Thanks to everyone who provided input. I could never get an elegant solution
to work, but I got one that was “good enough.” Here are the XML commands our
script passes through OMP. Rémi provided most of this already. I’m sure my
meager contribution can be improved.
Our script relies on an existing task (taskName) to use and a target config
(targetName) it will use as a template for a new target config. It clones the
existing target config with a new name (targetName_timestamp), updates the
hosts in the new target config (createTargetList), and modifies the task to use
the new target.
By specifying an appropriate taskName and targetName and using selection
criteria to build createTargetList (for example, filtering systems by tag
values), we’ve automated the maintenance of our scan targets for several
different scenarios.
###############################################
targetNewName = targetName + '_' + timestamp
# Get the Task ID of the task we need to manipulate. We will change the target
config assigned to it to our new target config ID
getTaskIDXML = '<get_tasks filter="name=%s"/>' % taskName
taskID = exec_task('-X', getTaskIDXML, 'task')
# Get the target config of the target we use as a template
getTargetCopyIDXML = '<get_targets filter="name=%s"/>' % targetName
targetCopyID = exec_task('-X', getTargetCopyIDXML, 'target')
# Create the new target config based on the template target config
createTargetXML =
'<create_target><name>%s</name><copy>%s</copy></create_target>' %
(targetNewName, targetCopyID)
exec_task('-X', createTargetXML, None)
# Appears to take some time to commit, we'll look it up on the next op
time.sleep(15)
# Get the ID of our new target config
getNewTargetIDXML = '<get_targets filter="name=%s"/>' % targetNewName
targetNewID = exec_task('-X', getNewTargetIDXML, 'target')
# Modify the new target config to include current hosts
# We generate createTargetList on the fly with live info from the cloud host
modifyTargetXML = '<modify_target
target_id="%s"><hosts>%s</hosts><exclude_hosts></exclude_hosts></modify_target>'
% (targetNewID, createTargetList)
exec_task('-X', modifyTargetXML, None)
time.sleep(5)
# Modify our task to use the new target config. Needs to be alterable
modifyTaskXML = '<modify_task task_id="%s"><target id="%s"/></modify_task>' %
(taskID, targetNewID)
exec_task('-X', modifyTaskXML, None)
time.sleep(5)
# Start the task
startTaskXML = '<start_task task_id="%s"/>' % taskID
exec_task('-X', startTaskXML, None)
exec_task is a wrapper for OMP that optionally returns a task or target
resource id.
Best,
Jeremy
From: Rémi Liquete [mailto:[email protected]]
Sent: Thursday, August 31, 2017 10:42 AM
To: Thijs Stuurman <[email protected]>
Cc: CAMPBELL Jeremy <[email protected]>;
[email protected]
Subject: Re: [Openvas-discuss] Modifying task targets with omp [PUBLIC]
Hi Jeremy,
I've done this last month.
The only way to do what you want with OMP is to create a temporary target and
affects it to the task.
Then modify your target, and affects it back to your target.
The command to do this is : omp -u User -w Password -X '<modify_task
task_id="HERE IS YOUR TASK ID"><target id="HERE IS YOUR TARGET ID TO AFFECT TO
THE TASK"/></modify_task>'
I have full automate my scans in python scripts with that to modify my task and
its target.
Regards,
Rémi.
2017-08-31 16:27 GMT+02:00 Thijs Stuurman
<mailto:[email protected]>:
I checked GVM Tools which contains functions such as:
def create_target(self, name, make_unique, **kwargs)
def delete_target(self, target_id, ultimate=0)
def modify_target(self, target_id, **kwargs)
def modify_task(self):
but found:
“””
def modify_task(self):
# TODO: Multiple values are required to modify a task. Is this correct?
raise NotImplementedError
“””
So.. I guess not yet.
The “old” command line OMP has the option:
-M, --modify-task Modify a task.
But I never used it, not sure how it works.
Thijs Stuurman
Security Operations Center | KPN Internedservices
mailto:[email protected] | mailto:[email protected]
T: tel:+31%20299%20476%20185 | M: tel:+31%206%2024366778
PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/)
Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048
W: https://www.internedservices.nl/ | L: http://nl.linkedin.com/in/thijsstuurman
Van: Openvas-discuss
[mailto:mailto:[email protected]] Namens CAMPBELL
Jeremy
Verzonden: donderdag 31 augustus 2017 16:13
Aan: mailto:[email protected]
Onderwerp: [Openvas-discuss] Modifying task targets with omp [PUBLIC]
Hi all,
I have some systems in a dynamic cloud environment, and I’m trying to automate
the maintenance of targets in OpenVAS. In the past, I’ve used alterable tasks,
periodically created an updated target group, and modified the task’s
configuration to use that group. I can programmatically create targets, but I
don’t see a way to change the target group used by an alterable task. Is it
possible to change targets on a alterable task from the command line? I’m open
to doing something outside of omp if necessary.
Thanks,
JeremyThis message was classified PUBLIC by CAMPBELL Jeremy on Thursday, August
31, 2017 at 10:12:47 AM.
________________________________________
This message, including attachments, is intended for the above-mentioned
addressees only. It may contain confidential information the review,
dissemination or disclosure of which is strictly prohibited. Should you receive
this message in error, please delete it and notify the sender to the e-mail
address indicated above.
________________________________________
---------- Message transféré ----------
From: Jan-Oliver Wagner <mailto:[email protected]>
To: OpenVAS Announcement List <mailto:[email protected]>
Cc:
Bcc:
Date: Thu, 10 Aug 2017 08:23:26 +0000
Subject: [Openvas-announce] GVM-Tools
Dear OpenVAS / Greenbone Users,
we are happy to announce the availability of GVM-Tools. This is a
collection of tools for remote controlling a OpenVAS / Greenbone
setup and is intended to replace the "openvas-cli" module with
its "omp" and "check_omp" command line tools.
The new approach is comprised of interactive and non-interactive clients as
well as supporting libraries. The programming language Python is supported
directly for interactive scripting and library use. But it is also possible
to issue remote GMP/OMP/OSP commands without programming in Python.
The tools are compatible with the connection methods TLS, file socket
and with the SSH GMP connection of Greenbone OS version 4. In other
words, it can be used for any supported Greenbone OS version and for
any supported OpenVAS version.
The source code downloads are available from the usual place:
http://www.openvas.org/install-source.html
We have prepared standalone binaris for Windows, including the
Python environment making it unnecessary to install anything else.
The latest versions are available as (*)
http://download.greenbone.net/tools/gvm-cli.exe
http://download.greenbone.net/tools/gvm-pyshell.exe
GVM-Tools is Open Source under the GNU General Public License.
The source code is currently managed at bitbucket where you can also
find some examples how to use the tools in practice:
https://bitbucket.org/greenbone/gvm-tools
(*) Checksums of version 1.2.0:
SHA256 (gvm-cli.exe) =
ca19227ba49a732f69717a395db14f08c3b2cc4c73fd00a4d81ab71c4ba4d04d
SHA256 (gvm-pyshell.exe) =
1d487c9a4d449ea1e4a15ff2a9e2af4020b7f378101d5960b1709fbd50d459de
Best regards
--
Dr. Jan-Oliver Wagner | +49-541-760278-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neumarkt 12, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-announce mailing list
mailto:[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-announce
_______________________________________________
Openvas-discuss mailing list
mailto:[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
This message was classified PUBLIC by CAMPBELL Jeremy on Tuesday, September 5,
2017 at 1:12:52 PM.
________________________________
This message, including attachments, is intended for the above-mentioned
addressees only. It may contain confidential information the review,
dissemination or disclosure of which is strictly prohibited. Should you receive
this message in error, please delete it and notify the sender to the e-mail
address indicated above.
________________________________
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
