/openvas_lib

OpenVAS connector for OMPv4.

Primary LanguagePython

What's this lib?

This project is a Python library to connect and manage the OpenVAS servers using the OMPv4/v5 protocol.

Also, you can parse and interpret OpenVas XML reports.

Why this lib?

There is an [official python library](https://pypi.python.org/pypi/openvas.omplib) for OpenVAS, but it doesn't work with OMPv4 based versions (OpenVAS 6).

Also, the official library has many unfixed bugs, and it's not capable to read and interpret the XML reports.

License

This library is released under standard GPL 2 license.

Python versions

Currently, this library only runs under Python 2.7 and above. Port to Python 3.x is not scheduled.

Bug, ports and new features

Feel free to port, patch or add any new feature to this library, and send us the pull request. We thank you in advance :)

Quick start

Installing

Downloading from code

To download the latest source code enter the following command:

git clone https://github.com/golismero/openvas_lib.git

Then, install the library in your default Python installation run the following command:

python setup.py install

Install using pip

pip install openvas_lib

Manage OpenVas server

Connect to the server

from openvas_lib import VulnscanManager, VulnscanException

try:
    scanner = VulnscanManager(HOST, USER, PASSWORD, PORT, TIMEOUT)
except VulnscanException, e:
    print "Error:"
    print e

Launch a simple scan

from openvas_lib import VulnscanManager, VulnscanException

scanner = VulnscanManager(HOST, USER, PASSWORD, PORT, TIMEOUT)
scan_id, target_id = scanner.launch_scan(target = "127.0.0.1", # Target to scan
                                         profile = "Full and fast")

Launch advanced scan

The library supports callbacks. They will be run every 10 seconds and report the status of the scan ("callback_progress") or the end of the scan ("callback_end").

from threading import Semaphore
from functools import partial

from openvas_lib import VulnscanManager, VulnscanException

def my_print_status(i):
    print str(i)

def my_launch_scanner():

    Sem = Semaphore(0)

    # Configure
    manager = VulnscanManager("localhost", "admin", "admin)

    # Launch
    manager.launch_scan(target,
                        profile = "empty",
                        callback_end = partial(lambda x: x.release(), sem),
                        callback_progress = my_print_status)

    # Wait
    Sem.acquire()

    # Finished scan
    print "finished"

Running it:

>>> my_launch_scanner() # It can take some time
0
10
39
60
90
finished

Get results of scan

from openvas_lib import VulnscanManager, VulnscanException

scanner = VulnscanManager(HOST, USER, PASSWORD, PORT, TIMEOUT)
openvas_results = scanner.get_results(SCAN_ID)

Delete scan

from openvas_lib import VulnscanManager, VulnscanException

scanner = VulnscanManager(HOST, USER, PASSWORD, PORT, TIMEOUT)
scanner.delete_scan(SCAN_ID)

Delete target

from openvas_lib import VulnscanManager, VulnscanException

scanner = VulnscanManager(HOST, USER, PASSWORD, PORT, TIMEOUT)
scanner.delete_target(TARGET_ID)

Parse OpenVas XML report

You can use examples reports, available in test/ folder, as "xml" extension. This reports was made using Metasploitable Linux distribution.

>>> from openvas_lib import report_parser
>>> results = report_parser("tests/metasploitable_all.xml")
>>> print results
[<openvas_lib.data.OpenVASResult object at 0x108f2d250>, <openvas_lib.data.OpenVASResult object at 0x108f2d290>, <openvas_lib.data.OpenVASResult object at 0x108e7fcd0>, <openvas_lib.data.OpenVASResult object at 0x108e88e90>, <openvas_lib.data.OpenVASResult object at 0x108e88050>, <openvas_lib.data.OpenVASResult object at 0x108e88410>, <openvas_lib.data.OpenVASResult object at 0x108e88550>, <openvas_lib.data.OpenVASResult object at 0x108f2d650>, <openvas_lib.data.OpenVASResult object at 0x108f2d750>, <openvas_lib.data.OpenVASResult object at 0x108f2d850>, <openvas_lib.data.OpenVASResult object at 0x108f2d950>, <openvas_lib.data.OpenVASResult object at 0x108f2da50>, <openvas_lib.data.OpenVASResult object at 0x108f2db50>, <openvas_lib.data.OpenVASResult object at 0x108f2dc50>, <openvas_lib.data.OpenVASResult object at 0x108eb56d0>, <openvas_lib.data.OpenVASResult object at 0x108eb5750>, <openvas_lib.data.OpenVASResult object at 0x108f2ded0>, <openvas_lib.data.OpenVASResult object at 0x108f2dfd0>, <openvas_lib.data.OpenVASResult object at 0x108f35110>, <openvas_lib.data.OpenVASResult object at 0x108eb5950>, <openvas_lib.data.OpenVASResult object at 0x108f35210>, <openvas_lib.data.OpenVASResult object at 0x108eb5a90>, <openvas_lib.data.OpenVASResult object at 0x108eb5ad0>, <openvas_lib.data.OpenVASResult object at 0x108f355d0>, <openvas_lib.data.OpenVASResult object at 0x108f356d0>, <openvas_lib.data.OpenVASResult object at 0x108eb5dd0>, <openvas_lib.data.OpenVASResult object at 0x108f357d0>, <openvas_lib.data.OpenVASResult object at 0x108eb5f90>, <openvas_lib.data.OpenVASResult object at 0x108e101d0>, <openvas_lib.data.OpenVASResult object at 0x108e10390>, <openvas_lib.data.OpenVASResult object at 0x108eb5d90>, <openvas_lib.data.OpenVASResult object at 0x108f35910>, <openvas_lib.data.OpenVASResult object at 0x108f35a10>, <openvas_lib.data.OpenVASResult object at 0x108f35b10>, <openvas_lib.data.OpenVASResult object at 0x108f35c10>, <openvas_lib.data.OpenVASResult object at 0x108f35d10>, <openvas_lib.data.OpenVASResult object at 0x108f35e10>, <openvas_lib.data.OpenVASResult object at 0x108f35f10>, <openvas_lib.data.OpenVASResult object at 0x108f3a050>, <openvas_lib.data.OpenVASResult object at 0x108e102d0>, <openvas_lib.data.OpenVASResult object at 0x108e10910>, <openvas_lib.data.OpenVASResult object at 0x108e10ad0>, <openvas_lib.data.OpenVASResult object at 0x108e10c10>, <openvas_lib.data.OpenVASResult object at 0x108f3a150>, <openvas_lib.data.OpenVASResult object at 0x108f3a250>, <openvas_lib.data.OpenVASResult object at 0x108f3a350>, <openvas_lib.data.OpenVASResult object at 0x108f3a450>, <openvas_lib.data.OpenVASResult object at 0x108f3a550>, <openvas_lib.data.OpenVASResult object at 0x108e10e50>, <openvas_lib.data.OpenVASResult object at 0x108e10e90>, <openvas_lib.data.OpenVASResult object at 0x108e28090>, <openvas_lib.data.OpenVASResult object at 0x108f3a750>, <openvas_lib.data.OpenVASResult object at 0x108f3a910>, <openvas_lib.data.OpenVASResult object at 0x108f3aa10>, <openvas_lib.data.OpenVASResult object at 0x108e28250>, <openvas_lib.data.OpenVASResult object at 0x108e28210>, <openvas_lib.data.OpenVASResult object at 0x108e28350>, <openvas_lib.data.OpenVASResult object at 0x108e28450>, <openvas_lib.data.OpenVASResult object at 0x108f3ad10>, <openvas_lib.data.OpenVASResult object at 0x108f3ae10>, <openvas_lib.data.OpenVASResult object at 0x108f3ac10>, <openvas_lib.data.OpenVASResult object at 0x108e287d0>, <openvas_lib.data.OpenVASResult object at 0x108e28890>, <openvas_lib.data.OpenVASResult object at 0x108e289d0>, <openvas_lib.data.OpenVASResult object at 0x108e28ad0>, <openvas_lib.data.OpenVASResult object at 0x108e28c10>, <openvas_lib.data.OpenVASResult object at 0x108f3e210>, <openvas_lib.data.OpenVASResult object at 0x108e28710>, <openvas_lib.data.OpenVASResult object at 0x108e28d90>, <openvas_lib.data.OpenVASResult object at 0x108e28ed0>, <openvas_lib.data.OpenVASResult object at 0x108e28f10>, <openvas_lib.data.OpenVASResult object at 0x108e28f90>, <openvas_lib.data.OpenVASResult object at 0x108f3e510>, <openvas_lib.data.OpenVASResult object at 0x108f3e610>, <openvas_lib.data.OpenVASResult object at 0x108f3e710>, <openvas_lib.data.OpenVASResult object at 0x108f3e810>, <openvas_lib.data.OpenVASResult object at 0x108f3e910>, <openvas_lib.data.OpenVASResult object at 0x108f3ea10>, <openvas_lib.data.OpenVASResult object at 0x108f3eb10>]
# get properties from a vuln with more info
>>> r = None
>>> for x in results:
  if x.id == "07cdd3dc-9f5b-4a75-a173-f7ca50bfb4f3":
    r = x
>>> r.id
'07cdd3dc-9f5b-4a75-a173-f7ca50bfb4f3'
>>> r.host
'10.211.55.35'
>>> r.raw_description
"\n  Summary:\n  The host is running MySQL and is prone to Denial Of Service\n  vulnerability.\n\n  Vulnerability Insight:\n  The flaw is due to an error when processing the 'ALTER DATABASE' statement and\n  can be exploited to corrupt the MySQL data directory using the '#mysql50#'\n  prefix followed by a '.' or '..'.\n\n  NOTE: Successful exploitation requires 'ALTER' privileges on a database.\n  Impact:\n  Successful exploitation could allow an attacker to cause a Denial of Service.\n  Impact Level: Application\n\n  Affected Software/OS:\n  MySQL version priot to 5.1.48 on all running platform.\n\n  Solution:\n  Upgrade to MySQL version 5.1.48\n  For updates refer to http://dev.mysql.com/downloads\n"
>>> print r.raw_description
  Summary:
  The host is running MySQL and is prone to Denial Of Service
  vulnerability.

  Vulnerability Insight:
  The flaw is due to an error when processing the 'ALTER DATABASE' statement and
  can be exploited to corrupt the MySQL data directory using the '#mysql50#'
  prefix followed by a '.' or '..'.

  NOTE: Successful exploitation requires 'ALTER' privileges on a database.
  Impact:
  Successful exploitation could allow an attacker to cause a Denial of Service.
  Impact Level: Application

  Affected Software/OS:
  MySQL version priot to 5.1.48 on all running platform.

  Solution:
  Upgrade to MySQL version 5.1.48
  For updates refer to http://dev.mysql.com/downloads
>>> r.summary
'The host is running MySQL and is prone to Denial Of Service vulnerability.'
>>> r.vulnerability_insight
"The flaw is due to an error when processing the 'ALTER DATABASE' statement and can be exploited to corrupt the MySQL data directory using the '#mysql50#' prefix followed by a '.' or '..'. NOTE: Successful exploitation requires 'ALTER' privileges on a database."
>>> r.impact
'Successful exploitation could allow an attacker to cause a Denial of Service. Impact Level: Application'
>>> r.affected_software
'MySQL version priot to 5.1.48 on all running platform.'
>>> r.solution
'Upgrade to MySQL version 5.1.48 For updates refer to http://dev.mysql.com/downloads'
>>> r.threat
'Medium'
>>> r.port.number
3306
>>> r.port.proto
'tcp'
>>> r.port.port_name
'mysql'