def main():
try:
TARGET_IP = "127.0.0.1"
OPENVAS_HOST = "127.0.0.1"
USER = "******"
PASSWORD = "******"
PORT = 9390
TIMEOUT = None
#profile = "empty"
profile = "Full and fast"
manager = VulnscanManager(OPENVAS_HOST, USER, PASSWORD)
sem = Semaphore(0)
# Launch
scan_id, target_id = manager.launch_scan(
target=TARGET_IP,
profile=profile,
callback_end=partial(lambda x: x.release(), sem),
callback_progress=my_print_status)
print "scan_id=%s , target_id=%s " % (scan_id, target_id)
# Wait
sem.acquire()
# Finished scan
print("finished")
report_id = manager.get_report_id(scan_id)
write_report(manager, report_id, TARGET_IP)
manager.delete_scan(scan_id)
manager.delete_target(target_id)
except VulnscanException, e:
print "Error:"
print e
def recv_info(self, info):
# Checks if connection was not setted as down
if not self.state.check("connection_down"):
# Synchronization object to wait for completion.
m_event = Event()
# Get the config.
m_user = Config.plugin_args["user"]
m_password = Config.plugin_args["password"]
m_host = Config.plugin_args["host"]
m_port = Config.plugin_args["port"]
m_timeout = Config.plugin_args["timeout"]
m_profile = Config.plugin_args["profile"]
# Sanitize the port and timeout.
try:
m_port = int(m_port)
except Exception:
m_port = 9390
if m_timeout.lower().strip() in ("inf", "infinite", "none"):
m_timeout = None
else:
try:
m_timeout = int(m_timeout)
except Exception:
m_timeout = None
# Connect to the scanner.
try:
Logger.log_more_verbose(
"Connecting to OpenVAS server at %s:%d" % (m_host, m_port))
m_scanner = VulnscanManager(
m_host, m_user, m_password, m_port, m_timeout)
except VulnscanException, e:
t = format_exc()
Logger.log_error("Error connecting to OpenVAS, aborting scan!")
#Logger.log_error_verbose(str(e))
Logger.log_error_more_verbose(t)
# Set the openvas connection down and remember it.
self.state.put("connection_down", True)
return
try:
# Launch the scanner.
m_scan_id, m_target_id = m_scanner.launch_scan(
target = info.address,
profile = m_profile,
callback_end = partial(lambda x: x.set(), m_event),
callback_progress = OpenVASProgress(self.update_status)
)
Logger.log_more_verbose("OpenVAS task ID: %s" % m_scan_id)
# Wait for completion.
m_event.wait()
# Get the scan results.
m_openvas_results = m_scanner.get_results(m_scan_id)
# Clear the info
m_scanner.delete_scan(m_scan_id)
m_scanner.delete_target(m_target_id)
# Convert the scan results to the GoLismero data model.
return self.parse_results(m_openvas_results, info)
except Exception,e:
t = format_exc()
Logger.log_error_verbose(
"Error parsing OpenVAS results: %s" % str(e))
Logger.log_error_more_verbose(t)
def recv_info(self, info):
# Checks if connection was not set as down
if not self.state.check("connection_down"):
# Synchronization object to wait for completion.
m_event = Event()
# Get the config.
m_user = Config.plugin_args["user"]
m_password = Config.plugin_args["password"]
m_host = Config.plugin_args["host"]
m_port = Config.plugin_args["port"]
m_timeout = Config.plugin_args["timeout"]
m_profile = Config.plugin_args["profile"]
# Sanitize the port and timeout.
try:
m_port = int(m_port)
except Exception:
m_port = 9390
if m_timeout.lower().strip() in ("inf", "infinite", "none"):
m_timeout = None
else:
try:
m_timeout = int(m_timeout)
except Exception:
m_timeout = None
# Connect to the scanner.
try:
Logger.log_more_verbose(
"Connecting to OpenVAS server at %s:%d" % (m_host, m_port))
m_scanner = VulnscanManager(
m_host, m_user, m_password, m_port, m_timeout)
except VulnscanException, e:
t = format_exc()
Logger.log_error("Error connecting to OpenVAS, aborting scan!")
#Logger.log_error_verbose(str(e))
Logger.log_error_more_verbose(t)
# Set the openvas connection as down and remember it.
self.state.put("connection_down", True)
return
m_scan_id = None
m_target_id = None
try:
# Launch the scanner.
m_scan_id, m_target_id = m_scanner.launch_scan(
target = info.address,
profile = m_profile,
callback_end = partial(lambda x: x.set(), m_event),
callback_progress = OpenVASProgress(self.update_status)
)
Logger.log_more_verbose("OpenVAS task ID: %s" % m_scan_id)
# Wait for completion.
m_event.wait()
# Get the scan results.
m_openvas_results = m_scanner.get_results(m_scan_id)
# Clear the info
m_scanner.delete_scan(m_scan_id)
m_scanner.delete_target(m_target_id)
except Exception,e:
t = format_exc()
Logger.log_error_verbose(
"Error parsing OpenVAS results: %s" % str(e))
Logger.log_error_more_verbose(t)
return
class ScannerManager:
def __init__(self, host, user, password, port0=9390, timeout0=None):
self.scanner_manager = VulnscanManager(host, user, password, port0,
timeout0)
self.scanner_list = {}
self.user = user
self.password = password
def launch_scan(self, target, **kwargs):
task_id, target_id = self.scanner_manager.launch_scan(target, **kwargs)
name = kwargs.get("name", 'nunamed')
self.scanner_list[task_id] = Scanner(target, target_id, name)
return task_id
def delete_scan(self, task_id):
self.scanner_manager.delete_scan(task_id)
del self.scanner_list[task_id]
def get_results(self, task_id):
if task_id in self.scanner_list:
tmp = commands.getoutput("omp -u " + self.user + " -w " +
self.password +
" -iX '<get_results task_id=\"" +
task_id + "\"/>'")
results = re.findall("(<result.*?</result>)", tmp, re.S)
for i in results:
tmp = Result(i)
if tmp.name == '':
continue
else:
flag = True
for j in self.scanner_list[task_id].result:
if j.id == tmp.id:
flag = False
if flag:
self.scanner_list[task_id].result.append(tmp)
else:
return "Error: my_scanner doesn't exist."
def display_result(self, task_id):
results = self.scanner_list[task_id].result
for i in results:
print "id:%s" % i.id
print "ownername:%s" % i.ownername
print "comment:%s" % i.comment
print "creation_time:%s" % i.creation_time
print "modification_time:%s" % i.modification_time
print "host:%s" % i.host
print "port:%s" % i.port
print "nvt_oid:%s" % i.nvt_oid
print "name:%s" % i.name
print "family:%s" % i.family
print "summary:%s" % i.summary
print "solution:%s" % i.solution
print "scan_nvt_version:%s" % i.scan_nvt_version
print "threat:%s" % i.threat
print "severity:%s" % i.severity
print "type:%s" % i.type
print "qod:%s" % i.qod
print "description:%s" % i.description
print ''
