Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Highlighted
HUBI-DUBI Absent Member.
Absent Member.
7249 views

wi.exe step-mode Crawl

Jump to solution

Dear Sir or Madam;

Right now, I am using Webinspect in following configuration:

- WebInspect Server (a VM) acts as Proxy-Server, while the Website is beeing surfed from a browser via WebInspect Proxy. When surfing, the Webinspect server listens in a manual step-mode crawl for the URLs I surf.

Afterwards, after having surfed each and every mask of the web, I run Audit as the second step.

When using the Fat Gui, everything works fine. Now I try to alter scanning a little bit (sorry, beeing a Linux-guy I wanna use command line as much as possible... 😉 )

I am looking for a way to setup a scan with the following parameters:

- wi.exe needs to be called from a command line

- the Webinspect Server needs to act as Proxy-Server as before.

No, I am searching for the parameter to start the manual Step-Mode Crawl via command line.

The help for wi.exe -? diplays:

-

  General ---------------------------------------------------------

 ...   -o                     audit only (requires policy -p)
     -c                     crawl only

...

which - at least to my humble opinion calls only for an automated Crawl or only for an automated audit.

Do I have any option which allows me just to run a manual Crawl in step mode from command-line?

 

Any help help would be appreciated. Thank you very much in advance.

kind regards

HUBI-DUBI.

 

Labels (2)
Tags (1)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Re: wi.exe step-mode Crawl

Jump to solution

There is no way to generate the Manual Step-Mode Scan outside of the WebInspect UI, even though at heart it is simply serving as an instance of Web Proxy.  the aim of the Manual Mode is to let the user see (or de-select) the sessions building in the Site Tree pane, but obviously that is not of interest as you want automation.

However, I think the WebInspect API will fulfil your needs.  In release 16.10, much of its documentation was removed from the WebInspect Help file and placed inside the API interface itself.  You will want to configure and start the WebInspect API service, using the Help guide and the Fortify Monitor (system tray program).  It defaults to http://localhost:8083/webinspect/api when it is running, but you can enable it on your LAN port, enable SSL, or authentication on it if desired.  There are also samples of scripts, mostly using cURL, but you can get the idea of the design from them.

The API offers two basic modes.  One allows the launching of Web Proxy to record traffic, then halt it and save it as a Workflow.  The other mode is to run WebInspect scans, and those can even incorporate the Workflow(s) you have recorded.  To mimic your set-up with the CLI, I think you will script the WebProxy to start listening, perform your browsing or run a functional testing script as the "Crawl", halt the Proxy and save its traffic, then run a WebInspect Workflow-driven scan using one or more pre-recorded Workflow Macros.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: wi.exe step-mode Crawl

Jump to solution

There is no way to generate the Manual Step-Mode Scan outside of the WebInspect UI, even though at heart it is simply serving as an instance of Web Proxy.  the aim of the Manual Mode is to let the user see (or de-select) the sessions building in the Site Tree pane, but obviously that is not of interest as you want automation.

However, I think the WebInspect API will fulfil your needs.  In release 16.10, much of its documentation was removed from the WebInspect Help file and placed inside the API interface itself.  You will want to configure and start the WebInspect API service, using the Help guide and the Fortify Monitor (system tray program).  It defaults to http://localhost:8083/webinspect/api when it is running, but you can enable it on your LAN port, enable SSL, or authentication on it if desired.  There are also samples of scripts, mostly using cURL, but you can get the idea of the design from them.

The API offers two basic modes.  One allows the launching of Web Proxy to record traffic, then halt it and save it as a Workflow.  The other mode is to run WebInspect scans, and those can even incorporate the Workflow(s) you have recorded.  To mimic your set-up with the CLI, I think you will script the WebProxy to start listening, perform your browsing or run a functional testing script as the "Crawl", halt the Proxy and save its traffic, then run a WebInspect Workflow-driven scan using one or more pre-recorded Workflow Macros.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
HUBI-DUBI Absent Member.
Absent Member.

Re: wi.exe step-mode Crawl

Jump to solution

Hello HansEnders,

Thank you very much for your help and the explanation.

I'll try it, but after a first glance today, I think, the API will definitely solve my problems and will fulfil my needs.

Kind regards

HUBI-DUBI.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.