Invicti Cheat Sheet
"Clase de la hoja" id="copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada
Sinopsis
Invicti (antes Netsparker) es un escáner de seguridad de aplicaciones web de grado empresarial que combina pruebas de seguridad de aplicaciones dinámicas (DAST) y pruebas interactivas de seguridad de aplicaciones (IAST) para un análisis de seguridad de tiempo completo. Proporciona la detección de vulnerabilidad automatizada con mínimos falsos positivos e integra perfectamente en tuberías de desarrollo para pruebas de seguridad continuas.
NOVEDAD Nota: Producto comercial empresarial. Contacte con Invicti para precios y licencias. Prueba gratuita disponible.
Instalación y configuración
Invicti Enterprise Instalación
# System requirements:
# - Windows Server 2016/2019/2022 or Windows 10/11
# - .NET Framework 4.8 or later
# - SQL Server 2016 or later (for Enterprise)
# - 8GB RAM minimum, 16GB recommended
# - 100GB disk space minimum
# Download and installation:
# 1. Download installer from Invicti portal
# 2. Run installer as administrator
# 3. Follow installation wizard
# 4. Configure database connection
# 5. Set up license key
# 6. Configure initial settings
# Command-line installation (silent)
InvictiEnterprise.exe /S /D="C:\Program Files\Invicti\Enterprise"
# Verify installation
"C:\Program Files\Invicti\Enterprise\Invicti.exe" --version
Instalación estándar Invicti
# Download Invicti Standard
# 1. Visit invicti.com/download
# 2. Download installer
# 3. Run installer
# 4. Enter license key
# 5. Complete setup wizard
# Verify installation
"C:\Program Files\Invicti\Standard\Invicti.exe" --version
# Command-line interface setup
# Add Invicti to PATH environment variable
setx PATH "%PATH%;C:\Program Files\Invicti\Standard"
Configuración inicial
# License activation
Invicti.exe --activate-license --key "YOUR_LICENSE_KEY"
# Configure proxy settings (if needed)
Invicti.exe --configure-proxy --host proxy.company.com --port 8080 --username user --password pass
# Set up scan profiles
Invicti.exe --create-profile --name "Standard Web App" --template standard
Invicti.exe --create-profile --name "API Security" --template api
Invicti.exe --create-profile --name "High Security" --template comprehensive
# Configure notification settings
Invicti.exe --configure-notifications --email admin@company.com --smtp smtp.company.com
Web Application Scanning
Operaciones básicas de exploración
# Quick website scan
Invicti.exe --scan --url "https://example.com" --profile "Standard Web App"
# Comprehensive scan with custom settings
Invicti.exe --scan --url "https://example.com" \
--profile "High Security" \
--max-scan-time 4h \
--max-pages 10000 \
--crawl-depth 10
# API endpoint scanning
Invicti.exe --scan --url "https://api.example.com" \
--profile "API Security" \
--openapi-spec "api-spec.yaml" \
--auth-type bearer \
--auth-token "your_api_token"
# Authenticated web application scan
Invicti.exe --scan --url "https://app.example.com" \
--auth-type form \
--login-url "https://app.example.com/login" \
--username "testuser" \
--password "testpass" \
--login-success-indicator "Dashboard"
Configuración avanzada del escáner
# Custom scan with exclusions and inclusions
Invicti.exe --scan --url "https://example.com" \
--include-paths "/app/*,/api/*" \
--exclude-paths "/admin/*,/internal/*" \
--exclude-extensions "pdf,jpg,png,gif" \
--custom-headers "X-API-Key: your_key"
# Single Page Application (SPA) scanning
Invicti.exe --scan --url "https://spa.example.com" \
--spa-mode enabled \
--javascript-engine chrome \
--wait-for-javascript 5000 \
--capture-screenshots
# Mobile web application scanning
Invicti.exe --scan --url "https://m.example.com" \
--user-agent mobile \
--viewport-size "375x667" \
--touch-events enabled
# Multi-step authentication scanning
Invicti.exe --scan --url "https://app.example.com" \
--auth-sequence "login_sequence.xml" \
--session-management advanced \
--maintain-session
Perfiles y Plantillas de Escaneo
<!-- standard_web_app_profile.xml -->
<ScanProfile>
<Name>Standard Web Application</Name>
<Description>Comprehensive scan for typical web applications</Description>
<CrawlingSettings>
<MaxCrawlDepth>8</MaxCrawlDepth>
<MaxPageCount>5000</MaxPageCount>
<MaxScanTime>2h</MaxScanTime>
<FollowRedirects>true</FollowRedirects>
<ParseRobotsTxt>true</ParseRobotsTxt>
</CrawlingSettings>
<SecurityChecks>
<SQLInjection enabled="true" intensity="high"/>
<CrossSiteScripting enabled="true" intensity="high"/>
<CrossSiteRequestForgery enabled="true"/>
<DirectoryTraversal enabled="true"/>
<RemoteFileInclusion enabled="true"/>
<LocalFileInclusion enabled="true"/>
<CommandInjection enabled="true"/>
<LDAPInjection enabled="true"/>
<XPathInjection enabled="true"/>
<XMLInjection enabled="true"/>
<HTTPHeaderInjection enabled="true"/>
<WeakAuthentication enabled="true"/>
<SessionManagement enabled="true"/>
<InformationDisclosure enabled="true"/>
<BusinessLogicFlaws enabled="true"/>
</SecurityChecks>
<PerformanceSettings>
<RequestDelay>1000</RequestDelay>
<MaxConcurrentRequests>10</MaxConcurrentRequests>
<RequestTimeout>30000</RequestTimeout>
</PerformanceSettings>
</ScanProfile>
Configuración de autenticación
<!-- form_authentication.xml -->
<AuthenticationSequence>
<Name>Form-based Authentication</Name>
<Step type="navigate">
<URL>https://app.example.com/login</URL>
</Step>
<Step type="fill_form">
<FormSelector>form[action*="login"]</FormSelector>
<Fields>
<Field name="username" value="testuser"/>
<Field name="password" value="testpass"/>
</Fields>
</Step>
<Step type="submit_form">
<FormSelector>form[action*="login"]</FormSelector>
</Step>
<Step type="verify_success">
<SuccessIndicator type="text">Welcome</SuccessIndicator>
<SuccessIndicator type="url_contains">dashboard</SuccessIndicator>
</Step>
<SessionManagement>
<CookieHandling>automatic</CookieHandling>
<SessionTimeout>30m</SessionTimeout>
<ReauthenticateOnFailure>true</ReauthenticateOnFailure>
</SessionManagement>
</AuthenticationSequence>
IAST (Interactive Application Security Testing)
Instalación del agente IAST
# .NET IAST Agent installation
# Download Invicti.Agent.AspNet.msi from portal
msiexec /i Invicti.Agent.AspNet.msi /quiet
# Configure IAST agent
# Add to web.config or appsettings.json
<!-- web.config for .NET Framework -->
<configuration>
<system.webServer>
<modules>
<add name="InvictiAgent" type="Invicti.Agent.AspNet.InvictiModule" preCondition="managedHandler"/>
</modules>
</system.webServer>
<appSettings>
<add key="Invicti.Agent.ServerUrl" value="https://invicti.company.com"/>
<add key="Invicti.Agent.Token" value="your_agent_token"/>
<add key="Invicti.Agent.ApplicationName" value="MyWebApp"/>
<add key="Invicti.Agent.Environment" value="Production"/>
</appSettings>
</configuration>
// appsettings.json for .NET Core
{
"Invicti": {
"Agent": {
"ServerUrl": "https://invicti.company.com",
"Token": "your_agent_token",
"ApplicationName": "MyWebApp",
"Environment": "Production",
"EnableRuntimeProtection": true,
"SensitiveDataRedaction": true
}
}
}
Java IAST Agente
# Download Java agent JAR
wget https://download.invicti.com/agents/java/invicti-agent.jar
# Add to JVM startup parameters
java -javaagent:invicti-agent.jar \
-Dinvicti.agent.server.url=https://invicti.company.com \
-Dinvicti.agent.token=your_agent_token \
-Dinvicti.agent.application.name=MyJavaApp \
-jar myapplication.jar
# Tomcat configuration (catalina.sh)
export CATALINA_OPTS="$CATALINA_OPTS -javaagent:/path/to/invicti-agent.jar"
export CATALINA_OPTS="$CATALINA_OPTS -Dinvicti.agent.server.url=https://invicti.company.com"
export CATALINA_OPTS="$CATALINA_OPTS -Dinvicti.agent.token=your_agent_token"
Node.js IAST Agent
# Install Node.js agent
npm install @invicti/agent
# Configure in application
// app.js
const invictiAgent = require('@invicti/agent');
// Initialize agent before other modules
invictiAgent.init({
serverUrl: 'https://invicti.company.com',
token: 'your_agent_token',
applicationName: 'MyNodeApp',
environment: 'production',
enableRuntimeProtection: true,
sensitiveDataRedaction: true
});
// Your application code
const express = require('express');
const app = express();
// Routes and middleware
app.get('/', (req, res) => {
res.send('Hello World!');
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});
IAST Configuration and Management
# Verify IAST agent connectivity
Invicti.exe --verify-iast-agent --application "MyWebApp"
# Configure IAST policies
Invicti.exe --configure-iast --application "MyWebApp" \
--enable-runtime-protection \
--enable-data-flow-analysis \
--sensitive-data-redaction
# View IAST agent status
Invicti.exe --iast-status --application "MyWebApp"
# Download IAST findings
Invicti.exe --export-iast-findings --application "MyWebApp" \
--format json \
--output iast_findings.json
Pruebas de seguridad de API
OpenAPI/Swagger Integration
# Scan API using OpenAPI specification
Invicti.exe --scan-api --openapi-spec "api-spec.yaml" \
--base-url "https://api.example.com" \
--auth-type bearer \
--auth-token "your_api_token"
# Generate API specification from live endpoint
Invicti.exe --discover-api --url "https://api.example.com" \
--output-spec "discovered-api.yaml" \
--auth-header "Authorization: Bearer your_token"
# Custom API security profile
Invicti.exe --scan-api --openapi-spec "api-spec.yaml" \
--profile "API Security" \
--test-business-logic \
--test-rate-limiting \
--test-authentication-bypass
GraphQL Security Testing
# GraphQL endpoint scanning
Invicti.exe --scan-graphql --url "https://api.example.com/graphql" \
--introspection-enabled \
--auth-header "Authorization: Bearer your_token"
# GraphQL schema analysis
Invicti.exe --analyze-graphql-schema --url "https://api.example.com/graphql" \
--output-schema "graphql-schema.json" \
--test-depth-limiting \
--test-query-complexity
Pruebas REST API
# Comprehensive REST API scan
Invicti.exe --scan-rest-api --base-url "https://api.example.com" \
--endpoints-file "api-endpoints.txt" \
--test-injection-attacks \
--test-broken-authentication \
--test-excessive-data-exposure
# API rate limiting and DoS testing
Invicti.exe --test-api-limits --url "https://api.example.com" \
--rate-limit-test \
--concurrent-requests 100 \
--test-duration 60s
Características y gestión de las empresas
Gestión de múltiples usuarios
# User management
Invicti.exe --add-user --username "john.doe" \
--email "john.doe@company.com" \
--role "Security Analyst" \
--permissions "scan,view_reports"
# Role-based access control
Invicti.exe --create-role --name "Developer" \
--permissions "view_own_scans,create_scans" \
--restrictions "no_admin_access"
# Team and project management
Invicti.exe --create-team --name "Web Security Team" \
--members "john.doe,jane.smith" \
--projects "WebApp1,WebApp2"
Centralized Scanning Management
# Scan scheduling
Invicti.exe --schedule-scan --url "https://example.com" \
--schedule "daily" \
--time "02:00" \
--timezone "UTC" \
--profile "Standard Web App"
# Distributed scanning setup
Invicti.exe --configure-scan-agent --name "Agent1" \
--location "DataCenter1" \
--max-concurrent-scans 5
# Scan queue management
Invicti.exe --view-scan-queue
Invicti.exe --prioritize-scan --scan-id "12345" --priority high
Invicti.exe --cancel-scan --scan-id "12345"
Compliance and Reporting
# Compliance reporting
Invicti.exe --generate-compliance-report \
--framework "PCI-DSS" \
--projects "all" \
--period "quarterly" \
--output "pci_compliance_report.pdf"
# Executive dashboard export
Invicti.exe --export-dashboard --type "executive" \
--format "pdf" \
--include-trends \
--output "executive_dashboard.pdf"
# Vulnerability trend analysis
Invicti.exe --analyze-trends --projects "all" \
--period "last_6_months" \
--metrics "vulnerability_count,severity_distribution" \
--output "trend_analysis.json"
CI/CD Integration
Jenkins Integration
// Jenkinsfile
pipeline {
agent any
environment {
INVICTI_API_TOKEN = credentials('invicti-api-token')
}
stages {
stage('Build') {
steps {
// Build application
sh 'npm install && npm run build'
}
}
stage('Deploy to Staging') {
steps {
// Deploy to staging environment
sh 'docker-compose up -d'
// Wait for application to be ready
sh 'sleep 30'
}
}
stage('Security Scan') {
steps {
script {
// Start Invicti scan
def scanResult = sh(
script: """
Invicti.exe --scan --url "http://staging.example.com" \
--profile "CI/CD Security" \
--api-token "${INVICTI_API_TOKEN}" \
--wait-for-completion \
--max-scan-time 30m \
--output-format json
""",
returnStdout: true
)
def scanData = readJSON text: scanResult
// Check for critical vulnerabilities
if (scanData.vulnerabilities.critical > 0) {
error("Critical vulnerabilities found: ${scanData.vulnerabilities.critical}")
}
// Generate report
sh """
Invicti.exe --export-report --scan-id "${scanData.scanId}" \
--format "html" \
--output "security_report.html"
"""
}
}
}
stage('Deploy to Production') {
when {
branch 'main'
}
steps {
echo 'Deploying to production...'
// Production deployment steps
}
}
}
post {
always {
archiveArtifacts artifacts: 'security_report.html', fingerprint: true
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: '.',
reportFiles: 'security_report.html',
reportName: 'Invicti Security Report'
])
}
failure {
emailext (
subject: "Security Scan Failed: ${env.JOB_NAME} - ${env.BUILD_NUMBER}",
body: "Security vulnerabilities found in build ${env.BUILD_NUMBER}. Check the report for details.",
to: "security-team@company.com"
)
}
}
}
Azure DevOps Integration
# azure-pipelines.yml
trigger:
- main
- develop
pool:
vmImage: 'windows-latest'
variables:
invictiApiToken: $(INVICTI_API_TOKEN)
stages:
- stage: Build
jobs:
- job: BuildApp
steps:
- task: NodeTool@0
inputs:
versionSpec: '16.x'
- script: |
npm install
npm run build
displayName: 'Build Application'
- stage: SecurityScan
dependsOn: Build
jobs:
- job: InvictiScan
steps:
- task: PowerShell@2
displayName: 'Run Invicti Security Scan'
inputs:
targetType: 'inline'
script: |
$scanResult = & "C:\Program Files\Invicti\Enterprise\Invicti.exe" `
--scan `
--url "https://$(Build.BuildId).staging.example.com" `
--profile "Azure DevOps" `
--api-token "$(invictiApiToken)" `
--wait-for-completion `
--max-scan-time "30m" `
--output-format "json"
$scanData = $scanResult | ConvertFrom-Json
if ($scanData.vulnerabilities.critical -gt 0) {
Write-Error "Critical vulnerabilities found: $($scanData.vulnerabilities.critical)"
exit 1
}
# Export report
& "C:\Program Files\Invicti\Enterprise\Invicti.exe" `
--export-report `
--scan-id "$($scanData.scanId)" `
--format "html" `
--output "$(Agent.TempDirectory)\security_report.html"
- task: PublishHtmlReport@1
displayName: 'Publish Security Report'
inputs:
reportDir: '$(Agent.TempDirectory)'
tabName: 'Invicti Security Report'
- stage: Deploy
dependsOn: SecurityScan
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
jobs:
- deployment: DeployToProduction
environment: 'production'
strategy:
runOnce:
deploy:
steps:
- script: echo "Deploying to production..."
displayName: 'Deploy Application'
GitHub Actions Integration
# .github/workflows/security-scan.yml
name: Security Scan with Invicti
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
security-scan:
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '16'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Build application
run: npm run build
- name: Deploy to staging
run: |
# Deploy application to staging environment
echo "Deploying to staging..."
- name: Run Invicti Security Scan
env:
INVICTI_API_TOKEN: ${{ secrets.INVICTI_API_TOKEN }}
run: |
$scanResult = & "C:\Program Files\Invicti\Enterprise\Invicti.exe" `
--scan `
--url "https://staging.example.com" `
--profile "GitHub Actions" `
--api-token "$env:INVICTI_API_TOKEN" `
--wait-for-completion `
--max-scan-time "30m" `
--output-format "json"
$scanData = $scanResult | ConvertFrom-Json
# Export detailed report
& "C:\Program Files\Invicti\Enterprise\Invicti.exe" `
--export-report `
--scan-id "$($scanData.scanId)" `
--format "json" `
--output "security_results.json"
# Check for critical vulnerabilities
if ($scanData.vulnerabilities.critical -gt 0) {
Write-Error "Critical vulnerabilities found: $($scanData.vulnerabilities.critical)"
exit 1
}
- name: Upload Security Results
uses: actions/upload-artifact@v3
if: always()
with:
name: security-scan-results
path: security_results.json
- name: Comment PR with Results
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const results = JSON.parse(fs.readFileSync('security_results.json', 'utf8'));
const comment = `## 🔒 Security Scan Results
**Vulnerabilities Found:**
- Critical: ${results.vulnerabilities.critical}
- High: ${results.vulnerabilities.high}
- Medium: ${results.vulnerabilities.medium}
- Low: ${results.vulnerabilities.low}
**Scan Details:**
- Scan ID: ${results.scanId}
- Duration: ${results.scanDuration}
- Pages Scanned: ${results.pagesScanned}
${results.vulnerabilities.critical > 0 ? '❌ **Critical vulnerabilities found! Please review and fix before merging.**' : '✅ **No critical vulnerabilities found.**'}
`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
API y automatización
REST API Usage
# Authentication
export INVICTI_API_TOKEN="your_api_token_here"
export INVICTI_BASE_URL="https://invicti.company.com/api/1.0"
# Get scan list
curl -H "Authorization: Bearer $INVICTI_API_TOKEN" \
"$INVICTI_BASE_URL/scans"
# Start a new scan
curl -X POST \
-H "Authorization: Bearer $INVICTI_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"TargetUrl": "https://example.com",
"ProfileId": "standard-web-app",
"ScanType": "FullWithPrimaryProfile"
}' \
"$INVICTI_BASE_URL/scans"
# Get scan status
curl -H "Authorization: Bearer $INVICTI_API_TOKEN" \
"$INVICTI_BASE_URL/scans/12345"
# Download scan report
curl -H "Authorization: Bearer $INVICTI_API_TOKEN" \
"$INVICTI_BASE_URL/scans/12345/report?format=pdf" \
-o "scan_report.pdf"
Automatización PowerShell
# Invicti PowerShell automation script
param(
[Parameter(Mandatory=$true)]
[string]$TargetUrl,
[Parameter(Mandatory=$true)]
[string]$ApiToken,
[string]$ProfileName = "Standard Web App",
[int]$MaxScanTime = 120,
[string]$OutputPath = "."
)
# Set up API headers
$headers = @{
"Authorization" = "Bearer $ApiToken"
"Content-Type" = "application/json"
}
$baseUrl = "https://invicti.company.com/api/1.0"
# Function to start scan
function Start-InvictiScan {
param($url, $profile)
$scanRequest = @{
TargetUrl = $url
ProfileId = $profile
ScanType = "FullWithPrimaryProfile"
MaxScanTime = $MaxScanTime
} | ConvertTo-Json
$response = Invoke-RestMethod -Uri "$baseUrl/scans" -Method POST -Headers $headers -Body $scanRequest
return $response.Id
}
# Function to wait for scan completion
function Wait-ForScanCompletion {
param($scanId)
do {
Start-Sleep -Seconds 30
$scanStatus = Invoke-RestMethod -Uri "$baseUrl/scans/$scanId" -Headers $headers
Write-Host "Scan status: $($scanStatus.State) - Progress: $($scanStatus.Progress)%"
} while ($scanStatus.State -eq "Running")
return $scanStatus
}
# Function to download report
function Get-ScanReport {
param($scanId, $format = "pdf")
$reportUrl = "$baseUrl/scans/$scanId/report?format=$format"
$outputFile = Join-Path $OutputPath "invicti_report_$scanId.$format"
Invoke-WebRequest -Uri $reportUrl -Headers $headers -OutFile $outputFile
return $outputFile
}
# Main execution
try {
Write-Host "Starting Invicti scan for: $TargetUrl"
# Start scan
$scanId = Start-InvictiScan -url $TargetUrl -profile $ProfileName
Write-Host "Scan started with ID: $scanId"
# Wait for completion
$finalStatus = Wait-ForScanCompletion -scanId $scanId
Write-Host "Scan completed with status: $($finalStatus.State)"
# Download reports
$pdfReport = Get-ScanReport -scanId $scanId -format "pdf"
$jsonReport = Get-ScanReport -scanId $scanId -format "json"
Write-Host "Reports downloaded:"
Write-Host " PDF: $pdfReport"
Write-Host " JSON: $jsonReport"
# Parse results
$results = Get-Content $jsonReport | ConvertFrom-Json
$criticalCount = ($results.Vulnerabilities | Where-Object { $_.Severity -eq "Critical" }).Count
$highCount = ($results.Vulnerabilities | Where-Object { $_.Severity -eq "High" }).Count
Write-Host "Vulnerability Summary:"
Write-Host " Critical: $criticalCount"
Write-Host " High: $highCount"
Write-Host " Total: $($results.Vulnerabilities.Count)"
# Exit with error if critical vulnerabilities found
if ($criticalCount -gt 0) {
Write-Error "Critical vulnerabilities found! Scan failed."
exit 1
}
Write-Host "Scan completed successfully!"
} catch {
Write-Error "Scan failed: $($_.Exception.Message)"
exit 1
}
Configuración y personalización avanzadas
Vulnerabilidad personalizada Checks
<!-- custom_checks.xml -->
<CustomChecks>
<Check id="custom_sql_injection">
<Name>Advanced SQL Injection Detection</Name>
<Description>Custom SQL injection patterns for specific application</Description>
<Category>Injection</Category>
<Severity>High</Severity>
<TestCases>
<TestCase>
<Payload>' OR '1'='1' --</Payload>
<ExpectedResponse type="error_message">SQL syntax error</ExpectedResponse>
</TestCase>
<TestCase>
<Payload>1' UNION SELECT 1,2,3 --</Payload>
<ExpectedResponse type="content_change">significant</ExpectedResponse>
</TestCase>
</TestCases>
<FalsePositiveReduction>
<ExcludeIfContains>test environment</ExcludeIfContains>
<ExcludeIfContains>demo data</ExcludeIfContains>
</FalsePositiveReduction>
</Check>
<Check id="custom_business_logic">
<Name>Business Logic Flaw Detection</Name>
<Description>Custom business logic vulnerability checks</Description>
<Category>BusinessLogic</Category>
<Severity>Medium</Severity>
<TestCases>
<TestCase>
<Description>Price manipulation test</Description>
<Steps>
<Step type="navigate">checkout.php</Step>
<Step type="modify_parameter">price=-100</Step>
<Step type="submit_form">checkout_form</Step>
</Steps>
<ExpectedResponse type="success_indicator">Order confirmed</ExpectedResponse>
</TestCase>
</TestCases>
</Check>
</CustomChecks>
Integración con herramientas externas
# invicti_integration.py
import requests
import json
import time
from typing import Dict, List, Optional
class InvictiIntegration:
def __init__(self, api_token: str, base_url: str = "https://invicti.company.com/api/1.0"):
self.api_token = api_token
self.base_url = base_url
self.headers = {
"Authorization": f"Bearer {api_token}",
"Content-Type": "application/json"
}
def start_scan(self, target_url: str, profile_id: str = "standard-web-app") -> str:
"""Start a new security scan"""
scan_data = {
"TargetUrl": target_url,
"ProfileId": profile_id,
"ScanType": "FullWithPrimaryProfile"
}
response = requests.post(
f"{self.base_url}/scans",
headers=self.headers,
json=scan_data
)
if response.status_code == 201:
return response.json()["Id"]
else:
raise Exception(f"Failed to start scan: {response.text}")
def get_scan_status(self, scan_id: str) -> Dict:
"""Get scan status and progress"""
response = requests.get(
f"{self.base_url}/scans/{scan_id}",
headers=self.headers
)
return response.json()
def wait_for_scan_completion(self, scan_id: str, timeout: int = 7200) -> Dict:
"""Wait for scan to complete with timeout"""
start_time = time.time()
while time.time() - start_time < timeout:
status = self.get_scan_status(scan_id)
if status["State"] in ["Completed", "Failed", "Aborted"]:
return status
print(f"Scan progress: {status['Progress']}%")
time.sleep(30)
raise TimeoutError("Scan did not complete within timeout")
def get_vulnerabilities(self, scan_id: str) -> List[Dict]:
"""Get vulnerabilities from completed scan"""
response = requests.get(
f"{self.base_url}/scans/{scan_id}/vulnerabilities",
headers=self.headers
)
return response.json()
def export_report(self, scan_id: str, format: str = "json") -> bytes:
"""Export scan report in specified format"""
response = requests.get(
f"{self.base_url}/scans/{scan_id}/report?format={format}",
headers=self.headers
)
return response.content
def create_jira_tickets(self, vulnerabilities: List[Dict], jira_config: Dict) -> List[str]:
"""Create Jira tickets for high/critical vulnerabilities"""
jira_tickets = []
for vuln in vulnerabilities:
if vuln["Severity"] in ["Critical", "High"]:
ticket_data = {
"fields": {
"project": {"key": jira_config["project_key"]},
"summary": f"Security Vulnerability: {vuln['Name']}",
"description": f"""
Vulnerability Details:
- Type: {vuln['Type']}
- Severity: {vuln['Severity']}
- URL: {vuln['Url']}
- Description: {vuln['Description']}
- Remediation: {vuln['Remediation']}
Invicti Scan ID: {vuln['ScanId']}
""",
"issuetype": {"name": "Bug"},
"priority": {"name": "High" if vuln["Severity"] == "Critical" else "Medium"},
"labels": ["security", "invicti", vuln["Type"].lower()]
}
}
jira_response = requests.post(
f"{jira_config['base_url']}/rest/api/2/issue",
auth=(jira_config["username"], jira_config["password"]),
headers={"Content-Type": "application/json"},
json=ticket_data
)
if jira_response.status_code == 201:
ticket_key = jira_response.json()["key"]
jira_tickets.append(ticket_key)
print(f"Created Jira ticket: {ticket_key}")
return jira_tickets
def send_slack_notification(self, scan_results: Dict, webhook_url: str):
"""Send scan results to Slack"""
critical_count = len([v for v in scan_results["vulnerabilities"] if v["Severity"] == "Critical"])
high_count = len([v for v in scan_results["vulnerabilities"] if v["Severity"] == "High"])
color = "danger" if critical_count > 0 else "warning" if high_count > 0 else "good"
message = {
"attachments": [
{
"color": color,
"title": f"Invicti Security Scan Results - {scan_results['target_url']}",
"fields": [
{
"title": "Critical Vulnerabilities",
"value": str(critical_count),
"short": True
},
{
"title": "High Vulnerabilities",
"value": str(high_count),
"short": True
},
{
"title": "Scan Duration",
"value": scan_results["duration"],
"short": True
},
{
"title": "Pages Scanned",
"value": str(scan_results["pages_scanned"]),
"short": True
}
]
}
]
}
requests.post(webhook_url, json=message)
# Usage example
invicti = InvictiIntegration("your_api_token")
# Start scan
scan_id = invicti.start_scan("https://example.com", "comprehensive-profile")
print(f"Started scan: {scan_id}")
# Wait for completion
scan_status = invicti.wait_for_scan_completion(scan_id)
print(f"Scan completed: {scan_status['State']}")
# Get vulnerabilities
vulnerabilities = invicti.get_vulnerabilities(scan_id)
print(f"Found {len(vulnerabilities)} vulnerabilities")
# Create Jira tickets for critical/high vulnerabilities
jira_config = {
"base_url": "https://company.atlassian.net",
"username": "jira_user",
"password": "jira_password",
"project_key": "SEC"
}
tickets = invicti.create_jira_tickets(vulnerabilities, jira_config)
print(f"Created {len(tickets)} Jira tickets")
# Send Slack notification
scan_results = {
"target_url": "https://example.com",
"vulnerabilities": vulnerabilities,
"duration": "2h 15m",
"pages_scanned": 1250
}
invicti.send_slack_notification(scan_results, "https://hooks.slack.com/services/...")
Solución de problemas y mejores prácticas
Optimización del rendimiento
# Optimize scan performance
Invicti.exe --configure-performance \
--max-concurrent-requests 15 \
--request-delay 500 \
--timeout 45000 \
--memory-limit 8GB
# Database optimization (Enterprise)
Invicti.exe --optimize-database \
--rebuild-indexes \
--update-statistics \
--cleanup-old-scans 90d
# Network optimization
Invicti.exe --configure-network \
--connection-pool-size 50 \
--keep-alive-timeout 30s \
--dns-cache-timeout 300s
Problemas y soluciones comunes
# Authentication issues
Invicti.exe --test-authentication --url "https://app.example.com" \
--auth-sequence "login_sequence.xml" \
--verbose
# Scan failures and timeouts
Invicti.exe --diagnose-scan-issues --scan-id "12345" \
--export-debug-log "debug.log"
# False positive management
Invicti.exe --manage-false-positives \
--vulnerability-id "vuln-123" \
--mark-false-positive \
--reason "Test environment data"
# Performance issues
Invicti.exe --performance-analysis --scan-id "12345" \
--generate-performance-report
Prácticas óptimas de seguridad
# Secure configuration
Invicti.exe --secure-configuration \
--enable-encryption \
--require-strong-passwords \
--enable-audit-logging \
--session-timeout 30m
# Access control
Invicti.exe --configure-access-control \
--enable-rbac \
--require-mfa \
--ip-whitelist "192.168.1.0/24,10.0.0.0/8"
# Data protection
Invicti.exe --configure-data-protection \
--encrypt-sensitive-data \
--anonymize-scan-data \
--data-retention-policy 365d