WebInspect在cmd下操作教程（带java调用例子）

wi.exe-u url [-s file] [-ws file] [-Framework name] [-CrawlCoverage name]

 [-ps policyID | -pc path][-ab|an|am|ad|aa|ak {creds}] [-o|c]

 [-n name] [-e[abcdefghijklmno] file][-x|xd|xa|xn] [-b filepath] [-v] [-?

]

 [-r report_name -y report_type -w report_favorite-f report_export_file -

g[phacxe]

 [-t compliance_template_file]] [-dfilepath -m filename]

 [-i scanid] [-ir scanid] [-db] [-?]
General---------------------------------------------------------
 -? show usage
命令帮助
 -u {url} url (orIP Address) 
URL
 -s {settings file} settings file 设置文件
 -db use the database defined in thesettings file
使用设置中的定义配置数据库
 -ws {designfile} web service design file WEB服务器文件设置
 -o audit only(requires policy -p)

 -c crawl only

 -n {name} scan name (does not apply whenresuming a scan)

 -b {filepath} use given SecureBase file

 -d {filepath} move db to filepath (usedwith -m)

 -m {filename} move db to filename (usedwith -d)

 -i {scan id} scan id

 -ir {scan id} resume scan with thespecified id
Restrictto root folder -----------------------------------------
-xDirectory Only (self)

 -xd Directory and subdirectory(descendants)

 -xa Directory and parents (ancestors)

 -xn No Restrictions
Framework-------------------------------------------------------
-Framework{framework name} framework description

 Oracle optimal scanning of applicationbuilt with

 Oracle ADF Faces technology
CrawlCoverage --------------------------------------------------
-CrawlCoverage{coverage name} crawl coverage description

 Thorough perform an exhaustive crawl ofyour site

 Default focus more on coverage thenperformance

 Moderate an overall good balance ofcoverage and speed

 Quick focus on breadth and performance
AuditPolicy ----------------------------------------------------
-ps{policy ID} policy for audit

 1 Standard

 2 Assault

 3 SOAP

 4 Quick

 5 Safe

 6 Development

 7 Blank

 16 QA

 17 Application

 18 Platform

 1001 SQL Injection

 1002 Cross-Site Scripting

 1003 OWASP Top 10 Application SecurityRisks 2007

 1004 All Checks

 1005 Passive

 1007 SAP

 1008 Criticals and Highs

 1009 OWASP Top 10 Application SecurityRisks 2010
-pc{policy path} custom policy file path
Authentication--------------------------------------------------
-ab"userid:pwd" basic authentication mode
基本身份验证模式
 -an "userid:pwd" NTLMauthentication mode
NTLM身份验证模式
 -ad "userid:pwd" digestauthentication mode
摘要式身份验证模式
 -ak "userid:pwd" kerberosauthentication mode
Kerberos身份验证模式
 -aa "userid:pwd" automaticauthentication mode
自动身份验证模式
 -am {macro path} web macro authenticationmode
网页宏认证模式
Output----------------------------------------------------------
-ea{filepath} export scan in full XML format完整的XML格式的扫描
 -eb {filepath} export scan details(Full) in XML
在XML导出扫描的详细信息（全）
 -ec {filepath} export scan details(Comments) in XML
（评论)
 -ed {filepath}export scan details (Hidden Fields) in XML （隐藏字段）
 -ee {filepath}export scan details (Script) in XML
（脚本）
 -ef {filepath} export scan details (SetCookies) in XML
(设置Cookies)
 -eg {filepath}export scan details (Web Forms) in XML  （Web窗体）
 -eh {filepath} export scan details(URLs) in XML
（网址）
 -ei {filepath} export scan details(Requests) in XML
(请求)
 -ej {filepath}export scan details (Sessions) in XML
(Session)
 -ek {filepath} export scandetails (Emails) in XML
 (电子邮箱)
 -el {filepath}export scan details (Parameters) in XML
(参数)
 -em {folderpath} export scan details(Web Dump) in XML
(网络转存)
 -en {filepath}export scan details (Offsite Links) in XML (异地链接)
 -eo {filepath}export scan details (Vulnerabilities) in XML
(漏洞)
-vverbose output
详细输出
Reports---------------------------------------------------------
-r{report_name} name of the report to run
以该报告的名称来运行
以下为参数
Aggregate

 Alert View

 Attack Status

 Compliance

 Crawled URLS

 Developer Reference

 Duplicates

 Executive Summary

 False Positive

 QA Summary

 Scan Difference

 Scan Log

 Trend

 Vulnerability Summary

 Vulnerability (Classic)
-w{favorite_name} name of the report favorite to run

 -ag aggregate reports in report favorite
-y{report_type} the type of report, either 'Standard' or 'Custom'报告类型分为标准和自定义
 -f {export_file} where to export thereport file - file path and file
报告路径
name
-gpexport report as pdf

 -gh export report as zipped up html

 -ga export report as raw report file

 -gc export report as rich text file

 -gx export report as text

 -ge export report as excel file
-t{filepath} use given compliance template file
 
 
实际列子
 
F:\WebInspect>wi.exe -uhttp://127.1.1.0:8080/jfgl/logon.jsp -ab "SuperAdmin:1"
 -r"Vulnerability (Classic)" -y Standard -eb c:\Temp\Report.xml -fc:\Temp\Repo
rt.pdf –gp 
-v
 
F:\WebInspect>wi.exe  启动WebInspect
cmd扫描程序
 -uhttp://127.1.1.0:8080/jfgl/logon.jsp -ab url路径
-ab "SuperAdmin:1"
登陆页面用户名密码
-r "Vulnerability (Classic)"
报告运行名称
-y Standard
报告类型为标准
-eb c:\Temp\Report.xml
在XML导出扫描的详细信息（全）
-f c:\Temp\Report.pdf -gh
生成pdf文档
-v
 
 
 
Java调用
publicstaticvoid main(String[] args) {
       try {
 
           Runtime run = Runtime.getRuntime();
 
           String[] cmd =
new String[3];
           cmd[0] =
"cmd";
           cmd[1] =
"/C";
           StringBuffer sb =
new StringBuffer();
           sb.append("f:/WebInspect/wi.exe");
           sb.append("-u ");
           //url由用户传入
           sb.append("http://127.1.1.0:8080/jfgl/logon.jsp");
           sb.append("-ab ");
           //用户名密码由用户传入
           sb.append("'SuperAdmin:1'");
           sb.append(" -r'Vulnerability (Classic)' ");
           sb.append("-y Standard");
           sb.append("-ebc:/Temp/Report.xml ");
           sb.append("-f c:/Temp/Report.pdf-gp ");
           sb.append("-v");
           cmd[2] = sb.toString();
           System.out.println("开始扫描...");
           Process p = run.exec(cmd);
          
           InputStream in = p.getInputStream();
           while (in.read() != -1) {
              System.out.println("扫描中...");
           }
           in.close();
           p.destroy();
       } catch (IOException e) {
           System.out.println("扫描失败...");
           e.printStackTrace();
       }
       System.out.println("扫描成功...");
    }