Anand Tiwari
Anand Tiwari InfoSecurity Enthusiast, Author of ArcherySec tool.
Announcing the First Release of Archery Tool CLI


We’re happy to announce the first release of archerysec-cli (Command Line Interface). We started on this as a way to automate some of the instructions available on archerysec tool, but quickly realized there was a lot more potential to make lives of developers even better. Archerysec cli will help you to interact with archery tool.

Installation

To install the latest release from PyPI, you can run the following command:

pip install archerysec-cli

To install the latest development version of Archerysec CLI, you can run the following:

$ git clone https://github.com/archerysec/archerysec-cli.git
$ cd archerysec-cli
$ pip install -r requirements.txt

Usage

To use Archery CLI, you need to set the port Archery runs on (defaults to 8000) and the path to the folder in which Archery is installed. You can Use Archery installation instruction from Archery DOC

Archery CLI can then be used with the following commands:

(env) Anand:archerysec-cli anand$ archerysec-cli


                   _
    /\            | |
   /  \   _ __ ___| |__   ___ _ __ _   _
  / /\ \ | '__/ __| '_ \ / _ \ '__| | | |
 / ____ \| | | (__| | | |  __/ |  | |_| |
/_/    \_\_|  \___|_| |_|\___|_|   \__, |
                                    __/ |
                                   |___/
 Copyright (C) 2018 ArcherySec
 Open Source Vulnerability Assessment and Management.


Usage: archerysec-cli [options]

Options:
  -h, --help            show this help message and exit

  Archery Authentication:
    Authenticate into Archery REST API

    -s SERVER, --server=SERVER
                        Archery API server host address
    -u USERNAME, --username=USERNAME
                        Archery authentication username
    -p PASSWORD, --password=PASSWORD
                        Archery authentication password
    --target_url=TARGET_URL
                        Target URL's
    --scan_id=SCAN_ID   Target URL's
    --target_ip=TARGET_IP
                        Target IP's
    --project_id=PROJECT_ID
                        Project ID

  Get the Archery REST API token:
    -t, --token         Print archery REST API Auth token

  Archery Projects:
    Perform action on Projects modules

    --projectlist       Print project list
    --createproject     Create new project with project name
    --project_name=PROJECT_NAME
                        Project Name
    --project_disc=PROJECT_DISC
                        Project Description
    --project_start=PROJECT_START
                        Project start date Ex. 2018-01-11
    --project_end=PROJECT_END
                        Project End date Ex. 2018-01-11
    --project_owner=PROJECT_OWNER
                        Project Owner name

  ZAP Scans:
    ZAP Scans module to perform ZAP Scans

    --zapscanlist       List all ZAP Scans
    --zapscan           Launch ZAP Scan
    --zapscanresult     Get ZAP Scan result (Ex. python archery_cli.py -s
                        http://127.0.0.1:8000 -u admin -p admin@123A
                        --zapscanresult --scan_id=4ea6852b-
                        bbf2-4171-9e98-4d798731e87a)

  OpenVAS Scanner:
    OpenVAS Scans module to perform OpenVAS Scan

    --openvaslist       List all OpenVAS Scans
    --openvasscan       Launch OpenVAS Scans
    --openvas_result    Get OpenVAS Scan result (Ex. python archery_cli.py -s
                        http://127.0.0.1:8000 -u admin -p admin@123A
                        --openvas_result --scan_id=4ea6852b-
                        bbf2-4171-9e98-4d798731e87a)

  Upload Scanner Reports:
    Upload multiple scanners reports

    --upload            Upload scans report
    --file=FILE         Input JSON or XML file
    --TARGET=TARGET     Scan URL or IP
    --scanner=SCANNER   Select scanners [ zap_scan, burp_scan, arachni,
                        netsparker, webinspect, banditscan]

Example to get auth token: archerysec-cli -s http://127.0.0.1:8000 -u admin -p admin@123A -t

Create Project:

$archerysec-cli -s http://127.0.0.1:8000 -u admin -p admin@123 \
    --createproject --project_name=test_project --project_disc="test project" \
    --project_start=2018-01-11 --project_end=2018-01-11 --project_owner=anand

Launch ZAP Scan:

$archerysec-cli -s http://127.0.0.1:8000 -u admin -p admin@123 \ 
    --zapscan --target_url=http://demo.testfire.net \
    --project_id=aa6730d4-d3c8-40ab-9ac1-27592afbdcb3

Learn More

comments powered by Disqus