三大漏洞扫描工具报告获取
整合arachni、openvas、nesuss三个漏洞扫描工具的报告获取、尽量使用docker方式,不影响环境
# arachni
- 确认docker正常运行
[root@summer ~]# docker run -d --name arachni_docker -p 9292:9292 arachni/arachni /usr/local/arachni/bin/arachni_web -o 0.0.0.0
d1223944d2eb9fe7695a30bb33248d6e1c81c499d1ab9c38355df7da07f85a15
[root@summer ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83223944d2eb arachni/arachni "/usr/local/arachni/…" 3 seconds ago Up 2 seconds 22/tcp, 7331/tcp, 0.0.0.0:9292->9292/tcp arachni_docker- 进入容器
[root@localhost ~]# docker exec -it 83 /bin/bash
root@83605746c360:/# cd /usr/local/arachni/bin/
root@83605746c360:/usr/local/arachni/bin# ll
total 80
drwxrwxr-x 1 500 500 6 May 16 05:47 ./
drwxr-xr-x 1 root root 31 Dec 29 2018 ../
-rwxrwxr-x 1 500 500 370 Mar 29 2017 arachni*
-rwxrwxr-x 1 500 500 378 Mar 29 2017 arachni_console*
-rwxrwxr-x 1 500 500 376 Mar 29 2017 arachni_multi*
-rwxrwxr-x 1 500 500 379 Mar 29 2017 arachni_reporter*
-rwxrwxr-x 1 500 500 380 Mar 29 2017 arachni_reproduce*
-rwxrwxr-x 1 500 500 382 Mar 29 2017 arachni_rest_server*
-rwxrwxr-x 1 500 500 378 Mar 29 2017 arachni_restore*
-rwxrwxr-x 1 500 500 374 Mar 29 2017 arachni_rpc*
-rwxrwxr-x 1 500 500 375 Mar 29 2017 arachni_rpcd*
-rwxrwxr-x 1 500 500 383 Mar 29 2017 arachni_rpcd_monitor*
-rwxrwxr-x 1 500 500 377 Mar 29 2017 arachni_script*
-rwxrwxr-x 1 500 500 417 Mar 29 2017 arachni_shell*
-rwxrwxr-x 1 500 500 389 Mar 29 2017 arachni_web*
-rwxrwxr-x 1 500 500 381 Mar 29 2017 arachni_web_change_password*
-rwxrwxr-x 1 500 500 377 Mar 29 2017 arachni_web_create_user*
-rwxrwxr-x 1 500 500 372 Mar 29 2017 arachni_web_import*
-rwxrwxr-x 1 500 500 377 Mar 29 2017 arachni_web_scan_import*
-rwxrwxr-x 1 500 500 375 Mar 29 2017 arachni_web_script*
-rwxrwxr-x 1 500 500 389 Mar 29 2017 arachni_web_task*
-rw-rw-r-- 1 500 500 904 Mar 29 2017 readlink_f.sh
root@83605746c360:/usr/local/arachni/bin# - 扫描并获取报告
- 例如需要扫描的地址为:https://192.168.xx.xx:8081/
- 注意:扫描结果将保存在( XX.afr) 文件中,Arachni 框架报告 ( 可重命名:地址+git版本号.html.zip)
root@83605746c360:/usr/local/arachni/bin# ./arachni --output-verbose --scope-include-subdomains https://192.168.xx.xx:8081/ --report-save-path=192.168.xx.xx.afr
...
...
root@83605746c360:/usr/local/arachni/bin# ll | grep 192
-rw-r--r-- 1 root root 11503 May 16 05:52 192.168.xx.xx.afr
root@83605746c360:/usr/local/arachni/bin# ./arachni_reporter 192.168.xx.xx.afr --reporter=html:outfile=192.168.xx.xx.html.zip
...
...
root@83605746c360:/usr/local/arachni/bin# ll | grep 192
-rw-r--r-- 1 root root 11503 May 16 05:52 192.168.xx.xx.afr
-rw-r--r-- 1 root root 618661 May 16 05:54 192.168.xx.xx.html.zip
# openvas
- 扫描并保存报告
[root@summer ~]# mkdir test
[root@summer ~]# cd test
[root@summer test]# docker run --rm -v $(pwd):/reports/:rw thedoctor0/openvas-docker-lite python3 -u scan.py 192.168.xx.xx -f PDF
Starting OpenVAS...
Starting scan with settings:
* Target: 192.168.xx.xx
* Excluded hosts:
* Scan profile: Full and fast
* Scan ports: All TCP and Nmap top 100 UDP
* Alive tests: ICMP, TCP-ACK Service & ARP Ping
* Max hosts: 10
* Max checks: 3
* Report format: PDF
* Output file: openvas.report
Performed initial cleanup.
Created target with id: 172168d0-a28b-4afd-a438-1adad00845c6.
Created task with id: 9acfe12f-5c68-4182-9d6b-efa292062b4c.
Started task.
Waiting for task to finish...
Task status: Requested 0%
Task status: Requested 0%
Task status: Queued 0%
Task status: Running 0%
Task status: Running 2%
Task status: Running 2%
Task status: Running 2%
Task status: Running 4%
Task status: Running 6%
Task status: Running 6%
Task status: Running 6%
Task status: Running 6%
Task status: Running 6%
Task status: Running 6%
...
...
Task status: Running 98%
Task status: Running 98%
Task status: Running 98%
Task status: Running 98%
Task status: Complete
Finished processing task.
Generated report.
Saved report to /reports/openvas.report.
Done!
[root@summer test]# ll
total 240
-rw-r--r-- 1 root root 244149 May 16 16:29 openvas.report
- 此处重命名:(地址+git版本号).openvas.pdf
[root@summer test]# mv openvas.report openvas.pdf
[root@summer test]# ll
total 240
-rw-r--r-- 1 root root 244149 May 16 16:29 openvas.pdf1 2 3 4
# nesuss
- python脚本,执行后当前目录下拿html文件
# -*- coding: utf-8 -*-
"""
@Time : 2022/5/16 16:46
@Author : summer
@File : test_scan.py
@Software: PyCharm
"""
import re
import time
import json
import requests
import urllib3
urllib3.disable_warnings()
class Scanning_Nessus:
def __init__(self, url, user, passwd, scan_host):
"""
扫描工具url地址,登录用户名,密码,要扫描的目标主机
"""
self.url = url
self.user = user
self.passwd = passwd
self.scan_name = scan_host
self.s = requests.Session()
self.s.headers.update({
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36',
'X-API-Token': 'fb6b9917-788e-4d5b-aee1-d54bb588cd2a'})
self.token = None
self.file_token = None
self.scan_id = 122
self.folder_id = 14
self.file_path = './{}.nessus.html'.format(time.strftime("%Y-%m-%d %H_%M_%S"))
def login(self):
"""登录"""
result = self.s.post(url=f'{self.url}session', data={'password': self.user, 'username': self.passwd},
verify=False)
result.raise_for_status()
self.token = json.loads(result.content.decode())
self.s.headers.update({'X-Cookie': f'token={self.token["token"]}'})
def scan(self):
"""开始扫描"""
result = self.s.post(url='{}scans/{}/launch'.format(self.url, self.scan_id), verify=False)
result.raise_for_status()
def chk_scan(self, timeout=3600, inter_tmie=60):
"""检查扫描是否结束"""
# 检查 扫描是否接收
start_time = time.time()
scan_end = False
while time.time() - start_time < timeout:
result = self.s.get(url='{}scans?folder_id={}'.format(self.url, self.folder_id), verify=False)
result.raise_for_status()
dit_result = json.loads(result.content.decode())
for i in dit_result.get('scans', []):
if i['name'] == self.scan_name and i['id'] == self.scan_id and i['status'] != 'running':
scan_end = True
break
else:
time.sleep(inter_tmie)
self.login()
if scan_end:
break
return scan_end
def get_file(self):
"""获取文件信息"""
data = {"format": "html", "chapters": "custom;vuln_by_host;vulnerabilities",
"reportContents": {"csvColumns": {},
"vulnerabilitySections": {
"synopsis": True,
"description": True,
"see_also": True, "solution": True,
"risk_factor": True,
"cvss3_base_score": True,
"cvss3_temporal_score": True,
"cvss_base_score": True,
"cvss_temporal_score": True,
"stig_severity": True,
"references": True,
"exploitable_with": True,
"plugin_information": True,
"plugin_output": True},
"hostSections": {
"scan_information": True,
"host_information": True},
"formattingOptions": {
"page_breaks": True}},
"extraFilters": {"host_ids": [], "plugin_ids": []}}
result = self.s.post(url=f'{self.url}scans/{self.scan_id}/export?limit=2500', data=data)
result.raise_for_status()
self.file_token = json.loads(result.content.decode())
def chk_file(self):
"""检查文件是否 准备好 可以下载"""
start = time.time()
while time.time() - start < 60:
result = self.s.get(url='{}tokens/{}/status'.format(self.url, self.file_token['token']),
verify=False)
status = json.loads(result.content.decode()).get('status')
print(status)
if status == 'ready':
# 下载
result = self.s.get(url="{}tokens/{}/download".format(self.url, self.file_token['token']),
verify=False)
# time.sleep(10)
with open(self.file_path, 'w', encoding='utf-8') as f:
for i in result.iter_content(1024):
f.write(i.decode())
break
else:
time.sleep(5)
def __call__(self):
try:
self.login()
self.scan()
self.chk_scan()
self.get_file()
except Exception as e:
print(f'login error: {e}')
else:
self.chk_file()
if __name__ == '__main__':
try:
Scanning_Nessus("https://192.168.x.x:8834/", "admin", "admin", "192.168.x.x")()
except Exception as e:
raise e本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2022-05-24,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
容器镜像服务
容器镜像服务(Tencent Container Registry,TCR)为您提供安全独享、高性能的容器镜像托管分发服务。您可同时在全球多个地域创建独享实例,以实现容器镜像的就近拉取,降低拉取时间,节约带宽成本。TCR 提供细颗粒度的权限管理及访问控制,保障您的数据安全。
腾讯云开发者
