golismero / openvas_lib

OpenVAS connector for versions 6, 7, 8 and 9
BSD 3-Clause "New" or "Revised" License
80 stars 97 forks source link

XML support broken? #10

Open kapoios opened 8 years ago

kapoios commented 8 years ago

I use this code to export a XML, it's straight from the examples. I believe some Openvas update changed the XML layout and broke the XML parser.

#!/usr/bin/env python

from __future__ import print_function

from openvas_lib import VulnscanManager, VulnscanException
from threading import Semaphore
from functools import partial
from xml.etree import ElementTree
import base64
import datetime
import os
import sys, re
import subprocess
import time
import random

def my_print_status(i):
    print(str(i)),
    sys.stdout.flush()

def write_report(manager, report_id, ip):
    result_dir = os.path.dirname(os.path.abspath(__file__)) + "/results"
    try:
        report = manager.get_report_xml(report_id)
    except Exception as e:
        print(e)
        return
    else:
        fout = open(result_dir + "/xml/" + ip + ".xml", "wb")
        fout.write(ElementTree.tostring(report, encoding='utf-8', method='xml'))
        fout.close()

def run(manager, ip):
    Sem = Semaphore(0)
    scan_id, target_id = manager.launch_scan(
        target=ip,
        profile="Full and fast",
        callback_end=partial(lambda x: x.release(), Sem),
        callback_progress=my_print_status
    )
    Sem.acquire()
    report_id = manager.get_report_id(scan_id)
    write_report(manager, report_id, ip)
    manager.delete_scan(scan_id)
    manager.delete_target(target_id)

if __name__ == '__main__':
    try:
        openvas_ip = sys.argv[1]
        admin_name = sys.argv[2]
        admin_password = sys.argv[3]
        ip = sys.argv[4]
        manager = VulnscanManager(openvas_ip, admin_name, admin_password)
        run(manager, ip)
    except Exception as e:
        print(e)

I tried to read the newly created XML and the task XML downloaded from Openvas with:

#!/usr/bin/python
from openvas_lib import report_parser
import os

results = report_parser(os.path.dirname(os.path.abspath(__file__)) + "/results/xml/"+"192.168.1.223.xml")
print(results)

The result:

Traceback (most recent call last):
  File "./test3.py", line 6, in <module>
    results = report_parser(os.path.dirname(os.path.abspath(__file__)) + "/results/xml/"+"192.168.1.223.xml")
  File "/home/user/.local/lib/python2.7/site-packages/openvas_lib/__init__.py", line 139, in report_parser
    raise ValueError("XML format is not valid, doesn't contains id attribute.")
ValueError: XML format is not valid, doesn't contains id attribute.

That was the result in both cases I tried this on a Kali (installed from repo) and a Debian(compiled from source) VM.

EDIT: After checking the generated XML seems wrong, it starts like this:

<get_reports_response status="200" status_text="OK"><report content_type="text/xml" extension="xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5" id="04198b90-7815-49da-b593-6452a3405b03" type="scan"><owner><name/></owner><name>2016-07-28T00:30:43Z</name><comment/><creation_time>2016-07-28T00:30:43Z</creation_time><modification_time>2016-07-28T00:33:15Z</modification_time><writable>0</writable>

So the XML output is maybe not working as well.

amngibson commented 8 years ago

I was getting same error. It appears openvas added a new root element to the reports. I added some code to account for it, however I am not a skilled programmer and they might not like my fix. We shall see.

Here is the info:

report_xml = manager.get_report_xml(report_id) report_xml.keys() ['status', 'status_text'] report_xml[0].keys() ['format_id', 'content_type', 'type', 'id', 'extension'] xml = report_xml[0] xml.keys() ['format_id', 'content_type', 'type', 'id', 'extension']

mohsen-abbaspour commented 8 years ago

hi dear
when use this code:

########

!/usr/bin/python

from openvas_lib import report_parser import os

results = report_parser(os.path.dirname(os.path.abspath(file)) + "/results/xml/"+"192.168.1.223.xml") print(results) ############### i get this result :

WARNING:root:name tag unrecognised WARNING:root:owner tag unrecognised WARNING:root:comment tag unrecognised WARNING:root:creation_time tag unrecognised WARNING:root:modification_time tag unrecognised WARNING:root:user_tags tag unrecognised WARNING:root:scan_nvt_version tag unrecognised WARNING:root:severity tag unrecognised WARNING:root:qod tag unrecognised WARNING:root:name tag unrecognised WARNING:root:owner tag unrecognised WARNING:root:comment tag unrecognised WARNING:root:creation_time tag unrecognised WARNING:root:modification_time tag unrecognised WARNING:root:user_tags tag unrecognised WARNING:root:scan_nvt_version tag unrecognised WARNING:root:severity tag unrecognised WARNING:root:qod tag unrecognised [<openvas_lib.data.OpenVASResult object at 0x7fba11a51150>, <openvas_lib.data.OpenVASResult object at 0x7fba13da7950>]

what should i do ??!!

amngibson commented 8 years ago

Those are tags not accounted for in the code in this library. You can write the code to catch and display them if hey are useful to you, or you can just modify the code to ignore them. (see my "unknown tags" section below)

Get CVSS

                            cvss_candidate = l_val.find("tags")
                            if cvss_candidate is not None and getattr(cvss_candidate, "text", None):
                                    # Extract data
                                    cvss_tmp = cvss_regex.search(cvss_candidate.text)
                                    if cvss_tmp:
                                            l_nvt_object.cvss_base_vector = cvss_tmp.group(2) if len(cvss_tmp.groups()) >= 2 else ""
                            # Add to the NVT Object
                            try:
                                    l_partial_result.nvt = l_nvt_object
                            except (TypeError, ValueError) as e:
                                    logging.warning(
                                            "NVT oid %s is not a valid NVT value for %s vulnerability. skipping vulnerability..."
                                            % (l_nvt_object.oid,
                                               l_vid))
                                    logging.debug(e)
                                    continue

                    # --------------------------------------------------------------------------
                    # Unknown tags
                    # --------------------------------------------------------------------------
                    else:
                            # Unrecognised tag
                            logging.info("%s tag unrecognised" % l_tag)
mohsen-abbaspour commented 8 years ago

@amngibson
so tnx my friend i change it and when run this code : results = report_parser(os.path.dirname(os.path.abspath(file)) + "/results/xml/"+"192.168.1.223.xml") print(results)

i get ths result :: [<openvas_lib.data.OpenVASResult object at (for exampleHEXNUMBER) ]

so how can I view report ?? where is the out put of parser module ?? so tnx for help