API_Scripts/list_target_vulns.py at 9cea95a86e2db602990a45d2e05f002c105059ee · Probely/API_Scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/env python

"""
Script to list the number of vulnerabilities for each target of the account
"""


import csv
import requests
from urllib.parse import urljoin

def fetch_all_targets(api_base_url, headers):
    resp = requests.get(urljoin(api_base_url, "targets/?length=10000"), headers=headers)
    resp.raise_for_status()
    return resp.json().get("results", [])

def fetch_target_findings(api_base_url, target_id, headers):
    endpoint = urljoin(api_base_url, f"targets/{target_id}/findings/?length=10000")
    resp = requests.get(endpoint, headers=headers)
    resp.raise_for_status()
    return resp.json().get("results", [])

def count_severity(findings):
    high = sum(1 for f in findings if f.get("severity") == 30 or f.get("severity") == "HIGH")
    med  = sum(1 for f in findings if f.get("severity") == 20 or f.get("severity") == "MEDIUM")
    low  = sum(1 for f in findings if f.get("severity") == 10 or f.get("severity") == "LOW")
    return high, med, low

def main():
    token = input("API Token: ")
    instance = input("Instance (eu, us, au): ")
    csv_path = input("CSV file path (default: ./targets_findings.csv): ") or "./targets_findings.csv"
    headers = {"Authorization": f"JWT {token}", "Content-Type": "application/json"}
    api_base = f"https://api.{instance}.probely.com"

    print("Fetching targets...")
    try:
        targets = fetch_all_targets(api_base, headers)
    except requests.HTTPError as e:
        print("Failed to fetch targets:", e)
        return

    if not targets:
        print("No targets found.")
        return

    print(f"Found {len(targets)} target(s). Fetching findings per target...")

    with open(csv_path, "w", newline='') as f:
        writer = csv.writer(f)
        writer.writerow(["Target URL", "Target Name", "High Vulns", "Medium Vulns", "Low Vulns"])

        for t in targets:
            target_id = t.get("id", "")
            target_url = t.get("site", {}).get("url", "Unknown")
            target_name = t.get("name", "")

            try:
                findings = fetch_target_findings(api_base, target_id, headers)
            except requests.HTTPError:
                print(f"Warning: Could not fetch findings for target {target_url} (ID: {target_id})")
                writer.writerow([target_url, target_name, "N/A", "N/A", "N/A"])
                continue

            high, med, low = count_severity(findings)
            writer.writerow([target_url, target_name, high, med, low])

    print(f"Done! Results saved to {csv_path}")

if __name__ == "__main__":
    main()