OpenVAS should be supported in addition to NESSUS

[jhahkala]

For giving the security scanning input, currently it seems that only NESSUS, the pretty expensive commercial software, is supported. There is an open source fork of the older NESSUS version, OpenVAS, and it would be nice and good for adoption and testing to support it. I make a hack of the topology.py that seems to parse it correctly, and can give it if needed. But it is hack of the NESSUS parsing code, and thus would need some rework to allow parsing both formats.

[fxaguessy]

Thank you for the suggestion. Great idea ! Adding easily new format of inputs was the goal of using Python for the inputs generation.

It would be great if you provide a pull request for that.

A way to do it, is to add a parameter to script (cf main.py). For example :

parser.add_argument('--openvas-vulnerability-scan', dest='openvas_vulnerability_scan', required=False, nargs='+',  help='The OpenVAS scanner report file(s).')

and set also the Nessus inputs to "not required". Then you can add the function to the topology.py.

I will be glad to accept this PR.

Thanks

[jhahkala]

Hi,

so the pull request is there. Not very elegant, but does get the information about the hosts, ports, services and vulnerabilities from the report.

Cheers, Joni

[fxaguessy]

Thank you for the pull request ! Indeed the whole script could be improved to be more elegant, but for now it's working which is the principal for such script.

Cheers,

FX