AWVS数据库漏洞信息导出

Posted on by admin

如果你想把AWVS的扫描数据导出,以及不想使用它的API,那么可以看看这个方法。

1. 登录容器,获取数据库密码:

    cat /home/acunetix/.acunetix/wvs.ini|grep 'connection.password' |awk -F '=' '{print $2}'

# HcMKzXYgGwDv6IumYxvHZDndamYzuC (最后两位我马赛克掉了)

    2. 登录使用容器内的postgresql连接(v_211220100需要更换为你的版本),以及输入你的密码

    /home/acunetix/.acunetix/v_211220100/database/bin/psql -h localhost -U acunetix -p 35432 -d wvs -W
> (输入你的密码)

看看有什么表:
\dt
还不少呢~
 Schema |           Name           | Type  |  Owner
--------+--------------------------+-------+----------
 public | admin_records            | table | acunetix
 public | checks                   | table | acunetix
 public | events                   | table | acunetix
 public | excluded_hours           | table | acunetix
 public | fqdns                    | table | acunetix
 public | groups                   | table | acunetix
 public | intents                  | table | acunetix
 public | issue_tracker2group      | table | acunetix
 public | issue_trackers           | table | acunetix
 public | licenses                 | table | acunetix
 public | locations                | table | acunetix
 public | monthly_emails           | table | acunetix
 public | phone_validation         | table | acunetix
 public | pwd_history              | table | acunetix
 public | report_templates         | table | acunetix
 public | reports                  | table | acunetix
 public | scan_session_jobs        | table | acunetix
 public | scan_session_vulns       | table | acunetix
 public | scan_session_vulns_stats | table | acunetix
 public | scan_sessions            | table | acunetix
 public | scanning_profiles        | table | acunetix
 public | scans                    | table | acunetix
 public | schedule_jobs            | table | acunetix
 public | schedules                | table | acunetix
 public | storage                  | table | acunetix
 public | system_config            | table | acunetix
 public | system_config_mu         | table | acunetix
 public | target2group             | table | acunetix
 public | target_config_status     | table | acunetix
 public | target_configuration     | table | acunetix
 public | target_scan_kb           | table | acunetix
 public | target_trends            | table | acunetix
 public | target_vulns             | table | acunetix
 public | target_vulns_backup      | table | acunetix
 public | target_vulns_stats       | table | acunetix
 public | targets                  | table | acunetix
 public | targets_allowed          | table | acunetix
 public | ttl_storage              | table | acunetix
 public | ui_sessions              | table | acunetix
 public | ui_settings              | table | acunetix
 public | uploads                  | table | acunetix
 public | user2group               | table | acunetix
 public | user2shard               | table | acunetix
 public | users                    | table | acunetix
 public | vuln_types               | table | acunetix
 public | vuln_types_localized     | table | acunetix
 public | wafs                     | table | acunetix
 public | web_assets               | table | acunetix
 public | web_assets_config        | table | acunetix
 public | workers                  | table | acunetix
(50 rows)

    和漏洞最相关的表:

    target_vulns :扫描结果表

    view_vuln_types_cn: 漏洞描述中文表

    scan_session_vulns: 单次扫描任务表(存储请求和回包等信息)

    targets:页面中添加的目标

    SELECT row_to_json(t)
FROM (select name,
             t1.criticality,
             address,
             app_id,
             ssv.tags,
             details_template,
             impact,
             view_vuln_types_cn.description,
             recommendation,
             ssv.request,
             ssv.url
      from target_vulns t1
               join targets on t1.target_id = targets.target_id
               join view_vuln_types_cn on t1.vt_id = view_vuln_types_cn.vt_id
               join public.scan_session_vulns ssv on t1.vuln_hash = ssv.vuln_hash) as t;

    输出example:

    {"name":"PHP allow_url_fopen 已启用","criticality":10,"address":"http://testphp.vulnweb.com/","app_id":"aspect_php_allow_url_fopen_on.xml","tags":["verified","acusensor"],"details_template":"","impact":"应用程序相依 - 可能出 现远程文件包含漏洞。","description":"PHP 配置指令 allow_url_fop
en 已启用。启用时,此指令允许从远程位置(网站或 FTP 服务器)进行数据检索。在基于 PHP 的 Web 应用程序中报告的大量代码注入漏洞均是由启用 allow_url_fopen 和错误的输入筛选共同导致的。<br/><br/>allow_url_fopen 默认情况下为启用。","recommendation":"您可以从 php.ini(用于 4.3.4 之后的 PHP 版本)或 .htaccess(用于 4.3.4 及之前的 PHP 版本)禁用 allow_url_fopen。<br/><br/> <strong>php.ini</strong><br/> allow_url_fopen = 'off'<br/><br/> <strong>.htaccess</str
ong><br/> php_flag allow_url_fopen off<br/>","request":"","url":"http://testphp.vulnweb.com/"}

    wow, windowful

    也可以增加 \g vulns.json参数,导出到本地文件

    SELECT row_to_json(t)
FROM (select name,
             t1.criticality,
             address,
             app_id,
             ssv.tags,
             details_template,
             impact,
             view_vuln_types_cn.description,
             recommendation,
             ssv.request,
             ssv.url
      from target_vulns t1
               join targets on t1.target_id = targets.target_id
               join view_vuln_types_cn on t1.vt_id = view_vuln_types_cn.vt_id
               join public.scan_session_vulns ssv on t1.vuln_hash = ssv.vuln_hash) as t \g vulns.json

    便可以在文件夹中看到

    root@ws:/home/acunetix/.acunetix/v_211220100/database/bin# ll -alh vulns.json
-rw-r--r-- 1 root root 86K Apr 13 21:55 vulns.json

    然后就可以在宿主机使用docker cp 的指令,将文件拷贝到宿主机,然后就可以加工,以及用你熟悉的BI工具展示了呀~

    发表回复

    您的邮箱地址不会被公开。 必填项已用 * 标注