Completion of OpenVAS module
This commit is contained in:
Austin Taylor
@ -4,11 +4,12 @@ __author__ = 'Austin Taylor'
|
||||
|
||||
import datetime as dt
|
||||
import io
|
||||
import json
|
||||
|
||||
import pandas as pd
|
||||
import requests
|
||||
from bs4 import BeautifulSoup
|
||||
from requests.packages.urllib3.exceptions import InsecureRequestWarning
|
||||
from ..utils.cli import bcolors
|
||||
|
||||
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
|
||||
|
||||
@ -49,6 +50,7 @@ class OpenVAS_API(object):
|
||||
self.login()
|
||||
|
||||
self.openvas_reports = self.get_reports()
|
||||
self.report_formats = self.get_report_formats()
|
||||
|
||||
def vprint(self, msg):
|
||||
if self.verbose:
|
||||
@ -112,10 +114,35 @@ class OpenVAS_API(object):
|
||||
]
|
||||
token = requests.post(self.base + self.OMP, data=data, verify=False)
|
||||
return token
|
||||
def get_report_formats(self):
|
||||
params = (
|
||||
('cmd', 'get_report_formats'),
|
||||
('token', self.token)
|
||||
)
|
||||
self.vprint('{info} Retrieving available report foramts'.format(info=bcolors.INFO))
|
||||
data = self.request(url=self.OMP, method='GET', params=params)
|
||||
|
||||
bs = BeautifulSoup(data.content, "lxml")
|
||||
table_body = bs.find('tbody')
|
||||
rows = table_body.find_all('tr')
|
||||
format_mapping = {}
|
||||
for row in rows:
|
||||
cols = row.find_all('td')
|
||||
for x in cols:
|
||||
for y in x.find_all('a'):
|
||||
if y.get_text() != '':
|
||||
format_mapping[y.get_text()] = \
|
||||
[h.split('=')[1] for h in y['href'].split('&') if 'report_format_id' in h][0]
|
||||
return format_mapping
|
||||
|
||||
def get_reports(self, complete=True):
|
||||
print('[INFO] Retreiving OpenVAS report data...')
|
||||
params = (('cmd', 'get_reports'), ('token', self.token))
|
||||
print('{info} Retreiving OpenVAS report data...'.format(info=bcolors.INFO))
|
||||
params = (('cmd', 'get_reports'),
|
||||
('token', self.token),
|
||||
('max_results', 1),
|
||||
('ignore_pagination', 1),
|
||||
('filter', 'apply_overrides=1 min_qod=70 autofp=0 first=1 rows=0 levels=hml sort-reverse=severity'),
|
||||
)
|
||||
reports = self.request(self.OMP, params=params, method='GET')
|
||||
soup = BeautifulSoup(reports.text, 'lxml')
|
||||
data = []
|
||||
@ -155,9 +182,9 @@ class OpenVAS_API(object):
|
||||
('token', self.token),
|
||||
('cmd', 'get_report'),
|
||||
('report_id', report_id),
|
||||
('filter', 'apply_overrides=0 min_qod=70 autofp=0 levels=hml first=1 rows=50 sort-reverse=severity'),
|
||||
('filter', 'apply_overrides=0 min_qod=70 autofp=0 levels=hml first=1 rows=0 sort-reverse=severity'),
|
||||
('ignore_pagination', '1'),
|
||||
('report_format_id', '{report_format_id}'.format(report_format_id=self.report_format_id)),
|
||||
('report_format_id', '{report_format_id}'.format(report_format_id=self.report_formats['CSV Results'])),
|
||||
('submit', 'Download'),
|
||||
)
|
||||
print('Retrieving %s' % report_id)
|
||||
|
||||
@ -824,13 +824,19 @@ class qualysScanReport:
|
||||
return vuln_ready
|
||||
|
||||
|
||||
maxInt = sys.maxsize
|
||||
maxInt = int(4000000)
|
||||
maxSize = sys.maxsize
|
||||
|
||||
if maxSize > maxInt and type(maxSize) == int:
|
||||
maxInt = maxSize
|
||||
|
||||
decrement = True
|
||||
|
||||
while decrement:
|
||||
decrement = False
|
||||
try:
|
||||
print type(maxInt), maxInt
|
||||
csv.field_size_limit(maxInt)
|
||||
except OverflowError:
|
||||
maxInt = int(maxInt/10)
|
||||
decrement = True
|
||||
decrement = True
|
||||
|
||||
@ -653,13 +653,11 @@ class vulnWhispererOpenVAS(vulnWhispererBase):
|
||||
super(vulnWhispererOpenVAS, self).__init__(config=config)
|
||||
|
||||
self.port = int(self.config.get(self.CONFIG_SECTION, 'port'))
|
||||
self.report_format_id = self.config.get(self.CONFIG_SECTION, 'report_format_id')
|
||||
self.develop = True
|
||||
self.purge = purge
|
||||
self.scans_to_process = None
|
||||
self.openvas_api = OpenVAS_API(hostname=self.hostname,
|
||||
port=self.port,
|
||||
report_format_id=self.report_format_id,
|
||||
username=self.username,
|
||||
password=self.password)
|
||||
|
||||
@ -668,11 +666,8 @@ class vulnWhispererOpenVAS(vulnWhispererBase):
|
||||
if report_id:
|
||||
print('Processing report ID: %s' % report_id)
|
||||
|
||||
vuln_ready = self.openvas_api.process_report(report_id=report_id)
|
||||
|
||||
scan_name = report_id.replace('-', '')
|
||||
vuln_ready['scan_name'] = scan_name
|
||||
vuln_ready['scan_reference'] = report_id
|
||||
vuln_ready.rename(columns=self.COLUMN_MAPPING, inplace=True)
|
||||
report_name = 'openvas_scan_{scan_name}_{last_updated}.{extension}'.format(scan_name=scan_name,
|
||||
last_updated=launched_date,
|
||||
extension=output_format)
|
||||
@ -704,18 +699,23 @@ class vulnWhispererOpenVAS(vulnWhispererBase):
|
||||
launched_date,
|
||||
report_name,
|
||||
time.time(),
|
||||
vuln_ready.shape[0],
|
||||
file_length,
|
||||
self.CONFIG_SECTION,
|
||||
report_id,
|
||||
1,
|
||||
)
|
||||
|
||||
vuln_ready.port = vuln_ready.port.fillna(0).astype(int)
|
||||
if output_format == 'json':
|
||||
with open(relative_path_name, 'w') as f:
|
||||
f.write(vuln_ready.to_json(orient='records', lines=True))
|
||||
print('{success} - Report written to %s'.format(success=bcolors.SUCCESS) \
|
||||
% report_name)
|
||||
else:
|
||||
vuln_ready = self.openvas_api.process_report(report_id=report_id)
|
||||
vuln_ready['scan_name'] = scan_name
|
||||
vuln_ready['scan_reference'] = report_id
|
||||
vuln_ready.rename(columns=self.COLUMN_MAPPING, inplace=True)
|
||||
vuln_ready.port = vuln_ready.port.fillna(0).astype(int)
|
||||
if output_format == 'json':
|
||||
with open(relative_path_name, 'w') as f:
|
||||
f.write(vuln_ready.to_json(orient='records', lines=True))
|
||||
print('{success} - Report written to %s'.format(success=bcolors.SUCCESS) \
|
||||
% report_name)
|
||||
|
||||
return report
|
||||
|
||||
|
||||
Reference in New Issue
Block a user