search

infobyte / faraday

Open Source Vulnerability Management Platform
https://www.faradaysec.com
GNU General Public License v3.0
4.89k stars 897 forks source link

Openvas XML Import #75

Closed 8aplus closed 8 years ago

8aplus commented 8 years ago

Hi,

I want to import an OpenVAS Report but when I put the XML File into the report/workspace Folder Faraday shows a tornado.access Warning and no Hosts are listed. Any Idea?

2016-03-31 10:03:23,947 - faraday - INFO - Report file is /root/.faraday/report/untitled/report-2f2daec3-e2a2-4c1b-991b-2121f373925f.xml 2016-03-31 10:03:23,948 - faraday - INFO - The file is /root/.faraday/report/untitled/report-2f2daec3-e2a2-4c1b-991b-2121f373925f.xml, 2016-03-31 10:03:23,948 - faraday - INFO - Executing ./ /root/.faraday/report/untitled/report-2f2daec3-e2a2-4c1b-991b-2121f373925f.xml 2016-03-31 10:03:23,964 - tornado.access - WARNING - 400 POST /cmd/output (::1) 6.13ms

PS: Setup Kali Rolling 2016.1 Faraday already installed...

rgerman commented 8 years ago

Hi @8bplus,

What version of OpenVAS are you using? It seems like Faraday is not recognizing the report. Is it possible for you to send us the fist couple of lines of it, so we can see what is the tag?

Thanks!

8aplus commented 8 years ago

Sure.

Versions: openvas-check-setup 2.3.3 OpenVAS-8 installation is OK OpenVAS Scanner is present in version 5.0.4 OpenVAS Manager is present in version 6.0.5

XML Output:

<report id="2f2daec3-e23a2-4c1b-991b-2121f356925f" format_id="a994b458-1f62-11e1-96ac-406186ea4fc5" extension="xml" type="scan" content_type="text/xml"><owner><name/></owner><name>2016-03-31T09:01:50+02:00</name><comment/><creation_time>2016-03-31T09:01:50+02:00</creation_time><modification_time>2016-03-31T09:31:32+02:00</modification_time><writable>0</writable><in_use>0</in_use><task id="ecf5313b-862f-44da-a23d4-8e8817c9291e"><name>Immediate scan of IP 192.168.0.0/24</name></task><report_format id="a994b2378-1f62-11e1-96ac-406186ea4fc5"><name>XML</name></report_format><report id="2f2daec3-e2232-4c1b-991b-2121f373925f"><omp><version>6.0</version></omp><report_format/><sort><field>severity<order>descending</order></field></sort><filters id="0">hmlg<term>sort-reverse=severity result_hosts_only=1 min_cvss_base= min_qod= levels=hmlg autofp=0 notes=1 overrides=1 first=1 rows=96 delta_states=gn</term><phrase/><autofp>0</autofp><notes>1</notes><overrides>1</overrides><apply_overrides>1</apply_overrides><result_hosts_only>1</result_hosts_only><min_cvss_base/><min_qod/><timezone/><filter>High</filter><filter>Medium</filter><filter>Low</filter><filter>Log</filter></filters><severity_class id="d4c24cda-89e1-11e3-9c29-402386ea4fc5"><name>nist</name><full_name>NVD Vulnerability Severity Ratings</full_name><severity_range><name>None</name><min>0.0</min><max>0.0</max></severity_range><severity_range><name>Low</name><min>0.1</min><max>3.9</max></severity_range><severity_range><name>Medium</name><min>4.0</min><max>6.9</max></severity_range><severity_range><name>High</name><min>7.0</min><max>10.0</max></severity_range></severity_class><user_tags><count>0</count></user_tags><scan_run_status>Done</scan_run_status><hosts><count>254</count></hosts><closed_cves><count>0</count></closed_cves><vulns><count>47</count></vulns><os><count>3</count></os><apps><count>3</count></apps><ssl_certs><count>1</count></ssl_certs><task id="ecf5313b-862f-44da-a3d4-8e8817c2391e"><name>Immediate scan of IP 192.168.0.0/24</name><comment/><target id="038e219a-6233-4347-97b5-20b82efa3a39"><trash>0</trash></target><progress>-1</progress></task><scan><task><slave id=""><name/><host/><port>0</port></slave><preferences><preference><name>Network Source Interface</name><scanner_name>source_iface</scanner_name><value/></preference></preferences></task></scan><timestamp>2016-03-31T09:01:48+02:00</timestamp><scan_start>2016-03-31T09:01:50+02:00</scan_start><timezone>Europe/Berlin</timezone><timezone_abbrev>CEST</timezone_abbrev><ports max="96" start="1"><count>12</count><port>

Thx

rgerman commented 8 years ago

Great! We're working on it. It looks like they changed the report tag (they used to have an "OpenVAS" tag in there), so we need to review our report detection.

I'll let you know when we have a patch for you.

Cheers!

rgerman commented 8 years ago

Can you try this patch? It was generated for the "master" branch, so not sure if it will work with the Kali version.

You should move to the faraday root, save the diff in a file like "openvas.patch" and then run: patch -p1 < openvas.patch

diff --git a/managers/reports_managers.py b/managers/reports_managers.py
index 6b460ae..868e4ff 100755
--- a/managers/reports_managers.py
+++ b/managers/reports_managers.py
@@ -194,7 +194,7 @@ class ReportParser(object):
         if report_type == "zip":
             result = "maltego"

-        elif report_type == "xml":
+        else:

             try:
                 for event, elem in ET.iterparse(f, ('start', )):
@@ -226,7 +226,7 @@ class ReportParser(object):
         elif "report" == tag:
             if re.search("https://raw.githubusercontent.com/Arachni/arachni/", output) != None:
                 return "arachni_faraday"
-            elif re.search("OpenVAS", output) != None:
+            elif re.search("OpenVAS", output) != None or re.search('<omp><version>', output) != None:
                 return "openvas"
             else:
                 return "zap"

Let me know if it works!

8aplus commented 8 years ago

Wow that was fast. It works fine with Kali too! Thx for your support Germán.

rgerman commented 8 years ago

No problem, man! Thanks to you for reporting the issue!

Cheers!