WebInspect在cmd下操作教程(带java调用例子)
2012-06-14 17:14
351 查看
wi.exe-u url [-s file] [-ws file] [-Framework name] [-CrawlCoverage name]
[-ps policyID | -pc path][-ab|an|am|ad|aa|ak {creds}] [-o|c]
[-n name] [-e[abcdefghijklmno] file][-x|xd|xa|xn] [-b filepath] [-v] [-?
]
[-r report_name -y report_type -w report_favorite-f report_export_file -
g[phacxe]
[-t compliance_template_file]] [-dfilepath -m filename]
[-i scanid] [-ir scanid] [-db] [-?]
General---------------------------------------------------------
-? show usage
命令帮助
-u {url} url (orIP Address)
URL
-s {settings file} settings file 设置文件
-db use the database defined in thesettings file
使用设置中的定义配置数据库
-ws {designfile} web service design file WEB服务器文件设置
-o audit only(requires policy -p)
-c crawl only
-n {name} scan name (does not apply whenresuming a scan)
-b {filepath} use given SecureBase file
-d {filepath} move db to filepath (usedwith -m)
-m {filename} move db to filename (usedwith -d)
-i {scan id} scan id
-ir {scan id} resume scan with thespecified id
Restrictto root folder -----------------------------------------
-xDirectory Only (self)
-xd Directory and subdirectory(descendants)
-xa Directory and parents (ancestors)
-xn No Restrictions
Framework-------------------------------------------------------
-Framework{framework name} framework description
Oracle optimal scanning of applicationbuilt with
Oracle ADF Faces technology
CrawlCoverage --------------------------------------------------
-CrawlCoverage{coverage name} crawl coverage description
Thorough perform an exhaustive crawl ofyour site
Default focus more on coverage thenperformance
Moderate an overall good balance ofcoverage and speed
Quick focus on breadth and performance
AuditPolicy ----------------------------------------------------
-ps{policy ID} policy for audit
1 Standard
2 Assault
3 SOAP
4 Quick
5 Safe
6 Development
7 Blank
16 QA
17 Application
18 Platform
1001 SQL Injection
1002 Cross-Site Scripting
1003 OWASP Top 10 Application SecurityRisks 2007
1004 All Checks
1005 Passive
1007 SAP
1008 Criticals and Highs
1009 OWASP Top 10 Application SecurityRisks 2010
-pc{policy path} custom policy file path
Authentication--------------------------------------------------
-ab"userid:pwd" basic authentication mode
基本身份验证模式
-an "userid:pwd" NTLMauthentication mode
NTLM身份验证模式
-ad "userid:pwd" digestauthentication mode
摘要式身份验证模式
-ak "userid:pwd" kerberosauthentication mode
Kerberos身份验证模式
-aa "userid:pwd" automaticauthentication mode
自动身份验证模式
-am {macro path} web macro authenticationmode
网页宏认证模式
Output----------------------------------------------------------
-ea{filepath} export scan in full XML format完整的XML格式的扫描
-eb {filepath} export scan details(Full) in XML
在XML导出扫描的详细信息(全)
-ec {filepath} export scan details(Comments) in XML
(评论)
-ed {filepath}export scan details (Hidden Fields) in XML (隐藏字段)
-ee {filepath}export scan details (Script) in XML
(脚本)
-ef {filepath} export scan details (SetCookies) in XML
(设置Cookies)
-eg {filepath}export scan details (Web Forms) in XML (Web窗体)
-eh {filepath} export scan details(URLs) in XML
(网址)
-ei {filepath} export scan details(Requests) in XML
(请求)
-ej {filepath}export scan details (Sessions) in XML
(Session)
-ek {filepath} export scandetails (Emails) in XML
(电子邮箱)
-el {filepath}export scan details (Parameters) in XML
(参数)
-em {folderpath} export scan details(Web Dump) in XML
(网络转存)
-en {filepath}export scan details (Offsite Links) in XML (异地链接)
-eo {filepath}export scan details (Vulnerabilities) in XML
(漏洞)
-vverbose output
详细输出
Reports---------------------------------------------------------
-r{report_name} name of the report to run
以该报告的名称来运行
以下为参数
Aggregate
Alert View
Attack Status
Compliance
Crawled URLS
Developer Reference
Duplicates
Executive Summary
False Positive
QA Summary
Scan Difference
Scan Log
Trend
Vulnerability Summary
Vulnerability (Classic)
-w{favorite_name} name of the report favorite to run
-ag aggregate reports in report favorite
-y{report_type} the type of report, either 'Standard' or 'Custom'报告类型分为标准和自定义
-f {export_file} where to export thereport file - file path and file
报告路径
name
-gpexport report as pdf
-gh export report as zipped up html
-ga export report as raw report file
-gc export report as rich text file
-gx export report as text
-ge export report as excel file
-t{filepath} use given compliance template file
实际列子
F:\WebInspect>wi.exe -uhttp://127.1.1.0:8080/jfgl/logon.jsp -ab "SuperAdmin:1"
-r"Vulnerability (Classic)" -y Standard -eb c:\Temp\Report.xml -fc:\Temp\Repo
rt.pdf –gp
-v
F:\WebInspect>wi.exe 启动WebInspect
cmd扫描程序
-uhttp://127.1.1.0:8080/jfgl/logon.jsp -ab url路径
-ab "SuperAdmin:1"
登陆页面用户名密码
-r "Vulnerability (Classic)"
报告运行名称
-y Standard
报告类型为标准
-eb c:\Temp\Report.xml
在XML导出扫描的详细信息(全)
-f c:\Temp\Report.pdf -gh
生成pdf文档
-v
Java调用
publicstaticvoid main(String[] args) {
try {
Runtime run = Runtime.getRuntime();
String[] cmd =
new String[3];
cmd[0] =
"cmd";
cmd[1] =
"/C";
StringBuffer sb =
new StringBuffer();
sb.append("f:/WebInspect/wi.exe");
sb.append("-u ");
//url由用户传入
sb.append("http://127.1.1.0:8080/jfgl/logon.jsp");
sb.append("-ab ");
//用户名密码由用户传入
sb.append("'SuperAdmin:1'");
sb.append(" -r'Vulnerability (Classic)' ");
sb.append("-y Standard");
sb.append("-ebc:/Temp/Report.xml ");
sb.append("-f c:/Temp/Report.pdf-gp ");
sb.append("-v");
cmd[2] = sb.toString();
System.out.println("开始扫描...");
Process p = run.exec(cmd);
InputStream in = p.getInputStream();
while (in.read() != -1) {
System.out.println("扫描中...");
}
in.close();
p.destroy();
} catch (IOException e) {
System.out.println("扫描失败...");
e.printStackTrace();
}
System.out.println("扫描成功...");
}
[-ps policyID | -pc path][-ab|an|am|ad|aa|ak {creds}] [-o|c]
[-n name] [-e[abcdefghijklmno] file][-x|xd|xa|xn] [-b filepath] [-v] [-?
]
[-r report_name -y report_type -w report_favorite-f report_export_file -
g[phacxe]
[-t compliance_template_file]] [-dfilepath -m filename]
[-i scanid] [-ir scanid] [-db] [-?]
General---------------------------------------------------------
-? show usage
命令帮助
-u {url} url (orIP Address)
URL
-s {settings file} settings file 设置文件
-db use the database defined in thesettings file
使用设置中的定义配置数据库
-ws {designfile} web service design file WEB服务器文件设置
-o audit only(requires policy -p)
-c crawl only
-n {name} scan name (does not apply whenresuming a scan)
-b {filepath} use given SecureBase file
-d {filepath} move db to filepath (usedwith -m)
-m {filename} move db to filename (usedwith -d)
-i {scan id} scan id
-ir {scan id} resume scan with thespecified id
Restrictto root folder -----------------------------------------
-xDirectory Only (self)
-xd Directory and subdirectory(descendants)
-xa Directory and parents (ancestors)
-xn No Restrictions
Framework-------------------------------------------------------
-Framework{framework name} framework description
Oracle optimal scanning of applicationbuilt with
Oracle ADF Faces technology
CrawlCoverage --------------------------------------------------
-CrawlCoverage{coverage name} crawl coverage description
Thorough perform an exhaustive crawl ofyour site
Default focus more on coverage thenperformance
Moderate an overall good balance ofcoverage and speed
Quick focus on breadth and performance
AuditPolicy ----------------------------------------------------
-ps{policy ID} policy for audit
1 Standard
2 Assault
3 SOAP
4 Quick
5 Safe
6 Development
7 Blank
16 QA
17 Application
18 Platform
1001 SQL Injection
1002 Cross-Site Scripting
1003 OWASP Top 10 Application SecurityRisks 2007
1004 All Checks
1005 Passive
1007 SAP
1008 Criticals and Highs
1009 OWASP Top 10 Application SecurityRisks 2010
-pc{policy path} custom policy file path
Authentication--------------------------------------------------
-ab"userid:pwd" basic authentication mode
基本身份验证模式
-an "userid:pwd" NTLMauthentication mode
NTLM身份验证模式
-ad "userid:pwd" digestauthentication mode
摘要式身份验证模式
-ak "userid:pwd" kerberosauthentication mode
Kerberos身份验证模式
-aa "userid:pwd" automaticauthentication mode
自动身份验证模式
-am {macro path} web macro authenticationmode
网页宏认证模式
Output----------------------------------------------------------
-ea{filepath} export scan in full XML format完整的XML格式的扫描
-eb {filepath} export scan details(Full) in XML
在XML导出扫描的详细信息(全)
-ec {filepath} export scan details(Comments) in XML
(评论)
-ed {filepath}export scan details (Hidden Fields) in XML (隐藏字段)
-ee {filepath}export scan details (Script) in XML
(脚本)
-ef {filepath} export scan details (SetCookies) in XML
(设置Cookies)
-eg {filepath}export scan details (Web Forms) in XML (Web窗体)
-eh {filepath} export scan details(URLs) in XML
(网址)
-ei {filepath} export scan details(Requests) in XML
(请求)
-ej {filepath}export scan details (Sessions) in XML
(Session)
-ek {filepath} export scandetails (Emails) in XML
(电子邮箱)
-el {filepath}export scan details (Parameters) in XML
(参数)
-em {folderpath} export scan details(Web Dump) in XML
(网络转存)
-en {filepath}export scan details (Offsite Links) in XML (异地链接)
-eo {filepath}export scan details (Vulnerabilities) in XML
(漏洞)
-vverbose output
详细输出
Reports---------------------------------------------------------
-r{report_name} name of the report to run
以该报告的名称来运行
以下为参数
Aggregate
Alert View
Attack Status
Compliance
Crawled URLS
Developer Reference
Duplicates
Executive Summary
False Positive
QA Summary
Scan Difference
Scan Log
Trend
Vulnerability Summary
Vulnerability (Classic)
-w{favorite_name} name of the report favorite to run
-ag aggregate reports in report favorite
-y{report_type} the type of report, either 'Standard' or 'Custom'报告类型分为标准和自定义
-f {export_file} where to export thereport file - file path and file
报告路径
name
-gpexport report as pdf
-gh export report as zipped up html
-ga export report as raw report file
-gc export report as rich text file
-gx export report as text
-ge export report as excel file
-t{filepath} use given compliance template file
实际列子
F:\WebInspect>wi.exe -uhttp://127.1.1.0:8080/jfgl/logon.jsp -ab "SuperAdmin:1"
-r"Vulnerability (Classic)" -y Standard -eb c:\Temp\Report.xml -fc:\Temp\Repo
rt.pdf –gp
-v
F:\WebInspect>wi.exe 启动WebInspect
cmd扫描程序
-uhttp://127.1.1.0:8080/jfgl/logon.jsp -ab url路径
-ab "SuperAdmin:1"
登陆页面用户名密码
-r "Vulnerability (Classic)"
报告运行名称
-y Standard
报告类型为标准
-eb c:\Temp\Report.xml
在XML导出扫描的详细信息(全)
-f c:\Temp\Report.pdf -gh
生成pdf文档
-v
Java调用
publicstaticvoid main(String[] args) {
try {
Runtime run = Runtime.getRuntime();
String[] cmd =
new String[3];
cmd[0] =
"cmd";
cmd[1] =
"/C";
StringBuffer sb =
new StringBuffer();
sb.append("f:/WebInspect/wi.exe");
sb.append("-u ");
//url由用户传入
sb.append("http://127.1.1.0:8080/jfgl/logon.jsp");
sb.append("-ab ");
//用户名密码由用户传入
sb.append("'SuperAdmin:1'");
sb.append(" -r'Vulnerability (Classic)' ");
sb.append("-y Standard");
sb.append("-ebc:/Temp/Report.xml ");
sb.append("-f c:/Temp/Report.pdf-gp ");
sb.append("-v");
cmd[2] = sb.toString();
System.out.println("开始扫描...");
Process p = run.exec(cmd);
InputStream in = p.getInputStream();
while (in.read() != -1) {
System.out.println("扫描中...");
}
in.close();
p.destroy();
} catch (IOException e) {
System.out.println("扫描失败...");
e.printStackTrace();
}
System.out.println("扫描成功...");
}
相关文章推荐
- Delphi 调用JAVA WebService 操作数据库登录的例子
- java中的IO操作与java调用CMD执行exe文件的问题
- Android NDK中C++调用Java的完整例子
- 最完整的:JAVA调用ORACLE的存储过程、函数的返回结果集例子
- Windows下Java调用BAT批处理不弹出cmd窗口
- Java反射之调用构造方法and操作数组
- java调用shell脚本,并获得结果集的例子
- java中通过调用oracle的function进行数据库操作
- ABAP--一个极好的调用外部java程序的Search Help Exit的实例(RFC好例子)
- JAVA操作SSL协议,通过Socket访问Https的程序代码例子
- java 调用 poi(apache的专门读写microsoft office API) 操作Excel
- JAVA 使用哈希表操作数据库的例子 Using Hashtables to Store & Extract results from a Database.
- 通过Java反射调用方法的实例,通过这个例子,能明白怎么用反射。
- Java实现调用操作平台桌面系统
- Java 调用cmd.exe命令
- Java 调用cmd.exe命令
- Linux平台Java调用so库-JNI使用例子
- Java调用CMD命令
- Java 调用cmd.exe命令
- JAVA操作XML的完整例子——W3C DOM篇