diff --git a/vulnwhisp/frameworks/openvas.py b/vulnwhisp/frameworks/openvas.py index 8ac4780..9545f26 100644 --- a/vulnwhisp/frameworks/openvas.py +++ b/vulnwhisp/frameworks/openvas.py @@ -4,11 +4,12 @@ __author__ = 'Austin Taylor' import datetime as dt import io -import json + import pandas as pd import requests from bs4 import BeautifulSoup from requests.packages.urllib3.exceptions import InsecureRequestWarning +from ..utils.cli import bcolors requests.packages.urllib3.disable_warnings(InsecureRequestWarning) @@ -49,6 +50,7 @@ class OpenVAS_API(object): self.login() self.openvas_reports = self.get_reports() + self.report_formats = self.get_report_formats() def vprint(self, msg): if self.verbose: @@ -112,10 +114,35 @@ class OpenVAS_API(object): ] token = requests.post(self.base + self.OMP, data=data, verify=False) return token + def get_report_formats(self): + params = ( + ('cmd', 'get_report_formats'), + ('token', self.token) + ) + self.vprint('{info} Retrieving available report foramts'.format(info=bcolors.INFO)) + data = self.request(url=self.OMP, method='GET', params=params) + + bs = BeautifulSoup(data.content, "lxml") + table_body = bs.find('tbody') + rows = table_body.find_all('tr') + format_mapping = {} + for row in rows: + cols = row.find_all('td') + for x in cols: + for y in x.find_all('a'): + if y.get_text() != '': + format_mapping[y.get_text()] = \ + [h.split('=')[1] for h in y['href'].split('&') if 'report_format_id' in h][0] + return format_mapping def get_reports(self, complete=True): - print('[INFO] Retreiving OpenVAS report data...') - params = (('cmd', 'get_reports'), ('token', self.token)) + print('{info} Retreiving OpenVAS report data...'.format(info=bcolors.INFO)) + params = (('cmd', 'get_reports'), + ('token', self.token), + ('max_results', 1), + ('ignore_pagination', 1), + ('filter', 'apply_overrides=1 min_qod=70 autofp=0 first=1 rows=0 levels=hml sort-reverse=severity'), + ) reports = self.request(self.OMP, params=params, method='GET') soup = BeautifulSoup(reports.text, 'lxml') data = [] @@ -155,9 +182,9 @@ class OpenVAS_API(object): ('token', self.token), ('cmd', 'get_report'), ('report_id', report_id), - ('filter', 'apply_overrides=0 min_qod=70 autofp=0 levels=hml first=1 rows=50 sort-reverse=severity'), + ('filter', 'apply_overrides=0 min_qod=70 autofp=0 levels=hml first=1 rows=0 sort-reverse=severity'), ('ignore_pagination', '1'), - ('report_format_id', '{report_format_id}'.format(report_format_id=self.report_format_id)), + ('report_format_id', '{report_format_id}'.format(report_format_id=self.report_formats['CSV Results'])), ('submit', 'Download'), ) print('Retrieving %s' % report_id) diff --git a/vulnwhisp/frameworks/qualys.py b/vulnwhisp/frameworks/qualys.py index d818d71..962b31a 100644 --- a/vulnwhisp/frameworks/qualys.py +++ b/vulnwhisp/frameworks/qualys.py @@ -824,13 +824,19 @@ class qualysScanReport: return vuln_ready -maxInt = sys.maxsize +maxInt = int(4000000) +maxSize = sys.maxsize + +if maxSize > maxInt and type(maxSize) == int: + maxInt = maxSize + decrement = True while decrement: decrement = False try: + print type(maxInt), maxInt csv.field_size_limit(maxInt) except OverflowError: maxInt = int(maxInt/10) - decrement = True \ No newline at end of file + decrement = True diff --git a/vulnwhisp/vulnwhisp.py b/vulnwhisp/vulnwhisp.py index f01dbd9..9c32a41 100755 --- a/vulnwhisp/vulnwhisp.py +++ b/vulnwhisp/vulnwhisp.py @@ -653,13 +653,11 @@ class vulnWhispererOpenVAS(vulnWhispererBase): super(vulnWhispererOpenVAS, self).__init__(config=config) self.port = int(self.config.get(self.CONFIG_SECTION, 'port')) - self.report_format_id = self.config.get(self.CONFIG_SECTION, 'report_format_id') self.develop = True self.purge = purge self.scans_to_process = None self.openvas_api = OpenVAS_API(hostname=self.hostname, port=self.port, - report_format_id=self.report_format_id, username=self.username, password=self.password) @@ -668,11 +666,8 @@ class vulnWhispererOpenVAS(vulnWhispererBase): if report_id: print('Processing report ID: %s' % report_id) - vuln_ready = self.openvas_api.process_report(report_id=report_id) + scan_name = report_id.replace('-', '') - vuln_ready['scan_name'] = scan_name - vuln_ready['scan_reference'] = report_id - vuln_ready.rename(columns=self.COLUMN_MAPPING, inplace=True) report_name = 'openvas_scan_{scan_name}_{last_updated}.{extension}'.format(scan_name=scan_name, last_updated=launched_date, extension=output_format) @@ -704,18 +699,23 @@ class vulnWhispererOpenVAS(vulnWhispererBase): launched_date, report_name, time.time(), - vuln_ready.shape[0], + file_length, self.CONFIG_SECTION, report_id, 1, ) - vuln_ready.port = vuln_ready.port.fillna(0).astype(int) - if output_format == 'json': - with open(relative_path_name, 'w') as f: - f.write(vuln_ready.to_json(orient='records', lines=True)) - print('{success} - Report written to %s'.format(success=bcolors.SUCCESS) \ - % report_name) + else: + vuln_ready = self.openvas_api.process_report(report_id=report_id) + vuln_ready['scan_name'] = scan_name + vuln_ready['scan_reference'] = report_id + vuln_ready.rename(columns=self.COLUMN_MAPPING, inplace=True) + vuln_ready.port = vuln_ready.port.fillna(0).astype(int) + if output_format == 'json': + with open(relative_path_name, 'w') as f: + f.write(vuln_ready.to_json(orient='records', lines=True)) + print('{success} - Report written to %s'.format(success=bcolors.SUCCESS) \ + % report_name) return report