A python client for Rapid7 AppSpider Enterprise. This can be used on the command line to interact with AppSpider or the module can be included to query AppSpider using your own Python script.
usage: AppSpider.py [-h] [--url URL] [--username USERNAME]
[--password PASSWORD] [--admin-username ADMIN_USERNAME]
[--admin-password ADMIN_PASSWORD] [--client CLIENT]
[--engine-group ENGINE_GROUP] [--proxy PROXY] [--scans]
[--configs] [--vulns] [--vulns-summary]
[--scan-id SCAN_ID] [--output-file OUTPUT_FILE]
[--report-zip] [--crawled-links] [--run-scan RUN_SCAN]
[--create-config] [--create-run]
[--create-engine-group CREATE_ENGINE_GROUP]
[--create-name CREATE_NAME] [--create-xml CREATE_XML]
[--create-seed-url CREATE_SEED_URL]
[--create-constraint-url CREATE_CONSTRAINT_URL]
[--create-custom-header CREATE_CUSTOM_HEADER] [--engines]
[--engine-groups]
AppSpider API Client.
optional arguments:
-h, --help show this help message and exit
--scans Retrieve the scans status.
--configs Retrieves all the scan configurations.
--vulns Retrieves all the vulnerabilites for the specified
client.
--vulns-summary Gets VulnerabilitiesSummary.xml for the scan. Requires
a scan id and output file.
--scan-id SCAN_ID Scan id for the specified client.
--output-file OUTPUT_FILE
Name of the output file.
--report-zip Retrieves the zip report file. Requires a scan id and
output file.
--crawled-links Retrieves the crawled links. Requires a scan id and
output file.
--run-scan RUN_SCAN Runs the scan with the specified scan name.
--create-config Creates a scan configuration
--create-run Creates a scan configuration and runs it
--create-engine-group CREATE_ENGINE_GROUP
Engine group for a scan configuration
--create-name CREATE_NAME
Config name
--create-xml CREATE_XML
XML configuration for scan
--create-seed-url CREATE_SEED_URL
Starting URL for scan
--create-constraint-url CREATE_CONSTRAINT_URL
Include url constraint, example:
http://www.yoursite.com/*
--create-custom-header CREATE_CUSTOM_HEADER
Custom Header (API Token in header for example)
--engines Lists the engines configured in AppSpider Enterprise
--engine-groups Lists the engine groups configured in AppSpider
Enterprise
Two options for authenticating:
export APPSPIDER_USERNAME=<AppSpider Client User>
export APPSPIDER_PASSWORD=<AppSpider Client Password>
export APPSPIDER_ADMIN_USERNAME=<AppSpider Admin>
export APPSPIDER_ADMIN_PASSWORD=<AppSpider Password>
export APPSPIDER_URL=<URL for AppSpider Enterprise>
export APPSPIDER_CLIENT=<AppSpider Client Name(optional)>
export APPSPIDER_ENGINE_GROUP=<AppSpider Engine Group Name(optional)>
export APPSPIDER_PROXY=<AppSpider Proxy (optional)>
--url URL AppSpider URL.
--username USERNAME AppSpider username.
--password PASSWORD AppSpider password.
--admin-username ADMIN_USERNAME
AppSpider admin username. (Used for global admin
features)
--admin-password ADMIN_PASSWORD
AppSpider admin password. (Used for global admin
features)
--client CLIENT Client name.
--engine-group ENGINE_GROUP
Engine group for scanning.
--proxy PROXY Proxy for client to use for requests.
Display help.
./AppSpider.py -h
List vulnerabilities for a client.
./AppSpider.py --client "<client name>" --vulns
Saves vulnerabilities for a client to an XML file.
./AppSpider.py --client "<client name>" --vulns-summary --output-file output/vulnssummary.xml --scan-id scan-guid
Return scans for a client.
./AppSpider.py --client "<client name>" --scans
Generate a zip report file.
./AppSpider.py --report-zip --client "<client name>" --scan-id <Scan ID Returned from --scans> --output-file <output/report.zip<
Create a scan configuration based off a prior scan config xml file.
./AppSpider.py --client "<client name>" --create-config --create-engine-group "<Engine GroupName>" --create-name "<Scan Name>" --create-seed-url "<URL to scan>" --create-custom-header "<optional API key or session token>" --create-xml scan_configs/scan_config.xml --create-constraint-url "<Constraint URL>"
Creates and runs scan configuration based off a prior scan config xml file.
./AppSpider.py --client "<client name>" --create-config --create-run --create-engine-group "<Engine GroupName>" --create-name "<Scan Name>" --create-seed-url "<URL to scan>" --create-custom-header "<optional API key or session token>" --create-xml scan_configs/scan_config.xml --create-constraint-url "<Constraint URL>"
Run a scan.
./AppSpider.py -run-scan <Scan Name>