三大漏洞扫描工具报告获取
整合arachni、openvas、nesuss三个漏洞扫描工具的报告获取、尽量使用docker方式,不影响环境
# arachni
- 确认docker正常运行
[root@summer ~]# docker run -d --name arachni_docker -p 9292:9292 arachni/arachni /usr/local/arachni/bin/arachni_web -o 0.0.0.0
d1223944d2eb9fe7695a30bb33248d6e1c81c499d1ab9c38355df7da07f85a15
[root@summer ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83223944d2eb arachni/arachni "/usr/local/arachni/…" 3 seconds ago Up 2 seconds 22/tcp, 7331/tcp, 0.0.0.0:9292->9292/tcp arachni_docker
1
2
3
4
5
2
3
4
5
- 进入容器
[root@localhost ~]# docker exec -it 83 /bin/bash
root@83605746c360:/# cd /usr/local/arachni/bin/
root@83605746c360:/usr/local/arachni/bin# ll
total 80
drwxrwxr-x 1 500 500 6 May 16 05:47 ./
drwxr-xr-x 1 root root 31 Dec 29 2018 ../
-rwxrwxr-x 1 500 500 370 Mar 29 2017 arachni*
-rwxrwxr-x 1 500 500 378 Mar 29 2017 arachni_console*
-rwxrwxr-x 1 500 500 376 Mar 29 2017 arachni_multi*
-rwxrwxr-x 1 500 500 379 Mar 29 2017 arachni_reporter*
-rwxrwxr-x 1 500 500 380 Mar 29 2017 arachni_reproduce*
-rwxrwxr-x 1 500 500 382 Mar 29 2017 arachni_rest_server*
-rwxrwxr-x 1 500 500 378 Mar 29 2017 arachni_restore*
-rwxrwxr-x 1 500 500 374 Mar 29 2017 arachni_rpc*
-rwxrwxr-x 1 500 500 375 Mar 29 2017 arachni_rpcd*
-rwxrwxr-x 1 500 500 383 Mar 29 2017 arachni_rpcd_monitor*
-rwxrwxr-x 1 500 500 377 Mar 29 2017 arachni_script*
-rwxrwxr-x 1 500 500 417 Mar 29 2017 arachni_shell*
-rwxrwxr-x 1 500 500 389 Mar 29 2017 arachni_web*
-rwxrwxr-x 1 500 500 381 Mar 29 2017 arachni_web_change_password*
-rwxrwxr-x 1 500 500 377 Mar 29 2017 arachni_web_create_user*
-rwxrwxr-x 1 500 500 372 Mar 29 2017 arachni_web_import*
-rwxrwxr-x 1 500 500 377 Mar 29 2017 arachni_web_scan_import*
-rwxrwxr-x 1 500 500 375 Mar 29 2017 arachni_web_script*
-rwxrwxr-x 1 500 500 389 Mar 29 2017 arachni_web_task*
-rw-rw-r-- 1 500 500 904 Mar 29 2017 readlink_f.sh
root@83605746c360:/usr/local/arachni/bin#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
- 扫描并获取报告
- 例如需要扫描的地址为:https://192.168.xx.xx:8081/
- 注意:扫描结果将保存在( XX.afr) 文件中,Arachni 框架报告 ( 可重命名:地址+git版本号.html.zip)
root@83605746c360:/usr/local/arachni/bin# ./arachni --output-verbose --scope-include-subdomains https://192.168.xx.xx:8081/ --report-save-path=192.168.xx.xx.afr
...
...
root@83605746c360:/usr/local/arachni/bin# ll | grep 192
-rw-r--r-- 1 root root 11503 May 16 05:52 192.168.xx.xx.afr
root@83605746c360:/usr/local/arachni/bin# ./arachni_reporter 192.168.xx.xx.afr --reporter=html:outfile=192.168.xx.xx.html.zip
...
...
root@83605746c360:/usr/local/arachni/bin# ll | grep 192
-rw-r--r-- 1 root root 11503 May 16 05:52 192.168.xx.xx.afr
-rw-r--r-- 1 root root 618661 May 16 05:54 192.168.xx.xx.html.zip
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
# openvas
- 扫描并保存报告
[root@summer ~]# mkdir test
[root@summer ~]# cd test
[root@summer test]# docker run --rm -v $(pwd):/reports/:rw thedoctor0/openvas-docker-lite python3 -u scan.py 192.168.xx.xx -f PDF
Starting OpenVAS...
Starting scan with settings:
* Target: 192.168.xx.xx
* Excluded hosts:
* Scan profile: Full and fast
* Scan ports: All TCP and Nmap top 100 UDP
* Alive tests: ICMP, TCP-ACK Service & ARP Ping
* Max hosts: 10
* Max checks: 3
* Report format: PDF
* Output file: openvas.report
Performed initial cleanup.
Created target with id: 172168d0-a28b-4afd-a438-1adad00845c6.
Created task with id: 9acfe12f-5c68-4182-9d6b-efa292062b4c.
Started task.
Waiting for task to finish...
Task status: Requested 0%
Task status: Requested 0%
Task status: Queued 0%
Task status: Running 0%
Task status: Running 2%
Task status: Running 2%
Task status: Running 2%
Task status: Running 4%
Task status: Running 6%
Task status: Running 6%
Task status: Running 6%
Task status: Running 6%
Task status: Running 6%
Task status: Running 6%
...
...
Task status: Running 98%
Task status: Running 98%
Task status: Running 98%
Task status: Running 98%
Task status: Complete
Finished processing task.
Generated report.
Saved report to /reports/openvas.report.
Done!
[root@summer test]# ll
total 240
-rw-r--r-- 1 root root 244149 May 16 16:29 openvas.report
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
- 此处重命名:(地址+git版本号).openvas.pdf
[root@summer test]# mv openvas.report openvas.pdf
[root@summer test]# ll
total 240
-rw-r--r-- 1 root root 244149 May 16 16:29 openvas.pdf
1
2
3
4
2
3
4
# nesuss
- python脚本,执行后当前目录下拿html文件
# -*- coding: utf-8 -*-
"""
@Time : 2022/5/16 16:46
@Author : summer
@File : test_scan.py
@Software: PyCharm
"""
import re
import time
import json
import requests
import urllib3
urllib3.disable_warnings()
class Scanning_Nessus:
def __init__(self, url, user, passwd, scan_host):
"""
扫描工具url地址,登录用户名,密码,要扫描的目标主机
"""
self.url = url
self.user = user
self.passwd = passwd
self.scan_name = scan_host
self.s = requests.Session()
self.s.headers.update({
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36',
'X-API-Token': 'fb6b9917-788e-4d5b-aee1-d54bb588cd2a'})
self.token = None
self.file_token = None
self.scan_id = 122
self.folder_id = 14
self.file_path = './{}.nessus.html'.format(time.strftime("%Y-%m-%d %H_%M_%S"))
def login(self):
"""登录"""
result = self.s.post(url=f'{self.url}session', data={'password': self.user, 'username': self.passwd},
verify=False)
result.raise_for_status()
self.token = json.loads(result.content.decode())
self.s.headers.update({'X-Cookie': f'token={self.token["token"]}'})
def scan(self):
"""开始扫描"""
result = self.s.post(url='{}scans/{}/launch'.format(self.url, self.scan_id), verify=False)
result.raise_for_status()
def chk_scan(self, timeout=3600, inter_tmie=60):
"""检查扫描是否结束"""
# 检查 扫描是否接收
start_time = time.time()
scan_end = False
while time.time() - start_time < timeout:
result = self.s.get(url='{}scans?folder_id={}'.format(self.url, self.folder_id), verify=False)
result.raise_for_status()
dit_result = json.loads(result.content.decode())
for i in dit_result.get('scans', []):
if i['name'] == self.scan_name and i['id'] == self.scan_id and i['status'] != 'running':
scan_end = True
break
else:
time.sleep(inter_tmie)
self.login()
if scan_end:
break
return scan_end
def get_file(self):
"""获取文件信息"""
data = {"format": "html", "chapters": "custom;vuln_by_host;vulnerabilities",
"reportContents": {"csvColumns": {},
"vulnerabilitySections": {
"synopsis": True,
"description": True,
"see_also": True, "solution": True,
"risk_factor": True,
"cvss3_base_score": True,
"cvss3_temporal_score": True,
"cvss_base_score": True,
"cvss_temporal_score": True,
"stig_severity": True,
"references": True,
"exploitable_with": True,
"plugin_information": True,
"plugin_output": True},
"hostSections": {
"scan_information": True,
"host_information": True},
"formattingOptions": {
"page_breaks": True}},
"extraFilters": {"host_ids": [], "plugin_ids": []}}
result = self.s.post(url=f'{self.url}scans/{self.scan_id}/export?limit=2500', data=data)
result.raise_for_status()
self.file_token = json.loads(result.content.decode())
def chk_file(self):
"""检查文件是否 准备好 可以下载"""
start = time.time()
while time.time() - start < 60:
result = self.s.get(url='{}tokens/{}/status'.format(self.url, self.file_token['token']),
verify=False)
status = json.loads(result.content.decode()).get('status')
print(status)
if status == 'ready':
# 下载
result = self.s.get(url="{}tokens/{}/download".format(self.url, self.file_token['token']),
verify=False)
# time.sleep(10)
with open(self.file_path, 'w', encoding='utf-8') as f:
for i in result.iter_content(1024):
f.write(i.decode())
break
else:
time.sleep(5)
def __call__(self):
try:
self.login()
self.scan()
self.chk_scan()
self.get_file()
except Exception as e:
print(f'login error: {e}')
else:
self.chk_file()
if __name__ == '__main__':
try:
Scanning_Nessus("https://192.168.x.x:8834/", "admin", "admin", "192.168.x.x")()
except Exception as e:
raise e
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
上次更新: 5/24/2022, 6:25:02 PM