhost:3443/api/v1/scans"
req_info=urllib2.Request(url_info,headers=send_headers2)
response_info=urllib2.urlopen(req_info)
all_info = json.loads(response_info.read())
num = 0
for website in all_info.get("scans"):
num+=1
print website.get("target").get("address")+" \r\n target_id:"+website.get("scan_id")
print "共 %r个扫描任务" % num
#count()
#scan、target、notification!
def del_scan():
url_info="https://localhost:3443/api/v1/scans"
req_info=urllib2.Request(url_info,headers=send_headers2)
response_info=urllib2.urlopen(req_info)
all_info = json.loads(response_info.read())
counter = 0
for website in all_info.get("scans"):
#if (website.get("target").get("description"))== "222":
url_scan_del="https://localhost:3443/api/v1/scans/"+str(website.get("scan_id"))
req_del = urllib2.Request(url_scan_del,headers=send_headers2)
req_del.get_method =lambda: 'DELETE'
response_del = urllib2.urlopen(req_del)
counter = counter+1
print "已经删除第%r个!" % counter
#del_scan() #通过描述判断是否使用扫描器添加扫描器添加的时候设置description=“222”
def del_targets():
url_info="https://localhost:3443/api/v1/targets"
req_info=urllib2.Request(url_info,headers=send_headers2)
response_info=urllib2.urlopen(req_info)
all_info = json.loads(response_info.read())
for website in all_info.get("targets"):
if (website.get("description"))== "222":
url_scan_del="https://localhost:3443/api/v1/targets/"+str(website.get("target_id"))
req_del = urllib2.Request(url_scan_del,headers=send_headers2)
req_del.get_method =lambda: 'DELETE'
response_del = urllib2.urlopen(req_del)
print "ok!"
#del_targets()
if __name__== "__main__":
print "*" * 20
count()
print "1、使用testawvs.txt添加扫描任务并执行请输入1,然后回车\r\n2、删除所有使用该脚本添加的任务请输入2,然后回车\r\n3、删除所有任务请输入3,然后回车\r\n4、查看已存在任务请输入4,然后回车\r\n"
choice = raw_input(">")
# print type(choice)
if choice =="1":
add_exec_scan()
count()
elif choice =="2":
del_targets()
count()
elif choice =="3":
del_scan()
count()
elif choice =="4":
count()
else:
print "请重新运行并请输入1、2、3、4选择。"
#下图的注释信息是删除通知。。
"""
counter= 0
for website in all_info.get("notifications"):
if (website["data"].get("address")== "www.ly.com"):
counter = counter + 1
url_del = "https://localhost:3443/api/v1/scans/"+str(website["data"].get("scan_id"))
print url_del#print url_del
req_del = urllib2.Request(url_del,headers=send_headers2)
#DELETE方法
try:
req_del.get_method = lambda:"DELETE"
response1 = urllib2.urlopen(req_del)
except:
print "error"
continue
print counter
#print response1.read()
#for address in need_info["address"]
# if address
del_all()
"""

点我下载awvs集合脚本

参考