Re: [Openvas-discuss] Strange results when trying to get all reports
Hi,
Maybe you can take look of my solution @
http://ping-viini.org/get-reports-latest.zip
It exports latest reports from scanner to file and then zips and sends via
email.
requires: php-cli, zip, working sendmail binary, working omp-cli
usage like php et-reports-latest.php your@email
it also requires $HOME/omp.config for authentication details like this:
[Connection]
host=127.0.0.1
port=9390
username=admin
password=adminpassword
with very little modification it can export all reports to one file.
patch to include all in one file. not tested. may work. any questions?
--- get-reports-latest.php 2015-04-12 23:42:50.984480286 +0200
+++ get-reports-latest.php.new 2015-04-12 23:50:42.081128440 +0200
@@ -128,7 +128,7 @@
$string = sprintf( omp -iX \get_tasks task_id='%s' details='1' /\
|grep -A1 'last_report' |grep id | awk -F\\\ '{ print $2 }',$id);
$report_id = shell_exec($string);
$report_id = trim($report_id);
- $string2 = sprintf(omp --get-report %s --format %s
/tmp/%s/full-%s.csv,$report_id,$formatstr,$today,$hostname);
+ $string2 = sprintf(omp --get-report %s --format %s
/tmp/%s/all-in-one.csv,$report_id,$formatstr,$today);
//echo $string2;
shell_exec($string2);
Eero
--
Eero
2015-03-20 11:29 GMT+02:00 Selam Uzun selam.u...@gmail.com:
Hallo,
It's me again, sorry ^^ (thanks again for the previous answers).
I have a weird result that I can't explain but I think it's a base64
encoding/decoding problem. I'd like to have your opinion.
My aim is simple : I want to get all reports in CSV and in one file.
I have this :
-
#!/bin/sh
# Description: import of all reports generated by OpenVAS
IMPORT_FILE=openvas_reports.csv
# csv format id
REPORT_FORMAT_ID=9087b18c-626c-11e3-8892-406186ea4fc5
# Get reports
omp -u admin -w admin -X '
get_reports format_id='$REPORT_FORMAT_ID'/
' | egrep -o 'SVAsSG9zdG5hbWUsT1M[[:alnum:]]+' \
| base64 -d $IMPORT_FILE
-
The egrep may seems a bit...meh but since all CSV reports start like
this in base64 I though it would make the deal.
I made a scan in GSA and I got a high severity (7.5), 1 high, 4 medium, 0
low, 15 log.
When I run the script I get :
IP,Hostname,OS,Scan Start,Scan End,CVSS,Severity,High,Medium,Low,Log,False
Positive,Total
127.0.0.1, ,*0.0,None,0,0,0,10,0,10*
I though I made a mistake in the script but I made another scan in GSA and
I got a medium severity (4.3), 0 high, 2 medium, 0 low, 7 log (I turned off
the service that generate the high vulnerability).
When I run the script, I get good results for the medium severity only:
IP,Hostname,OS,Scan Start,Scan End,CVSS,Severity,High,Medium,Low,Log,False
Positive,Total
127.0.0.1, ,
*0.0,None,0,0,0,10,0,10 *
IP,Hostname,OS,Scan Start,Scan End,CVSS,Severity,High,Medium,Low,Log,False
Positive,Total
127.0.0.1, ,*4.3,Medium,0,2,0,7,0,9*
In a terminal I tried, first, to get the high severity report in csv :
get_reports_response status_text=OK status=200... extension=csv
type=scan content_type=text/csvBLABLABLAownername
I decoded the BLABLABLA part and
*that was the good information:*IP,Hostname,OS,Scan Start,Scan
End,CVSS,Severity,High,Medium,Low,Log,False Positive,Total
127.0.0.1, ,*7.5,High,1,4,0,15,0,20*
Then, always in the terminal, I tried to get all reports (the high and the
medium) in CSV:
get_reports_response status_text=OK status=200... extension=csv
type=scan content_type=text/csvFIRSTBLABLAownername
... extension=csv type=scan
content_type=text/csvSECONDBLABLAownername
FIRSTBLABLA correspond to the high severity report and when decoded it
gives *wrong information* = *0.0,None,0,0,0,10,0,10*
SECONDBLABLA correspond to the medium severity report and when decoded it
gives *good information =* *4.3,Medium,0,2,0,7,0,9*
And now, I have X-files generic music in my mind.
Some additional informations :
Kali 1.1.0-amd64
OpenVAS-7 (scanner 4.0.2, Manager 5.0.2, GSA 5.0.1, CLI 1.3.0)
Everything works fine, nothing particular in logs
I tried with TXT format, same result : when I import one by one, no
problem. When I import all (the high and medium) I get wrong information
for the high.
If you have an idea, please let me know.
Thanks a lot in advance for your time.
Best regards,
S. Uzun
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OWASP Plugin for OpenVAs (or Greenbone Interface)
Am Dienstag, 17. März 2015, 06:27:23 schrieb Traiano Welcome: Is there an OWASP plugin for OpenVAS ... Or any plans to build one in future? Alternatively, is there any known working method of integrating OWASP with OpenVAS? what would you expect from such a plugin? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Error building OpenVAS 8 libraries
I haven't seen such a problem, but please if anyone else has experienced this, let us know. Winfried, which operating system are you using? Am Dienstag, 24. März 2015, 15:51:41 schrieb Winfried Neessen: I was able to fix this on my own. In case someone else experices this issue, here is the solution: I had to edit the following files: base/CMakeFiles/test-hosts.dir/link.txt nasl/CMakeFiles/openvas-nasl.dir/link.txt nasl/CMakeFiles/openvas-nasl-lint.dir/link.txt Each file had the same issue. In the link definition, it says s. th. like this: /usr/bin/gcc -Wformat -Wformat-security -O2 [...] -L -lhiredis -lgcrypt [...] For some reason, gcc doesn't seem to like this order of flags and so the -lhiredis seems to be simply ignored. If you change the order of the -L and -lhiredis: /usr/bin/gcc -Wformat -Wformat-security -O2 [...] -lhiredis -L -lgcrypt [...] it compiles w/o issues. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] About installation of Openvas without root access
Am Samstag, 14. März 2015, 05:38:37 schrieb Hon Kevin: I would like to ask is it possible for me to install Openvas without root access from source? yes. Of course you need to specify a prefix for cmake to a destination the user has write access. It makes sense to run openvassd as root though, because else it can not execute all of the tests properly. Also I am curious if the tools is still work if I don't install GSA. Many thanks,KH Sure, GSA is just a OMP client. You can use a OMP CLI command line tool only to control OpenVAS Manager. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] brute force during slave scan
Am Montag, 16. März 2015, 08:24:51 schrieb flymolon: When running a brute force scan using slave server, will the user database file and the password database file be transmitted to the slave server? I assume you mean when using NVT 1.3.6.1.4.1.25623.1.0.103697 (Options for Brute Force NVTs), yes it is transferred to the slave server and the slave server will the run the checks. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] brute force scan help
Am Montag, 16. März 2015, 09:07:02 schrieb flymolon: I chose some NSE smb script which displayed in gsa as Nmap NSE 6.01:smb*, and set Launch Nmap NSE Tests to yes, Nmap NSE 6.01: smb-brute:userdb to /usr/share/openvas/smb_brute_userdb Nmap NSE 6.01: smb-brute:passdb to /usr/share/openvas/smb_brute_passdb The databases contain correct user name and password. But when scan completes, no report, is there something wrong? have you checked the log files (scanner and manager)? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] How to create a new cert feed
Am Dienstag, 17. März 2015, 15:28:31 schrieb Public Account: I have installed OpenVAS and I'm testing it. Regularly I update the three pre-configured feeds: scap, cert nvt. My question is: how to create a new cert feed? I receive security advisories from a cert (different to the preconfigured one) and I would like to feed this information to OpenVAS. I can manipulate the incoming information and put it in any necessary format (cvs, xml...). What I don't know is: - what is the necessary format for the new feed - how can I configure OpenVAS to use the new feed I found information about creating new nvts, but not about incorporating a new feed of security advisories. Any clue, URL, tutorial, example, etc. would be greatly appreciate. well, basically the format has to correspond with the current feed content. You could add your own processed feed content to the OpenVAS CertFeed. I guess some details need to be adjusted. Indeed there is currently no detailed guide how to add more CERT ressources to the feed. There is a file openvas-manager/doc/about-cert-feed.txt that explains a bit more about the structure. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Strange results when trying to get all reports
Am Montag, 23. März 2015, 12:09:01 schrieb Selam Uzun: I'm trying to get around this problem by trying to do something else : is it possible to send an alert with 2 reports format in one email ? Like, one TXT included report and one attached PDF report. (It's seems not but I'd like to have confirmation). Currently this indeed is not supported. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Strange results when trying to get all reports
Hi, How about running script using omp (cli) and then attaching files to email. works for me. -- Eero 2015-03-23 13:09 GMT+02:00 Selam Uzun selam.u...@gmail.com: Hello, I'm trying to get around this problem by trying to do something else : is it possible to send an alert with 2 reports format in one email ? Like, one TXT included report and one attached PDF report. (It's seems not but I'd like to have confirmation). Best regards, S. Uzun On 20 March 2015 at 16:13, Selam Uzun selam.u...@gmail.com wrote: Thanks for your suggestions Matthew. I changed the egrep with xmlstarlet and added the filter. Unfortunately, nothing changed. It's really strange, I tried some other combinations : when I have 2 high severity reports, the 2 reports gives me wrong informations: IP,Hostname, ,CVSS,Severity,High,Medium,Low,Log,False Positive,Total 127.0.0.1, ,0.0,None,0,0,0,10,0,10 IP,Hostname, ,CVSS,Severity,High,Medium,Low,Log,False Positive,Total 127.0.0.1, ,0.0,None,0,0,0,10,0,10 When I have 2 medium severity reports, the 2 reports gives me the good informations: IP,Hostname, ,CVSS,Severity,High,Medium,Low,Log,False Positive,Total 127.0.0.1, ,4.3,Medium,0,2,0,7,0,9 IP,Hostname, ,CVSS,Severity,High,Medium,Low,Log,False Positive,Total 127.0.0.1, ,4.3,Medium,0,2,0,7,0,9 It's like, whenever I have a high severity reports and I try to get it with GET_REPORTS, without providing an id, I get wrong informations. Best regards, S. Uzun On 20 March 2015 at 12:03, Matthew Mundell matthew.mund...@greenbone.net wrote: - #!/bin/sh # Description: import of all reports generated by OpenVAS IMPORT_FILE=openvas_reports.csv # csv format id REPORT_FORMAT_ID=9087b18c-626c-11e3-8892-406186ea4fc5 # Get reports omp -u admin -w admin -X ' get_reports format_id='$REPORT_FORMAT_ID'/ Try adding a filter to the GET_REPORTS, like filter=rows=-1 levels=hmlg, or whatever filter you're using in GSA. ' | egrep -o 'SVAsSG9zdG5hbWUsT1M[[:alnum:]]+' \ You could use something like this instead: ' | xmlstarlet sel -t -v /get_reports_response/report/text\(\) | base64 -d $IMPORT_FILE - -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
