16、get_vulnerability_search 方法
I、调用文档
get_vulnerability_search 接受参数:
def get_vulnerability_search(self, task_id, page=1, size=20):
vulnerability_search = sdk.get_vulnerability_search(task_id="20230404020131",page=2,size=20)
print(vulnerability_search)
POST /api/v1/vulnerabilityStatisticsData HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 27
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"taskId":"20230404020131"}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 09:07:46 GMT
Content-Length: 277
Connection: close
{"statusCode":200,"messages":"","data":{"ip":{"total":65,"risk":4},"port":{"total":33,"risk":5},"asset":{"total":0,"risk":0},"protocol":{"total":0,"risk":0},"level":[{"name":"Critical","value":4},{"name":"High","value":2},{"name":"Medium","value":1},{"name":"Low","value":0}]}}
II、字段文档
17、get_poc_info 方法
I、调用文档
def get_poc_info(self, vul_name):
# 获取指漏洞详情描述
result = sdk.get_poc_info(vul_name="Redis unauthorized")
print(result)
POST /api/v1/getPOCInfo HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 32
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"vulname":"Redis unauthorized"}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 09:29:50 GMT
Content-Length: 1120
Connection: close
{"statusCode":200,"messages":"","data":{"title":"Redis unauthorized","level":"3","vulfile":"redis_unauthorized.json","description":"Redis, is an open source, widely popular data structure tool that can be used as an in-memory distributed database, message broker or cache. Since it is designed to be accessed inside trusted environments, it should not be exposed on the Internet. However, some Redis are bind to public interface and even has no password authentication protection.","impact":"Under certain conditions, if Redis runs with the root account (or not even), attackers can write an SSH public key file to the root account, directly logging on to the victim server through SSH. This may allow hackers to gain server privileges, delete or steal data, or even lead to an encryption extortion, critically endangering normal business services.","recommendation":"- Don't bind to 0.0.0.0\u003cbr/\u003e- Set a password (for everything)","disclosureDate":"2015-11-11","gifAddress":"","expparams":[],"references":["http://static.nosec.org/download/redis_crackit_v1.1.pdf"],"tags":["unauthorized"],"category":"system"}}
II、字段文档
18、get_ip_segment 方法
I、调用文档
def get_ip_segment(self, task_id, segment_type):
# 测试第四页报告,获取指定任务下的IP段信息
result = sdk.get_ip_segment(task_id="20230404020131", type="0")
print(result)
POST /api/v1/ipSegment HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 38
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"taskId":"20230404080804","type":"0"}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 09:39:26 GMT
Content-Length: 102
Connection: close
{"statusCode":200,"messages":"","data":{"lists":[{"name":"192.168.0.0","value":5}],"total":{"ips":1}}}
II、字段文档
更多使用说明访问:https://www.exp-9.com
19、get_vul_analysis 方法
I、调用文档
def get_vul_analysis(self, task_id):
# 测试第四页报告,获取任务的漏洞分析数据
result = sdk.get_vul_analysis(task_id="20230404020131")
print(result)
POST /api/v1/getVulAnalysis HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 27
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"taskId":"20230404020131"}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 09:46:46 GMT
Content-Length: 138
Connection: close
{"statusCode":200,"messages":"","data":{"application":[{"name":"django","data":[0,1,0,0]}],"service":[{"name":"redis","data":[0,0,0,3]}]}}
II、字段文档
20、get_asset_tags 方法
I、调用文档
def get_asset_tags(self, task_id):
# 测试第四页报告,获取指定任务的资产标签数据
asset_tags = sdk.get_asset_tags(task_id="20230404020131")
print(asset_tags)
POST /api/v1/assetTags HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 27
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"taskId":"20230404080804"}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 09:54:49 GMT
Content-Length: 723
Connection: close
{"statusCode":200,"messages":"","data":{"nodes":[{"id":"root","group":0,"groupname":""},{"id":"192.168.136.0","group":0,"groupname":""},{"id":"192.168.136.1","group":0,"groupname":""},{"id":"192.168.136.132","group":0,"groupname":""},{"id":"192.168.136.2","group":0,"groupname":""},{"id":"192.168.136.255","group":0,"groupname":""}],"links":[{"source":"root","target":"192.168.136.0","value":1,"visibledefault":true},{"source":"root","target":"192.168.136.1","value":1,"visibledefault":true},{"source":"root","target":"192.168.136.132","value":1,"visibledefault":true},{"source":"root","target":"192.168.136.2","value":1,"visibledefault":true},{"source":"root","target":"192.168.136.255","value":1,"visibledefault":true}]}}
II、字段文档
更多使用说明访问:https://www.exp-9.com
21、get_env_info 方法
I、调用文档
get_env_info 接受参数:GET 请求
功能:获取系统环境信息
调用方法:
# 设置页面:获取环境信息
result = sdk.get_env_info()
print(result)
GET /api/v1/getEnvi HTTP/1.1
Content-Type: application/json;charset=UTF-8
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Content-Length: 0
Connection: close
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 10:01:19 GMT
Content-Length: 537
Connection: close
{"statusCode":200,"messages":"","data":{"chromePath":"","dataIntegrity":"ok","datadir":"/root/goby-linux-x64-2.4.5/golib","dir":"/root/goby-linux-x64-2.4.5/golib","dnsServer":"8.8.8.8:53","gid":"b1xxxxb6cabeb4","godserver":"https://gobygo.net","interface":"ens33","ip":"192.168.136.133","key":"862338xxxxa37b12","midKey":"5add270cexxxxxxx7545c98147","network":"192.168.136.133/24","pcapVersion":"libpcap version 1.9.1 (with TPACKET_V3)","proxyServer":"http://xxxxxx","userRuleSize":"0","vulVersion":"20210101010101"}}
II、字段文档
GET 请求
chromePath:字符串类型,表示Chrome浏览器的路径。
dataIntegrity:字符串类型,表示数据的完整性,这里为ok。
datadir:字符串类型,表示程序的数据目录路径。
dir:字符串类型,表示程序的目录路径。
dnsServer:字符串类型,表示DNS服务器的地址。
gid:字符串类型,表示程序的组ID。
godserver:字符串类型,表示Goby的官网地址。
interface:字符串类型,表示程序监听的网卡名称。
ip:字符串类型,表示程序监听的IP地址。
key:字符串类型,表示程序的key。
midKey:字符串类型,表示程序的中间key。
network:字符串类型,表示程序监听的网段。
pcapVersion:字符串类型,表示程序使用的libpcap库的版本号。
proxyServer:字符串类型,表示程序使用的代理服务器地址。
userRuleSize:字符串类型,表示用户规则的数量。
vulVersion:字符串类型,表示程序使用的漏洞库版本号。
22、set_env_info 方法
I、调用文档
set_env_info 接受参数(暂时未支持部分参数设置):
def set_env_info(self, dns_server, proxy_server):
# 设置页面:设置系统环境信息,代理
result = sdk.set_env_info(dns_server="8.8.8.8:53",proxy_server="http://192.168.1.4:1080")
print(result)
POST /api/v1/setEnvi HTTP/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 66
Authorization: Basic dXNlcjpwYXNz
host: 192.168.136.133:8361
Connection: close
{"dnsServer":"8.8.8.8:53","proxyServer":"http://192.168.1.1:1080"}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 10 Apr 2023 10:11:09 GMT
Content-Length: 44
Connection: close
{"statusCode":200,"messages":"","data":true}
II、字段文档
更多使用说明访问:https://www.exp-9.com