WAS API supports JSON requests and responses starting with WAS version 4.5. Samples are shown below.
API request
cat createOP.json | curl -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "user: username" -H "password: passwd" -d @- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" POST data: { "ServiceRequest": { "data": { "OptionProfile": { "name": "OP creation - with json request and response", "timeoutErrorThreshold": "10", "unexpectedErrorThreshold": "20" } } } }
JSON output
{
"ServiceResponse": {
"data": [
{
"OptionProfile": {
"id": 464134,
"formSubmission": "BOTH",
"owner": {
"lastName": "Smith",
"username": "username",
"firstName": "Steve",
"id": 4354
},
"createdBy": {
"lastName": "Smith",
"username": "username",
"firstName": "Steve",
"id": 4354
},
"tags": {
"count": 0
},
"bruteforceOption": "MINIMAL",
"updatedBy": {
"lastName": "Smith",
"username": "username",
"firstName": "Steve",
"id": 4354
},
"maxCrawlRequests": 300,
"sensitiveContent": {
"creditCardNumber": "false",
"socialSecurityNumber": "false"
},
"updatedDate": "2015-12-15T13:39:25Z",
"comments": {
"count": 0
},
"createdDate": "2015-12-15T13:39:25Z",
"parameterSet": {
"name": "Initial Parameters",
"id": 0
},
"isDefault": "false",
"unexpectedErrorThreshold": 20,
"performance": "LOW",
"name": "OP creation - with json request and response",
"ignoreBinaryFiles": "false",
"timeoutErrorThreshold": 10
}
}
],
"count": 1,
"responseCode": "SUCCESS"
}
}
API request
cat createOP.json | curl -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "user: username" -H "password: passwd" -d @- "https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan/"
POST data:
{
"ServiceRequest": {
"data": {
"WasScan": {
"name": "WebApp Default Auth",
"type": "VULNERABILITY",
"target": {
"webApp": { "id": "2640672" },
"webAppAuthRecord": { "isDefault": "true" }
},
"cancelAfterNHours": "1",
"profile": { "id": "450936" }
}
}
}
}
JSON output
{
"ServiceResponse" : {
"responseCode" : "SUCCESS",
"data" : [ {
"WasScan" : {
"id" : 1498381
}
} ],
"count" : 1
}
API request
cat createOP.json | curl -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "user: username" -H "password: passwd" -d @- "<qualys_base_url>/qps/rest/3.0/launch/was/wasscan/" POST data: { "ServiceRequest": { "data": { "WasScan": { "name": "WebApp Default Auth", "type": "VULNERABILITY", "target": { "webApp": { "id": "2640672" }, "webAppAuthRecord": { "isDefault": "true" } }, "cancelAfterNHours": "1", "profile": { "id": "450936" } } } } }
JSON output
{
"ServiceResponse" : {
"responseCode" : "SUCCESS",
"data" : [ {
"WasScan" : {
"id" : 1498381
}
} ],
"count" : 1
}
API request
cat createOP.json | curl -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "user: username" -H "password: passwd" -d @- "https://qualysapi.qualys.com/qps/rest/3.0/search/was/finding"
POST data:
{
"ServiceRequest": {
"preferences": {
"verbose": "true",
"limitResults": "2"
},
"filters": {
"Criteria": [
{
"field": "id",
"operator": "EQUALS",
"value": "3615376"
},
{
"field": "qid",
"operator": "NOT EQUALS",
"value": "0"
}
]
}
}
}
JSON output
{
"ServiceResponse": {
"data": [
{
"Finding": {
"url": "http://10.11.68.95/bricks/config/",
"lastDetectedDate": "2021-06-21T02:10:15Z",
"cwe": {
"count": 1,
"list": [
23
]
},
"id": 3615376,
"lastTestedDate": "2021-06-21T02:10:15Z",
"firstDetectedDate": "2021-06-21T02:10:15Z",
"findingType": "QUALYS",
"updatedDate": "2021-06-21T02:26:31Z",
"history": {
"set": [
{
"WebAppFindingHistory": {
"scanData": {
"reference": "was/1624029515335.1191085.70",
"launchedDate": "2021-06-21T02:10:15Z",
"id": 4255627
}
}
}
]
},
"potential": "false",
"status": "NEW",
"severity": "1",
"webApp": {
"id": 8777442,
"tags": {
"count": 0
},
"url": "http://10.11.68.95/digestApp",
"name": "Latest Target612"
},
"uniqueId": "0bfd3ee4-db6f-4d82-b970-1650a4186637",
"name": "Path-relative stylesheet import (PRSSI) vulnerability",
"qid": 150246,
"cvssV3": {
"temporal": 2.9,
"attackVector": "Network",
"base": 3.1
},
"resultList": {
"count": 1,
"list": [
{
"Result": {
"ajax": "false",
"payloads": {
"count": 1,
"list": [
{
"PayloadInstance": {
"request": {
"headers": "UmVmZXJlcjogaHR0cDovLzEwLjExLjY4Ljk1L2RpZ2VzdEFwcA0KQ29va2llOiBQSFBTRVNTSUQ9bzAxNm5hMWpnZXZhNmF2OTltdWwxcjRrdDM7DQpIb3N0OiAxMC4xMS42OC45NQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzEyLjEuMSBTYWZhcmkvNjA1LjEuMTUNCkFjY2VwdDogKi8qDQo=",
"method": "GET",
"link": "http://10.11.68.95/bricks/config/"
},
"response": "\nRelative Path CSS Links found:\n
<link rel=\"stylesheet\" href=\"../stylesheets/foundation.css\">\n
<link rel=\"stylesheet\" href=\"../stylesheets/foundation.min.css\">\n
<link rel=\"stylesheet\" href=\"../stylesheets/app.css\">",
"payload": "N/A"
}
}
]
},
"authentication": "false"
}
}
]
},
"isIgnored": "false",
"timesDetected": 1,
"type": "VULNERABILITY"
}
}
],
"responseCode": "SUCCESS",
"hasMoreRecords": "false",
"count": 1
}
}