appscan命令行工具AppScanCMD.exe 批量扫描

Program Usage:

AppScanCMD exec|ex|e

Parametrs:
[ /starting_url|/surl|/su ]#开始url
[ /dest_scan|/dest|/d ] #最大扫描
[ /base_scan|/base|/b ] #基本扫描
[ /old_host|/ohost|/oh ]
[ /new_host|/nhost|/nh ]
[ /scan_template|/stemplate|/st ]
[ /login_file|/lfile|/lf ]
[ /multi_step_file|/mstepfile|/mf ]
[ /manual_explore_file|/mexplorefile|/mef ]
[ /policy_file|/pfile|/pf ]
[ /additional_domains|/adomains|/ad ]
[ /report_file|/rf ]
[ /report_type|/rt {xml} ]
[ /min_severity|/msev {informational} ]
[ /test_type|/tt ]

Flags:
[ /verbose|/v {false} ]
[ /scan_log|/sl {false} ]
[ /explore_only|/eo {false} ]
[ /test_only|/to {false} ]
[ /multi_step|/mstep|/ms {false} ]
[ /continue|/c {false} ]

可通过 base_scan 配置、保存 dest_scan 和创建报告来创建新的扫描,如果已配置的话。

AppScanCMD report|rep|r

Parametrs:
/base_scan|/base|/b
/report_file|/rf
[ /report_type|/rt {xml} ]
[ /min_severity|/msev {informational} ]
[ /test_type|/tt ]

Flags:
[ /verbose|/v {false} ]

创建 base_scan 报告。

AppScanCMD help|h

appscan 批量扫描 dos批处理如下:

@echo off
setlocal enabledelayedexpansion

rem 扫描列表路径
set file_list=C:/Users/Administrator/Desktop/domain.txt
rem wvs_console路径
set appscancmd=C:/Program Files (x86)/IBM/AppScan Standard/AppScanCMD.exe
rem 保存目录
set save_dir=C:/Users/Administrator/Desktop/result/

rem 循环抓取扫描url
for /f  %%i in (%file_list%) do (
"%appscancmd%" /e /su %%i /d %save_dir%%%i.scan /v
)

awvs命令行工具wvs_console.exe 批量扫描

>> USAGE: wvs_console /Scan [URL] OR /Crawl [URL] OR /ScanFromCrawl [FILE] OR /ScanWSDL [WSDL URL]
>> PARAMETERS #参数

/Scan [URL] : Scan specified URL #扫描指定的URL
/Crawl [URL] : Crawl specified URL #抓取指定的URL
/ScanFromCrawl [FILE] : Scan from crawling results #从抓取结果扫描
/Import [FILE(s)] : Import files during crawl #导入检索的地址进行爬行
/ScanWSDL [WSDL URL] : Scan web services from WSDL URL #从WSDL URL扫描web服务
/Profile [PROFILE_NAME] : Use specified scanning profile during scanning #在扫描期间使用指定的扫描策略
/Settings [FILE] : Use specified settings template during scanning #在扫描期间使用指定的设置模板
/LoginSeq [FILE] : Use specified login sequence #使用指定的登录序列
/Save : Save scan results #保存扫描结果
/SaveFolder [DIR] : Specify the folder were all the saved data will be stored #指定保存目录
/GenerateZIP : Compress all the saved data into a zip file #将所有保存的数据压缩到压缩文件中
/ExportXML : Exports results as XML #导出结果为xml
/ExportAVDL : Exports results as AVDL #导出结果为AVDL
/SavetoDatabase : Save alerts to the database #将警告保存到数据库
/SaveLogs : Save scan logs #保存扫描日志
/SaveCrawlerData : Save crawler data (.CWL file) #保存数据(覆盖该文件)
/GenerateReport : Generate a report after the scan was completed #扫描完成后生成报表
/ReportFormat [FORMAT] : Generated report format (REP, PDF, RTF, HTML) # 生成报表格式(PDF,RTF,HTML)
/ReportTemplate [TEMPLATE]: Specify the report template #指定报表模板
/Timestamps : Print current timestamp with each line. #每行打印当前时间戳。
/SendEmail : Send email notification when scan is completed, using scheduler settings. #扫描结束后发送电子邮件
/EmailAddress [EMAIL] : Send email notification to this email address, override scheduler settings. #发邮件通知,邮件地址会把之前设置的给覆盖掉
/Verbose : Enable verbose mode #启用详细模式
/Password : Application password (if required) #应用程序密码(如果需要)
/Run [command line] : Run this command during crawl #在抓取过程中运行此命令
/Selenium [FILE] : Execute selenium script during crawl #执行selenium脚本进行爬行
/? : Show this help screen #显示此帮助屏幕

>> OPTIONS [ ? = TRUE or FALSE ] #选项

-–GetFirstOnly=? : Get only the first URL #只得到第一个网址
–-RestrictToBaseFolder=? : Do not fetch anything above start folder #不扫描当前目录以上的其他目录(扫描二级目录有效)
–-FetchSubdirs=? : Fetch files bellow base folder #取基础文件夹
–-ForceFetchDirindex=? : Fetch directory indexes even if not linked #获取目录索引,即使没有链接
-–RobotsTxt=? : Retrieve and process robots.txt #检索和处理robots.txt
-–CaseInsensitivePaths=? : Use case insensitive paths #使用不区分大小写的路径
-–UseWebKit=? : Use WebKit based browser for discovery #使用基于WebKit的浏览器为发现
-–ScanningMode=* : Scanning mode (* = Quick, Heuristic, Extensive) #扫描模式(*快速,启发式,广泛)
-–ManipHTTPHeaders=? : Manipulate HTTP headers #配置HTTP头
-–UseAcuSensor=? : Use AcuSensor technology #使用acusensor技术
-–EnablePortScanning=? : Enable port scanning #启用端口扫描
-–UseSensorDataFromCrawl=*: Use sensor data from crawl (* = Yes, No, Revalidate) #使用fuzz提交数据(* =是的,不,验证)
-–HtmlAuthUser=? : Username for HTML based authentication #基于HTML的身份验证用户名
-–HtmlAuthPass=? : Password for HTML based authentication #基于HTML的认证密码
–ToolTimeout=? : Timeout for testing tool in seconds #设置提交的超时时间

>> EXAMPLES #实例

wvs_console /Scan http://vulnweb.com /SaveFolder c:\Results\ /Save
wvs_console /ScanWSDL http://test/WS.asmx?WSDL /Profile ws_default /Save
wvs_console /Scan http://vulnweb.com /Profile default /Save –-UseWebKit=false –-ScanningMode=Heuristic

dos批处理:

@echo off
setlocal enabledelayedexpansion

rem 扫描列表路径
set file_list=C:/Users/ggg/Desktop/1.txt
rem wvs_console路径
set wvs_console=C:/Program Files (x86)/Acunetix/Web Vulnerability Scanner 10/wvs_console.exe
rem 保存目录
set save_dir=C:/Users/ggg/Desktop/result/

rem 循环抓取扫描url
for /f %%i in (%file_list%) do (
"%wvs_console%" /scan %%i /Profile ws_default /SaveFolder %save_dir% /Verbose /Save /SaveLogs /Timestamps –-GetFirstOnly=false --FetchSubdirs=true --RestrictToBaseFolder=true --ForceFetchDirindex=true --SubmitForms=true --RobotsTxt=true --CaseInsensitivePaths=false --UseCSA=true --UseAcuSensor=true --EnablePortScanning=true --UseSensorDataFromCrawl=revalidate --ScanningMode=Heuristic --TestWebAppsOnAllDirs=true --ManipHTTPHeaders=true -–UseWebKit=true
)

上面那种方式保存的是 .xml文件,想保存.wvs文件,不用配置保存目录:

@echo off
setlocal enabledelayedexpansion

rem 扫描列表路径
set file_list=C:/Users/Administrator/Desktop/domain.txt
rem wvs_console路径
set wvs_console=C:/Program Files (x86)/Acunetix/Web Vulnerability Scanner 10/wvs_console.exe

rem 循环抓取扫描url,保存到数据库
for /f %%i in (%file_list%) do (
"%wvs_console%" /scan %%i /Profile ws_default  /Verbose /SavetoDatabase /Timestamps  –-GetFirstOnly=false  --FetchSubdirs=true --RestrictToBaseFolder=true --ForceFetchDirindex=true --SubmitForms=true --RobotsTxt=true --CaseInsensitivePaths=false --UseCSA=true --UseAcuSensor=true --EnablePortScanning=false --UseSensorDataFromCrawl=revalidate --ScanningMode=Heuristic --TestWebAppsOnAllDirs=true --ManipHTTPHeaders=true -–UseWebKit=true)

这样 使用/SavetoDatabase 参数 会自动保存到数据库可以直接查看结果,扫描文件在我的文档中 D:\Documents\Acunetix WVS 10\Saves,也可以使用/save 设置保存目录