AWVS V0.2

BigYoungs · Dec 1, 2023 · 05a7a36 · 05a7a36
1 parent 6f7100e
commit 05a7a36
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 3 deletions.
diff --git a/AWVS/AWVS漏洞通知.png b/AWVS/AWVS漏洞通知.png
diff --git a/AWVS/app.json b/AWVS/app.json
@@ -1,14 +1,18 @@
 {
   "identification": "w5soar",
   "is_public": false,
-  "name": "创建AWVS扫描",
-  "version": "0.1",
-  "description": "通过调用AWVS接口，实现发起批量扫描任务以及相关功能",
+  "name": "AWVS接口功能",
+  "version": "0.2",
+  "description": "通过调用AWVS接口，实现发起批量扫描任务、新增漏洞通知以及相关功能",
   "type": "安全扫描",
   "action": [
     {
       "name": "批量发起扫描",
       "func": "scan_main"
+    },
+    {
+      "name": "新增漏洞通知",
+      "func": "get_vul"
     }
   ],
   "args": {
@@ -54,6 +58,23 @@
         "required": true,
         "default": "AVWS API发起"
       }
+    ],
+    "get_vul": [
+      {
+        "key": "api_key",
+        "type": "text",
+        "required": true
+      },
+      {
+        "key": "awvs_url",
+        "type": "text",
+        "required": true
+      },
+      {
+        "key": "vul_level",
+        "type": "text",
+        "required": true
+      }
     ]
   }
 }
diff --git a/AWVS/main/run.py b/AWVS/main/run.py
@@ -6,13 +6,69 @@
 # 免责声明：禁止用于非法用途，一切违法行为与作者无关。
 
 import json
+import os
 import sys
 
 # 导入日记库，没有请先安装 pip install loguru
 import requests
 from loguru import logger
 
 
+# 定时获取AWVS漏洞
+async def get_vul(awvs_url, api_key, vul_level="3,2,1,0"):
+    """
+    获取AWVS漏洞
+    :param awvs_url: awvs的接口地址
+    :param api_key:  awvs的认证token
+    :param target_id:  awvs的目标id
+    :return:
+    """
+    try:
+        import requests, datetime, json, time
+    except Exception as e:
+        logger.error(f"[{sys._getframe().f_code.co_name}]该APP导入包失败，请先pip install 相关包，报错信息：{e}")
+
+    headers = {'Content-Type': 'application/json; charset=utf8', "X-Auth": api_key}
+    get_target_url = f'{awvs_url}/api/v1/vulnerability_types?l=100&q=status:open;severity:{vul_level};'
+    result = {
+        "new_vul_count": 0,
+    }
+    try:
+        # 判断count.txt文件是否存在
+        if os.path.exists('count.txt'):  # 文件存在
+            # 如果存在，读取count.txt文件的值
+            with open('count.txt', 'r') as f:
+                last_vul_count = int(f.read())
+            result['last_vul_count'] = last_vul_count
+
+            response = requests.get(get_target_url, headers=headers, timeout=30, verify=False).json()
+            high_count = 0
+            for xxxx in response['vulnerability_types']:
+                high_count = high_count + xxxx['count']
+
+            if high_count != last_vul_count:
+                result['new_vul_count'] = high_count - last_vul_count
+
+                # 把high_count的值写入count.txt文件，用于下次对比
+                with open('count.txt', 'w') as f:
+                    f.write(str(high_count))
+        else:  # 文件不存在
+            response = requests.get(get_target_url, headers=headers, timeout=30, verify=False).json()
+            init_high_count = 0
+            for xxxx in response['vulnerability_types']:
+                init_high_count = init_high_count + xxxx['count']
+            # 把init_high_count的值写入count.txt文件，用于下次对比
+            with open('count.txt', 'w') as f:
+                f.write(str(init_high_count))
+            result['new_vul_count'] = init_high_count
+            result['last_vul_count'] = 0
+
+        return {"status": 1, "result": result}
+    except Exception as e:
+        logger.error(f"AWVS获取漏洞数异常，报错信息：{e}")
+        return {"status": 2, "result": {}}
+
+
 def addTask(url, target, headers, scan_label):
     """
     AWVS添加任务

diff --git a/AWVS/readme.md b/AWVS/readme.md
@@ -12,6 +12,8 @@
 
 ### scan_main
 
+发起AWVS扫描任务，支持不同的扫描类型、批量扫描
+
 **参数：**
 
 | 参数             | 类型       | 必填  | 备注                                                                                                                                                  |
@@ -35,6 +37,29 @@
 }
 ```
 
+### get_vul
+
+查询AWVS的漏洞数量，可设置不同等级的漏洞数量，需配合定时器一起使用
+
+**参数：**
+
+| 参数             | 类型       | 必填  | 备注                                                                                                                                                  |
+|----------------|----------|-----|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| **awvs_url**   | text     | `是` | AWVS的url                                                                                                                                            |
+| **api_key**    | text     | `是` | 调用AWVS的认证token                                                                                                                                      |
+| **vul_level**  | text     | `是` | 接收新增漏洞等级范围，如：3,2,1,0  对应：高危，中危，低危，信息                                                                                                                |
+
+**返回值：**
+
+```
+# 1 代表返回正常
+{'status': 1, 'result': {'new_vul_count': 0, 'last_vul_count': 19}}
+```
+
+剧本示例：
+
+![AWVS漏洞通知剧本效果](./AWVS漏洞通知.png)
+
 ## 其他内容
 
 使用的AWVS版本：