Docker&AWVS批量部署

发表于

Docker&AWVS批量部署

转载请注明出处:https://youngrichog.github.io/

描述

初心是想要批量部署AWVS进行批量扫描,以这个为出发点。最后确定为使用Docker进行批量部署AWVS,然后在配合一个批量扫描的脚本完成。

实操部分

Dockerfile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
FROM ubuntu:16.04
RUN mkdir /data
WORKDIR /data
ADD acunetix_trial.sh.zip .
ADD patch_awvs .
RUN apt-get update  -y
RUN apt-get install net-tools -y && \
	apt-get install python -y && \
	apt-get install python3 -y && \
	apt-get install unzip -y && \
	apt-get install libxdamage1 libgtk-3-0 libasound2 libnss3 libxss1 -y && \
	apt install bzip2 -y && \
	apt install vim -y && \
	apt-get install sudo -y
RUN unzip acunetix_trial.sh.zip
RUN chmod +x acunetix_trial.sh
RUN chmod +x patch_awvs
RUN sh -c '/bin/echo -e "\nyes\nubuntu\ntest123@gmail.com\ntest123!@#.\ntest123!@#.\n"| ./acunetix_trial.sh'

AWVS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# -*- coding: utf-8 -*-
import requests
import json
import time
import sys
from bs4 import BeautifulSoup
reload(sys)
sys.setdefaultencoding('utf8')

requests.packages.urllib3.disable_warnings()
tarurl = "https://awvs:port/"
apikey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"


headers = {'Host':'ip:port',
           'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36',
           'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
           "X-Auth":apikey,
           "content-type": "application/json"}

def addtask(url=''):
    url = url.strip()
    data = {"address":url,"description":url,"criticality":"10"}
    try:
        response = requests.post(tarurl+"/api/v1/targets",data=json.dumps(data),headers=headers,timeout=30,verify=False)
        result = json.loads(response.content)
        print('add_tesk.....')
        print(result)
        print('target_id: '+result['target_id'])
        return result['target_id']
    except Exception as e:
        print(str(e))
        return

def startscan(task_id):
    data = {"target_id":task_id,"profile_id":"11111111-1111-1111-1111-111111111111","schedule": {"disable": False,"start_date":None,"time_sensitive": False}}
    try:
        response = requests.post(tarurl+"/api/v1/scans",data=json.dumps(data),headers=headers,timeout=30,verify=False)
        result = response.headers
        print('start_scan....')
        print(result)
        scan_id = result['Location'].split('/')[4]
        return scan_id
    except Exception as e:
        print(str(e))
        return

def get_scan_session(scan_id):
    try:
        response = requests.get(tarurl+"/api/v1/scans/"+scan_id,headers=headers,timeout=30,verify=False)
        result = json.loads(response.content)
        print('get_scan_sessoion...')
        print(result)
        scan_session_id = result['current_session']['scan_session_id']
        print('scan_session_id: '+scan_session_id)
        return scan_session_id
    except Exception as e:
        print(str(e))
        return

def get_scan_gk(scan_id,scan_session_id):
    try:
        response = requests.get(tarurl+"/api/v1/scans/"+scan_id+'/results/'+scan_session_id+'/statistics',headers=headers,timeout=60,verify=False)
        result = json.loads(response.content)
        print('get_scan_gk...')
        print(result)
        print('获取扫描概况包括状态: .............')
        print('status: '+result['status'])
        return result
    except:
        time.sleep(30)
        return "notcompleted"


def get_report_url(scan_id):
    data = {"template_id":"11111111-1111-1111-1111-111111111112","source":{"list_type":"scans","id_list":[scan_id]}}
    try:
        response = requests.post(tarurl+"/api/v1/reports",data=json.dumps(data),headers=headers,timeout=60,verify=False)
        result = response.headers
        print(result)
        report = result['Location'].replace('/api/v1/reports/','/reports/download/')
        print(report)
        return tarurl.rstrip('/')+report+'.html'
    except Exception as e:
        print(str(e))
        return ""

def down_report(url):
    r = requests.get(url, verify=False)
    with open("report.html", "wb") as code:
        code.write(r.content)

def scan(url):
    target_id = addtask(url)
    scan_id = startscan(target_id)
    time.sleep(2)
    scan_session_id = get_scan_session(scan_id)

    gk = get_scan_gk(scan_id,scan_session_id)
    while gk['status'] !='completed':
        if gk['status'] == 'failed':
            break
        time.sleep(60)
        try:
            gk = get_scan_gk(scan_id,scan_session_id)
            print('没有完成扫描: status: '+gk['status'])
        except:
            pass
    print('完成扫描........')
    print('获取报告')
    report_url = get_report_url(scan_id)
    print('报告地址: '+report_url)
    #down_report(report_url)
    print('报告保存完成....')
    return  report_url

def get_url_list(filename):
    url_list = []
    try:
        f = open(filename, 'r')
        lines = f.readlines()
        for line in lines:
            line = line.strip('\n')
            url_list.append(line)
        return url_list
    except:
        print("[-][Error]: Get url.txt failed!")
        sys.exit("Exit!")

if __name__ == '__main__':
    url_list = get_url_list('url.txt')
    for url in url_list:
        report_url = scan(url)
        if report_url == "":
            report_url = scan(url)

使用手册

  • dockfile、acunetix_trial.sh.zip、patch_awvs放置同一目录
  • docker build -t awvs .
  • docker run –privileged=true -p 1111:1111-it -d awvs “/sbin/init”
  • 进入到docker容器内执行命令:mv patch_awvs /home/acunetix/.acunetix_trial/v_190325161/scanner/
  • cd /home/acunetix/.acunetix_trial/v_190325161/scanner/
  • ./patch_awvs
  • chattr +i /home/acunetix/.acunetix_trial/data/license/license_info.json
  • rm -rf /home/acunetix/.acunetix_trial/data/license/wa_data.dat
  • systemctl stop acunetix_trial.service
  • vim /home/acunetix/.acunetix_trial/wvs.ini 修改监听端口 server.port=1111
  • systemctl start acunetix_trial.service
  • awvs.py记得修改ip、port、apikey
  • 在awvs.py同目录下放置url.txt,内放批量域名

遇到的问题

1.docker run –privileged=true -p 1111:1111-it -d awvs “/sbin/init”

Q:为什么要这样?

A:使用systemctl会出问题,爆Failed to connect to bus: No such file or directory这个错误

小技巧

  • docker stop (docker ps -q)——停用全部运行中的容器
  • docker rm (docker ps -aq) ——删除全部容器
  • docker stop (docker ps -q) & docker rm (docker ps -aq) ——停用并删除所有容器

待改进

1.AWVS脚本如遇到状态为failed的就会一直卡住(Fixed)

2.AWVS脚本需要增加一次同时进行5个扫描任务,提高效率

3.整体自动化的部分有很多遗漏点需要改进,例如:patch_awvs、修改awvs监听端口等

4.AWVS任务调度需要改进,现在是仅针对一个AWVS运行一个awvs.py脚本,需要改进为同时调度5-10个AWVS

附件

https://github.com/YoungRichOG/AWVS12-Docker

https://file-1256911118.cos.ap-beijing.myqcloud.com/acunetix_trial.sh.zip

Respect

http://pirogue.org/2019/06/17/awvs/?utm_source=tuicool&utm_medium=referral