Skip to content

/ WebInspectAutomation

Sample Python script for automating WebInspect scans and pushing results to SSC

6 stars 6 forks
Star
Watch
master
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
PostmanAuthenticationSamples
 
 
PostmanSamples
 
 
SeleniumMacroSamples
 
 
README.md
 
 
SampleAuditOnlyTarget_PayloadFile.txt
 
 
SampleIncremental_PayloadFile.txt
 
 
SampleSettingsDriven_PayloadFile
 
 
SampleURLDriven_PayloadFile
 
 
WebInspectAutomation.py
 
 

README.md

WebInspect Automation

Sample Python script for automating dynamic scanning with WebInspect and pushing results to SSC

  1. Checks for running scans and queues if an existing scan is running
  2. Takes payload.txt file from DefaultFilePath to start scan. The payload.txt file is a JSON definition that defines the scan
  3. Starts scan saving scan ID for generating results
  4. Watches for scan to complete
  5. Pulls scan as txt, .scan, and .fpr
  6. Uploads FPR to SSC

Requirements

  1. WebInspect 18.2+
  2. Python 3.7
  3. SSC 18.2+
  4. Fortifyclient utility 18.2+

Sample Command

WebInspectAutomation.py BaseUrl http://WebInspectMachine:8083/webinspect/ DefaultFilePath "C:\DefaultFilePath" SSCUrl http://SSCServer:8080/ssc SSCAuthToken AuthTokenFromSSC ApplicationVersionID SSCAppVersionID ScanMode Payload

To Do

  1. Port to Java
  2. Incremental scanning support with merge
  3. URL scan mode
  4. Scan settings mode

About

Sample Python script for automating WebInspect scans and pushing results to SSC

Topics

fortify-webinspect dynamic-analysis sample appsec security dast fortify application-security postman selenium

Resources

Readme

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.