如果你想把AWVS的扫描数据导出,以及不想使用它的API,那么可以看看这个方法。
1. 登录容器,获取数据库密码:
cat /home/acunetix/.acunetix/wvs.ini|grep 'connection.password' |awk -F '=' '{print $2}'
# HcMKzXYgGwDv6IumYxvHZDndamYzuC (最后两位我马赛克掉了)
2. 登录使用容器内的postgresql连接(v_211220100需要更换为你的版本),以及输入你的密码
/home/acunetix/.acunetix/v_211220100/database/bin/psql -h localhost -U acunetix -p 35432 -d wvs -W
> (输入你的密码)
看看有什么表:
\dt
还不少呢~
Schema | Name | Type | Owner
--------+--------------------------+-------+----------
public | admin_records | table | acunetix
public | checks | table | acunetix
public | events | table | acunetix
public | excluded_hours | table | acunetix
public | fqdns | table | acunetix
public | groups | table | acunetix
public | intents | table | acunetix
public | issue_tracker2group | table | acunetix
public | issue_trackers | table | acunetix
public | licenses | table | acunetix
public | locations | table | acunetix
public | monthly_emails | table | acunetix
public | phone_validation | table | acunetix
public | pwd_history | table | acunetix
public | report_templates | table | acunetix
public | reports | table | acunetix
public | scan_session_jobs | table | acunetix
public | scan_session_vulns | table | acunetix
public | scan_session_vulns_stats | table | acunetix
public | scan_sessions | table | acunetix
public | scanning_profiles | table | acunetix
public | scans | table | acunetix
public | schedule_jobs | table | acunetix
public | schedules | table | acunetix
public | storage | table | acunetix
public | system_config | table | acunetix
public | system_config_mu | table | acunetix
public | target2group | table | acunetix
public | target_config_status | table | acunetix
public | target_configuration | table | acunetix
public | target_scan_kb | table | acunetix
public | target_trends | table | acunetix
public | target_vulns | table | acunetix
public | target_vulns_backup | table | acunetix
public | target_vulns_stats | table | acunetix
public | targets | table | acunetix
public | targets_allowed | table | acunetix
public | ttl_storage | table | acunetix
public | ui_sessions | table | acunetix
public | ui_settings | table | acunetix
public | uploads | table | acunetix
public | user2group | table | acunetix
public | user2shard | table | acunetix
public | users | table | acunetix
public | vuln_types | table | acunetix
public | vuln_types_localized | table | acunetix
public | wafs | table | acunetix
public | web_assets | table | acunetix
public | web_assets_config | table | acunetix
public | workers | table | acunetix
(50 rows)
和漏洞最相关的表:
target_vulns :扫描结果表
view_vuln_types_cn: 漏洞描述中文表
scan_session_vulns: 单次扫描任务表(存储请求和回包等信息)
targets:页面中添加的目标
SELECT row_to_json(t)
FROM (select name,
t1.criticality,
address,
app_id,
ssv.tags,
details_template,
impact,
view_vuln_types_cn.description,
recommendation,
ssv.request,
ssv.url
from target_vulns t1
join targets on t1.target_id = targets.target_id
join view_vuln_types_cn on t1.vt_id = view_vuln_types_cn.vt_id
join public.scan_session_vulns ssv on t1.vuln_hash = ssv.vuln_hash) as t;
输出example:
{"name":"PHP allow_url_fopen 已启用","criticality":10,"address":"http://testphp.vulnweb.com/","app_id":"aspect_php_allow_url_fopen_on.xml","tags":["verified","acusensor"],"details_template":"","impact":"应用程序相依 - 可能出 现远程文件包含漏洞。","description":"PHP 配置指令 allow_url_fop
en 已启用。启用时,此指令允许从远程位置(网站或 FTP 服务器)进行数据检索。在基于 PHP 的 Web 应用程序中报告的大量代码注入漏洞均是由启用 allow_url_fopen 和错误的输入筛选共同导致的。<br/><br/>allow_url_fopen 默认情况下为启用。","recommendation":"您可以从 php.ini(用于 4.3.4 之后的 PHP 版本)或 .htaccess(用于 4.3.4 及之前的 PHP 版本)禁用 allow_url_fopen。<br/><br/> <strong>php.ini</strong><br/> allow_url_fopen = 'off'<br/><br/> <strong>.htaccess</str
ong><br/> php_flag allow_url_fopen off<br/>","request":"","url":"http://testphp.vulnweb.com/"}
wow, windowful
也可以增加 \g vulns.json参数,导出到本地文件
SELECT row_to_json(t)
FROM (select name,
t1.criticality,
address,
app_id,
ssv.tags,
details_template,
impact,
view_vuln_types_cn.description,
recommendation,
ssv.request,
ssv.url
from target_vulns t1
join targets on t1.target_id = targets.target_id
join view_vuln_types_cn on t1.vt_id = view_vuln_types_cn.vt_id
join public.scan_session_vulns ssv on t1.vuln_hash = ssv.vuln_hash) as t \g vulns.json
便可以在文件夹中看到
root@ws:/home/acunetix/.acunetix/v_211220100/database/bin# ll -alh vulns.json
-rw-r--r-- 1 root root 86K Apr 13 21:55 vulns.json
然后就可以在宿主机使用docker cp 的指令,将文件拷贝到宿主机,然后就可以加工,以及用你熟悉的BI工具展示了呀~
AWVS数据库漏洞信息导出最先出现在帅核桃说。