The Acunetix API gives you the opportunity to automate tasks to increase efficiency — especially when you can accelerate integration functionality with other components of your workflow. In this example, we will build on a previous article, where we’ve shown you how to use the Acunetix API in a Bash script: Managing Scans using Bash and the Acunetix API. We will add code to that Bash script to achieve the following automation:

In this article, we will be adding to that Bash script to achieve the following automation procedure:

  • In Acunetix:
    • Trigger the creation of an export file for subsequent import into a WAF
    • Monitor the status of the export until it is completed
    • Download the export file
  • In FortiWeb
    • Upload the export while creating a rule

We’ve previously shown the same procedure for another WAF: F5 BigIP ASM.

Anatomy of the script additions

The script additions follow this structure:

  • Acunetix API tasks
    • The generation of the export file is triggered
    • A loop is created that checks the status of the export file generation every 10 seconds, and waits for the status to become “completed”
    • The export file is downloaded
  • WAF API tasks
    • The export file is uploaded and imported while FortiWeb simultaneously creates a rule

Bash script additions

# ... previous script above this line
# Declare Variables for Acunetix
ExportTypeID="21111111-1111-1111-1111-111111111118" # FortiWeb via ScanResultID
# Declare Variables for FortiWeb
MyHdrWAFAuth=`echo "Authorization:"\`echo $MyWAFUser:$MyWAFPass:$MyWAFADOM | base64\``
MyHdrForm="Content-Type: multipart/form-data"
MyExportResult=`curl -i -sS -k -X POST $MyAXURL/exports -H "Content-Type: application/json" -H "X-Auth: $MyAPIKEY" --data "{\"export_id\":\"$ExportTypeID\",\"source\":{\"list_type\":\"scan_result\",\"id_list\":[\"$MyScanResultID\"]}}"`
MyExportID=`echo "$MyExportResult" | grep -Po '"report_id": *\K"[^"]*"' | tr -d '"'`
while true; do
  MyExportStatus=`curl -sS -k -X GET "$MyAXURL/exports/{$MyExportID}" -H "Accept: application/json" -H "X-Auth: $MyAPIKEY"`
  if [[ "$MyExportStatus" == *"\"status\": \"processing\""* ]]; then
    echo "Export Status: Processing - waiting 10 seconds"
  elif [[ "$MyExportStatus" == *"\"status\": \"queued\""* ]]; then
    echo "Export Status: Queued - waiting 10 seconds"
  elif [[ "$MyExportStatus" == *"\"status\": \"completed\""* ]]; then
    echo "Export Status: Completed"
    # Break out of loop
    echo "Invalid Export Status: Aborting"
    # Clean Up and Exit script
    exit 1
  sleep 10
MyExportFile=`echo $MyExportStatus | sed 's/.*\[ \"\/api\/v1\/reports\/download\/\([^]]*\)\" \].*/\1/g'`
echo "Export File: $MyExportFile"
# Download Export File from Acunetix
Dummy=`curl -sS -k "$MyAXURL/reports/download/$MyExportFile" -o $MyExportFile`
MyExportFilePath=`readlink -f $MyExportFile`
# Import Scan File to WAF
MyWAFResult=`curl -sS -k -X POST "$MyWAFURL/WebVulnerabilityScan/ScannerIntegration/ScannerIntegration?action=import" -H "$MyHdrWAFAuth" -H "$MyHdrForm" -F "fileName=@$MyExportFilePath" -F "autoGenerate=true" -F "profileType=inline" -F "mergetoRule=false" -F "inlineRuleName=AcunetixScanResults" -F "high=deny" -F "medium=alert" -F "low=alert" -F "scannerType=acunetix" -F "importMethod=xml" -F "adomName=$MyWAFADOM"`
echo "WAF Import Result"
echo "================="
echo $MyWAFResult | jq
Kevin Attard Compagno
Technical Writer
Kevin Attard Compagno is a Technical Writer working for Acunetix. A technical writer, translator, and general IT buff for over 30 years, Kevin used to run Technical Support teams and create training documents and other material for in-house technical staff.