def main(): try: TARGET_IP = "127.0.0.1" OPENVAS_HOST = "127.0.0.1" USER = "******" PASSWORD = "******" PORT = 9390 TIMEOUT = None #profile = "empty" profile = "Full and fast" manager = VulnscanManager(OPENVAS_HOST, USER, PASSWORD) sem = Semaphore(0) # Launch scan_id, target_id = manager.launch_scan( target=TARGET_IP, profile=profile, callback_end=partial(lambda x: x.release(), sem), callback_progress=my_print_status) print "scan_id=%s , target_id=%s " % (scan_id, target_id) # Wait sem.acquire() # Finished scan print("finished") report_id = manager.get_report_id(scan_id) write_report(manager, report_id, TARGET_IP) manager.delete_scan(scan_id) manager.delete_target(target_id) except VulnscanException, e: print "Error:" print e
def recv_info(self, info): # Checks if connection was not setted as down if not self.state.check("connection_down"): # Synchronization object to wait for completion. m_event = Event() # Get the config. m_user = Config.plugin_args["user"] m_password = Config.plugin_args["password"] m_host = Config.plugin_args["host"] m_port = Config.plugin_args["port"] m_timeout = Config.plugin_args["timeout"] m_profile = Config.plugin_args["profile"] # Sanitize the port and timeout. try: m_port = int(m_port) except Exception: m_port = 9390 if m_timeout.lower().strip() in ("inf", "infinite", "none"): m_timeout = None else: try: m_timeout = int(m_timeout) except Exception: m_timeout = None # Connect to the scanner. try: Logger.log_more_verbose( "Connecting to OpenVAS server at %s:%d" % (m_host, m_port)) m_scanner = VulnscanManager( m_host, m_user, m_password, m_port, m_timeout) except VulnscanException, e: t = format_exc() Logger.log_error("Error connecting to OpenVAS, aborting scan!") #Logger.log_error_verbose(str(e)) Logger.log_error_more_verbose(t) # Set the openvas connection down and remember it. self.state.put("connection_down", True) return try: # Launch the scanner. m_scan_id, m_target_id = m_scanner.launch_scan( target = info.address, profile = m_profile, callback_end = partial(lambda x: x.set(), m_event), callback_progress = OpenVASProgress(self.update_status) ) Logger.log_more_verbose("OpenVAS task ID: %s" % m_scan_id) # Wait for completion. m_event.wait() # Get the scan results. m_openvas_results = m_scanner.get_results(m_scan_id) # Clear the info m_scanner.delete_scan(m_scan_id) m_scanner.delete_target(m_target_id) # Convert the scan results to the GoLismero data model. return self.parse_results(m_openvas_results, info) except Exception,e: t = format_exc() Logger.log_error_verbose( "Error parsing OpenVAS results: %s" % str(e)) Logger.log_error_more_verbose(t)
def recv_info(self, info): # Checks if connection was not set as down if not self.state.check("connection_down"): # Synchronization object to wait for completion. m_event = Event() # Get the config. m_user = Config.plugin_args["user"] m_password = Config.plugin_args["password"] m_host = Config.plugin_args["host"] m_port = Config.plugin_args["port"] m_timeout = Config.plugin_args["timeout"] m_profile = Config.plugin_args["profile"] # Sanitize the port and timeout. try: m_port = int(m_port) except Exception: m_port = 9390 if m_timeout.lower().strip() in ("inf", "infinite", "none"): m_timeout = None else: try: m_timeout = int(m_timeout) except Exception: m_timeout = None # Connect to the scanner. try: Logger.log_more_verbose( "Connecting to OpenVAS server at %s:%d" % (m_host, m_port)) m_scanner = VulnscanManager( m_host, m_user, m_password, m_port, m_timeout) except VulnscanException, e: t = format_exc() Logger.log_error("Error connecting to OpenVAS, aborting scan!") #Logger.log_error_verbose(str(e)) Logger.log_error_more_verbose(t) # Set the openvas connection as down and remember it. self.state.put("connection_down", True) return m_scan_id = None m_target_id = None try: # Launch the scanner. m_scan_id, m_target_id = m_scanner.launch_scan( target = info.address, profile = m_profile, callback_end = partial(lambda x: x.set(), m_event), callback_progress = OpenVASProgress(self.update_status) ) Logger.log_more_verbose("OpenVAS task ID: %s" % m_scan_id) # Wait for completion. m_event.wait() # Get the scan results. m_openvas_results = m_scanner.get_results(m_scan_id) # Clear the info m_scanner.delete_scan(m_scan_id) m_scanner.delete_target(m_target_id) except Exception,e: t = format_exc() Logger.log_error_verbose( "Error parsing OpenVAS results: %s" % str(e)) Logger.log_error_more_verbose(t) return
class ScannerManager: def __init__(self, host, user, password, port0=9390, timeout0=None): self.scanner_manager = VulnscanManager(host, user, password, port0, timeout0) self.scanner_list = {} self.user = user self.password = password def launch_scan(self, target, **kwargs): task_id, target_id = self.scanner_manager.launch_scan(target, **kwargs) name = kwargs.get("name", 'nunamed') self.scanner_list[task_id] = Scanner(target, target_id, name) return task_id def delete_scan(self, task_id): self.scanner_manager.delete_scan(task_id) del self.scanner_list[task_id] def get_results(self, task_id): if task_id in self.scanner_list: tmp = commands.getoutput("omp -u " + self.user + " -w " + self.password + " -iX '<get_results task_id=\"" + task_id + "\"/>'") results = re.findall("(<result.*?</result>)", tmp, re.S) for i in results: tmp = Result(i) if tmp.name == '': continue else: flag = True for j in self.scanner_list[task_id].result: if j.id == tmp.id: flag = False if flag: self.scanner_list[task_id].result.append(tmp) else: return "Error: my_scanner doesn't exist." def display_result(self, task_id): results = self.scanner_list[task_id].result for i in results: print "id:%s" % i.id print "ownername:%s" % i.ownername print "comment:%s" % i.comment print "creation_time:%s" % i.creation_time print "modification_time:%s" % i.modification_time print "host:%s" % i.host print "port:%s" % i.port print "nvt_oid:%s" % i.nvt_oid print "name:%s" % i.name print "family:%s" % i.family print "summary:%s" % i.summary print "solution:%s" % i.solution print "scan_nvt_version:%s" % i.scan_nvt_version print "threat:%s" % i.threat print "severity:%s" % i.severity print "type:%s" % i.type print "qod:%s" % i.qod print "description:%s" % i.description print ''