11、get_ip_info 方法
I、调用文档
def get_ip_info(self, task_id, ip):
# 测试第二页,点击IP地址获取详情
info = sdk.get_ip_info(task_id="20230403070712",ip="192.168.136.1")
print(info)
POST /api/v1/getIPInfo HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 50
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"taskId":"20230404080804","ip":"192.168.136.132"}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 08:11:14 GMT
Connection: close
Content-Length: 3144
{"statusCode":200,"messages":"","data":{"taskId":"20230404080804","ip":"192.168.136.132","honeypot":"0","ports":[{"port":"80","baseprotocol":"tcp"},{"port":"22","baseprotocol":"tcp"}],"protocols":{"192.168.136.132:22":{"port":"22","hostinfo":"192.168.136.132:22","url":"","product":"Ubuntu-system|OpenSSH","protocol":"ssh","json":"{\"protocol\":\"ssh\",\"notretry\":false,\"base_protocol\":\"tcp\",\"status\":\"success\",\"banner\":\"SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5\\r\\n\\nserver_host_key:\\nfingerprint:M2+hR6D0POCdsVvBWh9BKYcTov0td5xRsINBDJthjyM\\nfingerprint_sha256:336fa147a0f43ce09db15bc15a1f41298713a2fd2d779c51b083410c9b618f23\",\"structinfo\":\"\",\"ip\":\"192.168.136.132\",\"port\":\"22\",\"time\":\"2023-04-04 08:44:24 +0000\"}\n","fid":[""],"products":["Ubuntu-system","OpenSSH"],"protocols":["ssh"]},"192.168.136.132:80":{"port":"80","hostinfo":"192.168.136.132:80","url":"","product":"Ubuntu-system|Nginx","protocol":"http","json":"{\"appserver\":[\"nginx\"],\"body\":\"\\u003c!DOCTYPE html\\u003e\\n\\u003chtml\\u003e\\n\\u003chead\\u003e\\n\\u003ctitle\\u003eWelcome to nginx!\\u003c/title\\u003e\\n\\u003cstyle\\u003e\\n body {\\n width: 35em;\\n margin: 0 auto;\\n font-family: Tahoma, Verdana, Arial, sans-serif;\\n }\\n\\u003c/style\\u003e\\n\\u003c/head\\u003e\\n\\u003cbody\\u003e\\n\\u003ch1\\u003eWelcome to nginx!\\u003c/h1\\u003e\\n\\u003cp\\u003eIf you see this page, the nginx web server is successfully installed and\\nworking. Further configuration is required.\\u003c/p\\u003e\\n\\n\\u003cp\\u003eFor online documentation and support please refer to\\n\\u003ca href=\\\"http://nginx.org/\\\"\\u003enginx.org\\u003c/a\\u003e.\\u003cbr/\\u003e\\nCommercial support is available at\\n\\u003ca href=\\\"http://nginx.com/\\\"\\u003enginx.com\\u003c/a\\u003e.\\u003c/p\\u003e\\n\\n\\u003cp\\u003e\\u003cem\\u003eThank you for using nginx.\\u003c/em\\u003e\\u003c/p\\u003e\\n\\u003c/body\\u003e\\n\\u003c/html\\u003e\\n\",\"domain\":\"192.168.136.132\",\"header\":\"HTTP/1.1 200 OK\\r\\nEtag: W/\\\"63e4a71b-264\\\"\\r\\nDate: Tue, 04 Apr 2023 08:44:19 GMT\\r\\nContent-Type: text/html\\r\\nServer: nginx/1.18.0 (Ubuntu)\\r\\nLast-Modified: Thu, 09 Feb 2023 07:56:11 GMT\\r\\n\",\"host\":\"192.168.136.132\",\"id\":\"http://192.168.136.132\",\"ip\":\"192.168.136.132\",\"isdomain\":false,\"os\":[\"ubuntu\"],\"port\":\"\",\"server\":\"nginx/1.18.0 (Ubuntu)\",\"subdomain\":\"\",\"title\":\"Welcome to nginx!\",\"version\":[\"nginx/1.18.0\"]}","fid":["bclL6A9aXzKBK/xoJrZeckSQ7gymt98+"],"products":["Ubuntu-system","Nginx"],"protocols":["http","web"]}},"tags":[{"rule_id":"209","product":"Nginx","company":"other","level":"3","category":"Service","parent_category":"Support System","softhard":"2","version":"1.18.0"},{"rule_id":"4528","product":"Ubuntu-system","company":"Canonical Ltd.","level":"2","category":"Operating System","parent_category":"Software System","softhard":"2","version":""},{"rule_id":"7512","product":"OpenSSH","company":"other","level":"3","category":"Other Support System","parent_category":"Support System","softhard":"2","version":"8.2p1"}],"hostnames":[""]}}
II、字段文档
更多使用说明访问:https://www.exp-9.com
12、get_web_list 方法
I、调用文档
def get_web_list(self, task_id, page=1, size=20):
# 测试第二页, 获取任务的Web漏洞列表
result = sdk.get_web_list("20230403073546", page=1, size=20)
print(result)
POST /api/v1/getWebList HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 67
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"taskId":"20230404080804","options":{"page":{"page":1,"size":20}}}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 08:36:25 GMT
Content-Length: 559
Connection: close
{"statusCode":200,"messages":"","data":{"taskId":"20230404080804","total":{"ips":2,"hosts":2,"ports":2},"lists":[{"ip":"192.168.136.1","port":"7001","hostinfo":"192.168.136.1:7001","url":"http://192.168.136.1:7001","server":"JSP3/2.0.14","title":"Oracle WebLogic Server 管理控制台","imgpath":"","fid":"OW8AeC9cKwa8TI0980pN7obnRtGFlnWv"},{"ip":"192.168.136.132","port":"80","hostinfo":"192.168.136.132:80","url":"http://192.168.136.132","server":"nginx/1.18.0 (Ubuntu)","title":"Welcome to nginx!","imgpath":"","fid":"bclL6A9aXzKBK/xoJrZeckSQ7gymt98+"}]}}
II、字段文档
13、get_pocs 方法
I、调用文档
def get_pocs(self, task_id, query, reload_pocs=False, order_by='vul_nums', order='desc', page=1, page_size=20):
# 测试第三页 ,获取poc列表
result = sdk.get_pocs(task_id="20230404020131", query="vultype=0 && vulcategory=\"all\"",
reload_pocs=False, order_by="vul_nums", order="desc", page=1, page_size=20)
print(result)
POST /api/v1/getPocs HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 191
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"taskId":"20230404080804","query":"vultype=0 && vulcategory=\"all\"","options":{"reloadPocs":false,"order":{"vul_nums":"desc","level":"desc","host_nums":"desc"},"page":{"page":1,"size":20}}}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 08:47:26 GMT
Connection: close
Content-Length: 4576
{"statusCode":200,"messages":"","data":{"taskId":"20230404080804","total":{"general":333,"bruteforce":10,"search_general":333,"search_bruteforce":0},"lists":[{"category":"system","pocType":"","fileName":"DS_Store_found.json","name":"DS_Store found","level":"3","gifAddress":"","host_nums":2,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"Git_repository_found.json","name":"Git repository found","level":"3","gifAddress":"","host_nums":2,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"JetBrains_idea_project_directory.json","name":"JetBrains .idea project directory","level":"2","gifAddress":"","host_nums":2,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"SVN_repository_found.json","name":"SVN repository found","level":"3","gifAddress":"","host_nums":2,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"BlueKeep_Microsoft_Remote_Desktop_RCE.json","name":"BlueKeep Microsoft Remote Desktop RCE (CVE-2019-0708)","level":"3","gifAddress":"","host_nums":1,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"Cisco_HyperFlex_HX_Data_Platform_Command_Injection_CVE_2021_1498.json","name":"Cisco HyperFlex HX Data Platform Command Injection (CVE-2021-1498)","level":"3","gifAddress":"","host_nums":1,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"Cisco_HyperFlex_HX_Data_Platform_File_Upload_CVE_2021_1499.json","name":"Cisco HyperFlex HX Data Platform File Upload (CVE-2021-1499)","level":"3","gifAddress":"","host_nums":1,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"smb_ms17_010.json","name":"Eternalblue/DOUBLEPULSAR MS17-010 SMB RCE","level":"3","gifAddress":"","host_nums":1,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"74cms_plus_ajax_common_SQLi.json","name":"74CMS SQLi with Plus ajax common","level":"3","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"74cms_plus_weixin_SQLi.json","name":"74CMS SQLi with Plus weixin","level":"3","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"mini_httpd_File_Read_CVE_2018_18778.json","name":"ACME mini_httpd Arbitrary File Read (CVE-2018-18778)","level":"2","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"ActiveMQ_RCE_CVE_2016_3088.json","name":"ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088)","level":"3","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"ActiveMQ_default_account.json","name":"ActiveMQ default admin account","level":"2","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"ActiveMQ_RCE_CVE_2015_5254.json","name":"ActiveMQ Deserialization Vulnerability (CVE-2015-5254)","level":"3","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"adslr_router_default_password.json","name":"adslr router default password","level":"2","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"Alibaba_canal_Leakage_of_sensitive_information.json","name":"Alibaba canal Leakage of sensitive information","level":"2","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"druid_unauthorized.json","name":"Alibaba Druid unauthorized access","level":"2","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"Amcrest_Dahua_Audio_Streaming_CVE_2019_3948.json","name":"Amcrest/Dahua Unauthenticated-Audio-Streaming (CVE-2019-3948)","level":"2","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":false},{"category":"system","pocType":"","fileName":"amtt_eFlow_HiBOS_server_ping_CommandInjection.json","name":"AMTT eFlow HiBOS server Ping Command Injection","level":"3","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":true},{"category":"system","pocType":"","fileName":"ANTlabs_IG3100_default_account.json","name":"ANTlabs IG3100 telnet default account","level":"3","gifAddress":"","host_nums":0,"vul_nums":0,"scanTime":"","hasexp":true}],"failed":null,"tags":null}}
II、字段文档
14、get_failed_pocs 方法
I、调用文档
def get_failed_pocs(self):
# 测试第三页获取失败的poc列表
result = sdk.get_failed_pocs()
print(result)
GET /api/v1/getFailedPocs HTTP/1.1
Content-Type: application/json;charset=UTF-8
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
content-length: 0
Connection: close
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 08:47:27 GMT
Content-Length: 56
Connection: close
{"statusCode":200,"messages":"","data":{"faileds":null}}
II、字段文档
GET 请求
15、get_vuln_statistics 方法
I、调用文档
def get_vuln_statistics(self, task_id):
# 第三页获取任务的漏洞统计数据
vuln_stats = sdk.get_vuln_statistics(task_id="20230404020131")
print(vuln_stats)
POST /api/v1/vulnerabilityStatisticsData HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 27
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"taskId":"20230404020131"}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 09:07:46 GMT
Content-Length: 277
Connection: close
{"statusCode":200,"messages":"","data":{"ip":{"total":65,"risk":4},"port":{"total":33,"risk":5},"asset":{"total":0,"risk":0},"protocol":{"total":0,"risk":0},"level":[{"name":"Critical","value":4},{"name":"High","value":2},{"name":"Medium","value":1},{"name":"Low","value":0}]}}
II、字段文档