| 41 | import datetime, sys, getopt |
| 42 | |
| 43 | def main(argv): |
| 44 | # ------------------------------------------------------------------------- |
| 45 | # Default Configurations - use -h and -p for different host and port |
| 46 | # ------------------------------------------------------------------------- |
| 47 | zapHost = '127.0.0.1' |
| 48 | zapPort = '8090' |
| 49 | |
| 50 | try: |
| 51 | opts, args = getopt.getopt(argv,"h:p:") |
| 52 | except getopt.GetoptError: |
| 53 | print('wavsep.py -h <ZAPhost> -p <ZAPport>') |
| 54 | sys.exit(2) |
| 55 | for opt, arg in opts: |
| 56 | if opt == '-h': |
| 57 | zapHost = arg |
| 58 | elif opt == '-p': |
| 59 | zapPort = arg |
| 60 | |
| 61 | zapUrl = 'http://' + zapHost + ':' + zapPort |
| 62 | |
| 63 | # Dictionary of abbreviation to keep the output a bit shorter |
| 64 | abbrev = { |
| 65 | 'Active Vulnerability title' : 'Ex',\ |
| 66 | 'Cross Site Scripting (DOM Based)' : 'DXSS',\ |
| 67 | 'Cross Site Scripting (Reflected)' : 'RXSS',\ |
| 68 | 'Absence of Anti-CSRF Tokens' : 'NoCSRF',\ |
| 69 | 'Application Error Disclosure' : 'AppError',\ |
| 70 | 'Anti CSRF Tokens Scanner' : 'ACSRF',\ |
| 71 | 'Buffer Overflow' : 'Buffer',\ |
| 72 | 'Cookie set without HttpOnly flag' : 'HttpOnly',\ |
| 73 | 'Cookie Slack Detector' : 'CookieSlack',\ |
| 74 | 'Cross Site Request Forgery' : 'CSRF',\ |
| 75 | 'External Redirect' : 'ExtRedir',\ |
| 76 | 'Format String Error' : 'Format',\ |
| 77 | 'HTTP Parameter Override' : 'ParamOver',\ |
| 78 | 'Information disclosure - database error messages' : 'InfoDb',\ |
| 79 | 'Information disclosure - debug error messages' : 'InfoDebug',\ |
| 80 | 'Information Disclosure - Sensitive Informations in URL' : 'InfoUrl',\ |
| 81 | 'LDAP Injection' : 'LDAP',\ |
| 82 | 'Loosely Scoped Cookie' : 'CookieLoose',\ |
| 83 | 'None. Warning only.' : 'NoCSRF2',\ |
| 84 | 'Password Autocomplete in browser' : 'Auto',\ |
| 85 | 'Path Traversal' : 'PathTrav',\ |
| 86 | 'Private IP Disclosure' : 'PrivIP',\ |
| 87 | 'Remote File Inclusion' : 'RFI',\ |
| 88 | 'Session ID in URL Rewrite' : 'SessRewrite',\ |
| 89 | 'Source Code Disclosure - File Inclusion' : 'SrcInc',\ |
| 90 | 'SQL Injection' : 'SQLi',\ |
| 91 | 'SQL Injection - MySQL' : 'SqlMySql',\ |
| 92 | 'SQL Injection - Generic SQL RDBMS' : 'SqlGen',\ |
| 93 | 'SQL Injection - Boolean Based' : 'SqlBool',\ |
| 94 | 'SQL Injection - Error Based - Generic SQL RDBMS' : 'SqlGenE',\ |
| 95 | 'SQL Injection - Error Based - MySQL' : 'SqlMySqlE',\ |
| 96 | 'SQL Injection - Error Based - Java' : 'SqlJavaE',\ |
| 97 | 'SQL Injection - Hypersonic SQL - Time Based' : 'SqlHyperT',\ |
| 98 | 'SQL Injection - MySQL - Time Based' : 'SqlMySqlT',\ |
| 99 | 'SQL Injection - Oracle - Time Based' : 'SqlOracleT',\ |
| 100 | 'SQL Injection - PostgreSQL - Time Based' : 'SqlPostgreT',\ |