golismero / openvas_lib Goto Github PK
View Code? Open in Web Editor NEWOpenVAS connector for versions 6, 7, 8 and 9
License: BSD 3-Clause "New" or "Revised" License
OpenVAS connector for versions 6, 7, 8 and 9
License: BSD 3-Clause "New" or "Revised" License
HI Dear:
how to get the target id ?
Hello people. I don't know if this library is still maintaining but I hope somebody can help me. I can start a scan without any problem with launch_scan
function. I observed via openvas web panel that scan is finished. But when I try to get scan results with get_results
function, I get Expected string, got <type 'NoneType'> instead
error. Does anyone have any idea?
e53f81b#diff-6fe303a22197e4810951633f15c7bfc9
get_results expects self.__task_report_id to be set, but that doesnt happen unless you launch a scan (launch_scan)
When I try and run the example code I get this error:
Traceback (most recent call last):
File "test.py", line 36, in <module>
my_launch_scanner()
File "test.py", line 26, in my_launch_scanner
callback_progress=my_print_status)
File "/usr/local/lib/python3.4/dist-packages/openvas_lib/__init__.py", line 613, in launch_scan
"Unknown error while try to start the task '%s'. Error: %s" % (m_task_id, e.message))
openvas_lib.VulnscanScanError: Unknown error while try to start the task '13662e1a-ae21-409b-854a-361f571ddf8e'. Error: Can't receive info from the server: The read operation timed out
Im using python3 and
Package: openvas
Status: install ok installed
Priority: optional
Section: metapackages
Installed-Size: 26
Maintainer: Mohammad Razavi <[email protected]>
Architecture: amd64
Source: openvas-manager
Version: 6.0.9-1
Here is my code:
# -*- coding: utf-8 -*-
from __future__ import print_function
from functools import partial
from threading import Semaphore
from openvas_lib import VulnscanManager, VulnscanException
def my_print_status(i):
print(str(i))
def my_launch_scanner():
sem = Semaphore(0)
# Configure
manager = VulnscanManager("localhost", "admin", "admin")
# Launch
manager.launch_scan("10.132.0.4",
profile="empty",
callback_end=partial(lambda x: x.release(), sem),
callback_progress=my_print_status)
# Wait
sem.acquire()
# Finished scan
print("finished")
if __name__ == '__main__':
my_launch_scanner()
Any assistance will be appreciated.
openvas_results = scanner.get_report_id(scan_id)
print openvas_results
Returns
TypeError: Expected str or file, got '<type 'Element'>' instead
Why??????
while trying to run example code got exception
from openvas_lib import VulnscanManager, VulnscanException
try:
scanner = VulnscanManager(HOST, USER, PASSWORD, PORT, TIMEOUT)
except VulnscanException as e:
print("Error:")
print(e)
Traceback (most recent call last):
File "vas_poc.py", line 35, in
my_launch_scanner()
File "vas_poc.py", line 19, in my_launch_scanner
manager = VulnscanManager("localhost", "admin", "admin",4433)
File "/usr/lib/python2.7/site-packages/openvas_lib/init.py", line 497, in init
self.__manager = get_connector(host, user, password, port, m_time_out, ssl_verify)
File "/usr/lib/python2.7/site-packages/openvas_lib/common.py", line 73, in get_connector
manager = ConnectionManager(host, username, password, port, timeout, ssl_verify)
File "/usr/lib/python2.7/site-packages/openvas_lib/common.py", line 149, in init
self._connect()
File "/usr/lib/python2.7/site-packages/openvas_lib/common.py", line 200, in _connect
self._authenticate(self.__username, self.__password)
File "/usr/lib/python2.7/site-packages/openvas_lib/common.py", line 228, in _authenticate
self.make_xml_request(m_request)
File "/usr/lib/python2.7/site-packages/openvas_lib/common.py", line 378, in make_xml_request
raise ValueError('Missing status property in response')
ValueError: Missing status property in response
Using this link, I installed openvas9 in Ubuntu 16.04. To load up the web interface and start testing in web-client, I used following URL with port number 4000 https://localhost:4000. And right now I am trying to use openvas_lib API to do an independent scan.
ISSUE: But this library, by default, is using Port number 9390, I am not able to connect to the server. Even i tried by changing port number in init.py and common.py
CODE:
from openvas_lib import VulnscanManager, VulnscanException
try:
scanner = VulnscanManager("localhost", "admin", "admin")
except VulnscanException as e:
print("Error:")
print(e)
ERROR:
Error while connecting to the server: [Errno 111] Connection refused
i use openvas 9, python2.7, docker: image: mikesplain/openvas:9 ports: 9390/tcp, 0.0.0.0:4443->443/tcp
openvas_lib
my code:
manager = VulnscanManager("172.30.207.96", "admin", "admin")
File "build\bdist.wn32\egg\openvas_lib_init_.py",line 543, in init
openvas_lib.VulnscanServerError:Error while connecting to the server:[Errno 10061]
Well, sir , sorry to bother you again, but maybe I got a bug here.
When I use the demo file:
https://github.com/golismero/openvas_lib/blob/master/example_check_connection.py
I can't get my scan report at last, in fact I had seen scan result on the web, actually the target had been listed some vulnerabilities by openvas(web).
Then it gave me this error infomation:
must be string or buffer, not None
I checked it, and I found something at function write_report:
report = manager.get_report_html(report_id)
The value report here is not str type , instead it's an element type, so when the script went to:
report.find("report").text
Now it gets error , I think 'element' type may not have "find" attribute?
As a result , I can't solve this issue.
I had changed some targets , unfortunately I got the same error.
Dear sir, could you give a solution for it, looking forward to your kind reply!
Thank you!!!
You use ssl.PROTOCOL_TLSv1 when opening the socket. That's not a good idea, especially when connecting to a server that's only supporting TLS v1.1 and 1.2 (as the current Greenbone Appliance does)
https://github.com/golismero/openvas_lib/search?utf8=%E2%9C%93&q=ssl.PROTOCOL_TLSv1&type=Code
You should use ssl.PROTOCOL_SSLv23
Selects the highest protocol version that both the client and server support. Despite the name, this option can select “TLS” protocols as well as “SSL”.
https://docs.python.org/2/library/ssl.html
Hi,
I'm trying to launch a scan and getting below error.
>>> from openvas_lib import VulnscanManager, VulnscanException
>>> scanner = VulnscanManager("192.168.0.14", "admin", "admin")
>>> scan_id, target_id = scanner.launch_scan(target='192.168.0.14', profile='Full and fast')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "openvas_lib/__init__.py", line 657, in launch_scan
comment=comment)
File "openvas_lib/ompv7.py", line 715, in create_task
return self._manager.make_xml_request(request, xml_result=True).get("id")
File "openvas_lib/common.py", line 389, in make_xml_request
response.get('status_text')))
openvas_lib.common.ClientError: [400] create_task_response: Bogus element: preference
Thanks.
Hello
I installed Openvas9 and use Python2.7. This is my code:
from openvas_lib import VulnscanManager, VulnscanException
try:
scanner = VulnscanManager("127.0.0.1", "admin", "admin")
except VulnscanException as e:
print(e)
When I run my code, I get this Error:
Error while connecting to the server: [Errno 111] Connection refused
What is the problem?
I run a scan on Openvas and it shows 38 results. But when I trying to get results via openvas_lib, it shows me empty list.
This is the codes:
>>> from openvas_lib import VulnscanManager
>>> scanner = VulnscanManager("back_openvas", "admin", "admin")
>>> scanner.get_results("e442ce2a-6bc5-4a13-b82c-d631694bdab6")
[]
>>> scanner.get_scan_status("e442ce2a-6bc5-4a13-b82c-d631694bdab6")
'Done'
I use this code to export a XML, it's straight from the examples.
I believe some Openvas update changed the XML layout and broke the XML parser.
#!/usr/bin/env python
from __future__ import print_function
from openvas_lib import VulnscanManager, VulnscanException
from threading import Semaphore
from functools import partial
from xml.etree import ElementTree
import base64
import datetime
import os
import sys, re
import subprocess
import time
import random
def my_print_status(i):
print(str(i)),
sys.stdout.flush()
def write_report(manager, report_id, ip):
result_dir = os.path.dirname(os.path.abspath(__file__)) + "/results"
try:
report = manager.get_report_xml(report_id)
except Exception as e:
print(e)
return
else:
fout = open(result_dir + "/xml/" + ip + ".xml", "wb")
fout.write(ElementTree.tostring(report, encoding='utf-8', method='xml'))
fout.close()
def run(manager, ip):
Sem = Semaphore(0)
scan_id, target_id = manager.launch_scan(
target=ip,
profile="Full and fast",
callback_end=partial(lambda x: x.release(), Sem),
callback_progress=my_print_status
)
Sem.acquire()
report_id = manager.get_report_id(scan_id)
write_report(manager, report_id, ip)
manager.delete_scan(scan_id)
manager.delete_target(target_id)
if __name__ == '__main__':
try:
openvas_ip = sys.argv[1]
admin_name = sys.argv[2]
admin_password = sys.argv[3]
ip = sys.argv[4]
manager = VulnscanManager(openvas_ip, admin_name, admin_password)
run(manager, ip)
except Exception as e:
print(e)
I tried to read the newly created XML and the task XML downloaded from Openvas with:
#!/usr/bin/python
from openvas_lib import report_parser
import os
results = report_parser(os.path.dirname(os.path.abspath(__file__)) + "/results/xml/"+"192.168.1.223.xml")
print(results)
The result:
Traceback (most recent call last):
File "./test3.py", line 6, in <module>
results = report_parser(os.path.dirname(os.path.abspath(__file__)) + "/results/xml/"+"192.168.1.223.xml")
File "/home/user/.local/lib/python2.7/site-packages/openvas_lib/__init__.py", line 139, in report_parser
raise ValueError("XML format is not valid, doesn't contains id attribute.")
ValueError: XML format is not valid, doesn't contains id attribute.
That was the result in both cases
I tried this on a Kali (installed from repo) and a Debian(compiled from source) VM.
EDIT: After checking the generated XML seems wrong, it starts like this:
<get_reports_response status="200" status_text="OK"><report content_type="text/xml" extension="xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5" id="04198b90-7815-49da-b593-6452a3405b03" type="scan"><owner><name/></owner><name>2016-07-28T00:30:43Z</name><comment/><creation_time>2016-07-28T00:30:43Z</creation_time><modification_time>2016-07-28T00:33:15Z</modification_time><writable>0</writable>
So the XML output is maybe not working as well.
Python 3.7.2 (default, Jan 10 2019, 23:51:51)
[GCC 8.2.1 20181127] on linux
Type "help", "copyright", "credits" or "license" for more information.
from openvas_lib import VulnscanManager
Traceback (most recent call last):
File "", line 1, in
File "/home/oguzbey/Desktop/virtualEnviroments/openvasEnv/lib/python3.7/site-packages/openvas_lib/init.py", line 373
elif l_tag == "severity":
^
TabError: inconsistent use of tabs and spaces in indentation
Well, at first, I installed this project, but I get an error .
This is because I set tab as four space, and I got an error at :
**File "/usr/local/lib/python2.7/dist-packages/openvas_lib/ompv4.py", line 154
request = """<create_target>**
Then I used, here is four space :
**sed 's/\t/ /g' openvas_lib/ompv4.py >/usr/local/lib/python2.7/dist-packages/openvas_lib/ompv4.py**
class OMPv4(OMP): NameError: name 'OMP' is not defined
So I was very confused about it.
Here is my code:
**try:
scanner = VulnscanManager('192.168.1.1', 'admin', '123')
scan_id, target_id = scanner.launch_scan(target = myurl, profile = "Full and fast")
openvas_results = scanner.get_results(scan_id)
scanner.delete_scan(scan_id)
scanner.delete_target(target_id)
print openvas_results
except VulnscanException as e:
print "[x]Openvas Error:"+str(e)
pass**
Maybe no error at here, right?
It is not possible to launch a scan using a existing target list.
Hello golismero team,
I'm creating a network security tool by using your lib, but when i'm connect to the server i got the error :
"Invalid OpenVAS version in remote server".
I'm installed OpenVAS 7, in ubuntu 14.04
Thanks you so much :D
I want to run openvas code,but prompt this error:
status = response.get('status', None) AttributeError: 'ElementTree' object has no attribute 'get'
This is my code:
manager = VulnscanManager("127.0.0.1", "admin", "admin", port=4000) print(manager)
Does anyone know this problem? Please tell me,Thanks!
Hello,
I have noticed an issue when creating a task with a schedule ID, when no schedule is passed in the XML.
I run:
scanner._VulnscanManager__manager.create_task(name="scheduled_task",
target="48535fab-92f1-4778-bf2d-ac04a43e698b",
config="daba56c8-73ec-11df-a475-002264764cea",
schedule="2d012ecf-913d-4436-b37c-00470c56a121",
max_hosts=5,
max_checks=4,
comment="a very detailed comment")
I checked the .get_tasks_detail response and I saw that response ID is always "" no matter what i put in "schedule=", config, target id and the rest parameters are passed normally.
Thanks.
pip install openvas-lib getting below error
Collecting openvas-lib
Using cached openvas_lib-1.1.8.tar.gz (30 kB)
ERROR: Requested openvas-lib from https://files.pythonhosted.org/packages/9a/f1/b169dfb62493b8dd2055858a300dcdf2564fd41901ffa02236b7a323114b/openvas_lib-1.1.8.tar.gz#sha256=8b2d4c3151b7b358535a0bdd5548eca8b73661178c136f61334da36171e30fd7 has different version in metadata: '1.1.4'
Environment:
pip 20.3 from /app/envs/lib/python3.6/site-packages/pip (python 3.6)
While getting result using get_results below error encounter.
Traceback (most recent call last):
File "openvas.py", line 11, in
openvas_results = scanner.get_results(SCAN_ID)
File "C:\Python27\lib\site-packages\openvas_lib_init_.py", line 728, in get_results
m_response = self.__manager.get_report_xml(self.__task_report_id)
File "C:\Python27\lib\site-packages\openvas_lib\ompv4.py", line 589, in get_report_xml
raise TypeError("Expected string, got %r instead" % type(report_id))
TypeError: Expected string, got <type 'NoneType'> instead
The following list shows which properties are emtpy (!) and which are not (+).
I looked at the codes and see that the properties are never assigned.
Will be there any update for that soon ?
! impact
! summary
! vulnerability_insight
! affected_software
! solution
+ id
+ host
+ port
+ proto
+ number
+ port_name
+ subnet
+ nvt
+ oid
+ name
+ cvss_base_vector
+ cvss_base
+ risk_factor
! summary
! description
+ family
+ category
+ cve
+ bid
+ bugtraq
+ xrefs
! fingerprints
+ tags >> DATA BURDA
+ risk_levels
+ threat
+ raw_description
+ notes
+ severity
+ overrides
+ risk_levels
Hi,
My name is Arjun. I used openvas-lib in my python application to perform authenticated scan using LSC. I was not able to find any document or any link refers explaining me that this can be achievable. Request to help me with some examples of the same.
Please help asap. Thanks in Advance.
Arjun
Hi,
My name is Prashant. I used openvas-lib in my python application to perform authenticated scan using python 3.7 although the library is not ported to 3.x. Is there any other way to perform scaning in python 3.x. Request to help me with some examples of the same.
Please help asap. Thanks in Advance.
Prashant
Hi,
Why did get_report_pdf() dissappeared from ompv4.py to ompv7.py ?
Can't be done anymore?
How could I download the pdf now?
Thanks in advance,
Hi,
I used this library in my code for scan targets. Does it have any functions to stop a scan with target id?
If not, How can I do it? What's your suggestion for stop a scan?
thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.