AXF : Is it possible to launch scan using the SDk?
42 views
Skip to first unread message
Dibyajyoti Ghosh
May 6, 2008, 12:59:21 PM5/6/08
to axf-general...@googlegroups.com
Hi everyone,
I just downloaded the trial verison of Appscan 7.7
just to check out how far the AXF can be stretched.
Now what i have seen following the SDK which comes
with the product we can :
1. Schedule a scan
2. Get data for an Ongoing scan
3. Load a scan file
4. Save configs
5. Export report for a Finished Scan
Now my question is using the SDK is it possible to
start a new scan ? I am using the Pyscan module ;
I noticed an interface Watchfire.Appscan.IScanManager
which has a method named "Scan" ( Run a Scan
synchronously) which returns an enum.
Can this method be used for scan launching??
consider the fact that i want to initiate a scan in
Appscan in the following way:
function startScan(scanParamsHash)
#Code for launching the scan by firing this python
file
end
Is this possible???
Please revert back ASAP.
thanks in advance
dibyajyoti
I just downloaded the trial verison of Appscan 7.7
just to check out how far the AXF can be stretched.
Now what i have seen following the SDK which comes
with the product we can :
1. Schedule a scan
2. Get data for an Ongoing scan
3. Load a scan file
4. Save configs
5. Export report for a Finished Scan
Now my question is using the SDK is it possible to
start a new scan ? I am using the Pyscan module ;
I noticed an interface Watchfire.Appscan.IScanManager
which has a method named "Scan" ( Run a Scan
synchronously) which returns an enum.
Can this method be used for scan launching??
consider the fact that i want to initiate a scan in
Appscan in the following way:
function startScan(scanParamsHash)
#Code for launching the scan by firing this python
file
end
Is this possible???
Please revert back ASAP.
thanks in advance
dibyajyoti
guy...@gmail.com
May 8, 2008, 1:13:09 PM5/8/08
to AXF - General Discussion
Hi dibyajyoti,
The Scan method is indeed the method to use to run a scan from a
Pyscan shell.
You can find some examples of how to use this method (in C#, but the
same logic applies) in the code of the Privilege Escalation Runner
extension (http://axf.watchfire.com/extensions/
privilegeescalationrunner.aspx). The extensions on axf.watchfire.com
are generally good places to look for examples on how to do things
with the AppScan SDK.
The Scan method is a synchronous method. For an a-sync run of a scan
(if you want to start a scan and then go on to perform other tasks),
you can use ScanAsync().
Here is the method used to run scans in that extension (you can
download the full source from the link above):
public void StartRun()
{
IAppScan appScan = AppScanFactory.CreateInstance();
Log("Running Scans");
// Run a scan with no login
string noAuthScan = RunSingleScan(null, appScan);
// Run a scan with the additional login files
List<string> otherScans = new List<string>();
foreach (string loginFile in _config.OtherLoginFilesList)
{
string curScanFile = RunSingleScan(loginFile, appScan);
otherScans.Add(curScanFile);
}
// Run the scan with the primary login
string primeScanFileName =
RunSingleScan(_config.PrimaryLoginFileName, appScan);
// Configure the Privilege Escalation settings on the main scan
file
Log("Adding all roles to Privilege Escalation configuration");
IPrivilegeEscalationRole nonAuthRole =
PrivilegeEscalationRoleFactory.CreateInstance();
nonAuthRole.RoleName = "NoAuth";
nonAuthRole.IsNonAuthenticatedUser = true;
nonAuthRole.PathToScanFile = noAuthScan;
nonAuthRole.Comments = "Auto-created";
appScan.Scan.ScanData.Config.PrivilegeEscalationRoles.Add(nonAuthRole);
foreach (string curScanFile in otherScans)
{
FileInfo fi = new FileInfo(curScanFile);
IPrivilegeEscalationRole curRole =
PrivilegeEscalationRoleFactory.CreateInstance();
curRole.RoleName = fi.Name;
curRole.IsNonAuthenticatedUser = false;
curRole.PathToScanFile = curScanFile;
curRole.Comments = "Auto-created";
appScan.Scan.ScanData.Config.PrivilegeEscalationRoles.Add(curRole);
}
// Run the test on the main scan
Log("Running Privilege Escalation Testing");
appScan.Scan.Scan(false, true);
IncreaseProgress();
// Save the scan to the results file
Log("Saving Results Scan");
appScan.Scan.SaveScanData(_config.ResultsScanFile);
IncreaseProgress();
_mainForm.Invoke(_mainForm.runCompleteHandler, null); // update
progress bar
}
Cheers,
Guypo
On May 6, 12:59 pm, "Dibyajyoti Ghosh" <dibyajyotigh...@gmail.com>
wrote:
The Scan method is indeed the method to use to run a scan from a
Pyscan shell.
You can find some examples of how to use this method (in C#, but the
same logic applies) in the code of the Privilege Escalation Runner
extension (http://axf.watchfire.com/extensions/
privilegeescalationrunner.aspx). The extensions on axf.watchfire.com
are generally good places to look for examples on how to do things
with the AppScan SDK.
The Scan method is a synchronous method. For an a-sync run of a scan
(if you want to start a scan and then go on to perform other tasks),
you can use ScanAsync().
Here is the method used to run scans in that extension (you can
download the full source from the link above):
public void StartRun()
{
IAppScan appScan = AppScanFactory.CreateInstance();
Log("Running Scans");
// Run a scan with no login
string noAuthScan = RunSingleScan(null, appScan);
// Run a scan with the additional login files
List<string> otherScans = new List<string>();
foreach (string loginFile in _config.OtherLoginFilesList)
{
string curScanFile = RunSingleScan(loginFile, appScan);
otherScans.Add(curScanFile);
}
// Run the scan with the primary login
string primeScanFileName =
RunSingleScan(_config.PrimaryLoginFileName, appScan);
// Configure the Privilege Escalation settings on the main scan
file
Log("Adding all roles to Privilege Escalation configuration");
IPrivilegeEscalationRole nonAuthRole =
PrivilegeEscalationRoleFactory.CreateInstance();
nonAuthRole.RoleName = "NoAuth";
nonAuthRole.IsNonAuthenticatedUser = true;
nonAuthRole.PathToScanFile = noAuthScan;
nonAuthRole.Comments = "Auto-created";
appScan.Scan.ScanData.Config.PrivilegeEscalationRoles.Add(nonAuthRole);
foreach (string curScanFile in otherScans)
{
FileInfo fi = new FileInfo(curScanFile);
IPrivilegeEscalationRole curRole =
PrivilegeEscalationRoleFactory.CreateInstance();
curRole.RoleName = fi.Name;
curRole.IsNonAuthenticatedUser = false;
curRole.PathToScanFile = curScanFile;
curRole.Comments = "Auto-created";
appScan.Scan.ScanData.Config.PrivilegeEscalationRoles.Add(curRole);
}
// Run the test on the main scan
Log("Running Privilege Escalation Testing");
appScan.Scan.Scan(false, true);
IncreaseProgress();
// Save the scan to the results file
Log("Saving Results Scan");
appScan.Scan.SaveScanData(_config.ResultsScanFile);
IncreaseProgress();
_mainForm.Invoke(_mainForm.runCompleteHandler, null); // update
progress bar
}
Cheers,
Guypo
On May 6, 12:59 pm, "Dibyajyoti Ghosh" <dibyajyotigh...@gmail.com>
wrote:
Reply all
Reply to author
Forward
0 new messages