scripts that help with IBM Rational Appscan
this is a bunch of scripts I use with appscan:
-
extract_url.py == sometimes I run a report and I want to extract URLs and parameters to a text file
-
save report from appscan as text file (make sure you check application data and application URLs
-
run extract_url.py -f yourSavedFile.txt -d yourNewFile.txt [-o csv|txt] (defaults to csv)
-
import_url.py == sometimes I want to digest a war file and import the urls this script finds into appscan
-
import_params.py == sometimes I want to search a war file or a source tree for hidden parameters or action URLs and import those into appscan.
-
import_veracode.py Import from veracode. Sometimes I want to parse a veracode report and import the results into appscan.
-
custom_strings.txt These are attempts at custom attacks (OGNL, coldfusion, hacking techniques from whitehat lists)
-
what_happened.py This is a script to read the appscan logs and compare to crashes (both of appscan and the application being attacked) to see if a particular request was to blame. If there is already a way to do this, then this file will turn into text document of instructions for doing it.