Coupling AppScan® with the powerful capabilities of Python™ scripts -- one of the most advanced, established, yet easy to learn, scripting languages used by penetration testers -- give users an unprecedented platform for extending security testing. Pyscan is a revolutionary new way to leverage the power of AppScan without the limitations of a user interface. Integrating Python scripting within AppScan's configuration framework produces a level of customization previously unavailable to security professionals and penetration testers. Users can now harness core web application scanning functions, such as the AppScan Advanced Session Management, reporting and scanning engine, to customize a scan for a specific audit.
Python Scripting and AppScan for Targeted, Real-time Penetration Testing
Pyscan leverages the Advanced Session Management of AppScan to establish and maintain login state while enabling Python Scripting via AppScan's engine in order to expose potential web application vulnerabilities. All results are immediately reported in AppScan’s Security Issues view. Users can invoke customized scripted web application attacks that previously were not feasible through manual penetration testing efforts alone. Examples of such scripts include finding suspicious content, scriptable rules, or HTTP fuzzing.
Pyscan comes installed with AppScan v7.5, but in case you need to install it again, here is the eXtension file.
In order to get started with Pyscan, we have created a small sample Python script called PyscanUtils.py, which contains several useful functions. Load this sample script by going to the File menu, choosing Open, and pointing to the PyscanUtils.py script. In the new IDLE window that will open with the script, go to the Run menu, and choose Run Module. The script can also be run by hitting "F5" in the open menu
