Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XML support broken? #10

Open
kapoios opened this issue Jul 28, 2016 · 4 comments
Open

XML support broken? #10

kapoios opened this issue Jul 28, 2016 · 4 comments

Comments

@kapoios
Copy link

kapoios commented Jul 28, 2016
edited
Loading

I use this code to export a XML, it's straight from the examples.
I believe some Openvas update changed the XML layout and broke the XML parser.

#!/usr/bin/env python

from __future__ import print_function

from openvas_lib import VulnscanManager, VulnscanException
from threading import Semaphore
from functools import partial
from xml.etree import ElementTree
import base64
import datetime
import os
import sys, re
import subprocess
import time
import random


def my_print_status(i):
    print(str(i)),
    sys.stdout.flush()


def write_report(manager, report_id, ip):
    result_dir = os.path.dirname(os.path.abspath(__file__)) + "/results"
    try:
        report = manager.get_report_xml(report_id)
    except Exception as e:
        print(e)
        return
    else:
        fout = open(result_dir + "/xml/" + ip + ".xml", "wb")
        fout.write(ElementTree.tostring(report, encoding='utf-8', method='xml'))
        fout.close()


def run(manager, ip):
    Sem = Semaphore(0)
    scan_id, target_id = manager.launch_scan(
        target=ip,
        profile="Full and fast",
        callback_end=partial(lambda x: x.release(), Sem),
        callback_progress=my_print_status
    )
    Sem.acquire()
    report_id = manager.get_report_id(scan_id)
    write_report(manager, report_id, ip)
    manager.delete_scan(scan_id)
    manager.delete_target(target_id)


if __name__ == '__main__':
    try:
        openvas_ip = sys.argv[1]
        admin_name = sys.argv[2]
        admin_password = sys.argv[3]
        ip = sys.argv[4]
        manager = VulnscanManager(openvas_ip, admin_name, admin_password)
        run(manager, ip)
    except Exception as e:
        print(e)

I tried to read the newly created XML and the task XML downloaded from Openvas with:

#!/usr/bin/python
from openvas_lib import report_parser
import os

results = report_parser(os.path.dirname(os.path.abspath(__file__)) + "/results/xml/"+"192.168.1.223.xml")
print(results)

The result:

Traceback (most recent call last):
  File "./test3.py", line 6, in <module>
    results = report_parser(os.path.dirname(os.path.abspath(__file__)) + "/results/xml/"+"192.168.1.223.xml")
  File "/home/user/.local/lib/python2.7/site-packages/openvas_lib/__init__.py", line 139, in report_parser
    raise ValueError("XML format is not valid, doesn't contains id attribute.")
ValueError: XML format is not valid, doesn't contains id attribute.

That was the result in both cases
I tried this on a Kali (installed from repo) and a Debian(compiled from source) VM.

EDIT: After checking the generated XML seems wrong, it starts like this:

<get_reports_response status="200" status_text="OK"><report content_type="text/xml" extension="xml" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5" id="04198b90-7815-49da-b593-6452a3405b03" type="scan"><owner><name/></owner><name>2016-07-28T00:30:43Z</name><comment/><creation_time>2016-07-28T00:30:43Z</creation_time><modification_time>2016-07-28T00:33:15Z</modification_time><writable>0</writable>

So the XML output is maybe not working as well.
@amngibson
Copy link

I was getting same error. It appears openvas added a new root element to the reports. I added some code to account for it, however I am not a skilled programmer and they might not like my fix. We shall see.

Here is the info:

report_xml = manager.get_report_xml(report_id)
report_xml.keys()
['status', 'status_text']
report_xml[0].keys()
['format_id', 'content_type', 'type', 'id', 'extension']
xml = report_xml[0]
xml.keys()
['format_id', 'content_type', 'type', 'id', 'extension']

@mohsen-abbaspour
Copy link

hi dear
when use this code:

########
#!/usr/bin/python
from openvas_lib import report_parser
import os

results = report_parser(os.path.dirname(os.path.abspath(file)) + "/results/xml/"+"192.168.1.223.xml")
print(results)
###############
i get this result :

WARNING:root:name tag unrecognised
WARNING:root:owner tag unrecognised
WARNING:root:comment tag unrecognised
WARNING:root:creation_time tag unrecognised
WARNING:root:modification_time tag unrecognised
WARNING:root:user_tags tag unrecognised
WARNING:root:scan_nvt_version tag unrecognised
WARNING:root:severity tag unrecognised
WARNING:root:qod tag unrecognised
WARNING:root:name tag unrecognised
WARNING:root:owner tag unrecognised
WARNING:root:comment tag unrecognised
WARNING:root:creation_time tag unrecognised
WARNING:root:modification_time tag unrecognised
WARNING:root:user_tags tag unrecognised
WARNING:root:scan_nvt_version tag unrecognised
WARNING:root:severity tag unrecognised
WARNING:root:qod tag unrecognised
[<openvas_lib.data.OpenVASResult object at 0x7fba11a51150>, <openvas_lib.data.OpenVASResult object at 0x7fba13da7950>]

what should i do ??!!

@amngibson
Copy link

Those are tags not accounted for in the code in this library. You can write the code to catch and display them if hey are useful to you, or you can just modify the code to ignore them. (see my "unknown tags" section below)

Get CVSS

                            cvss_candidate = l_val.find("tags")
                            if cvss_candidate is not None and getattr(cvss_candidate, "text", None):
                                    # Extract data
                                    cvss_tmp = cvss_regex.search(cvss_candidate.text)
                                    if cvss_tmp:
                                            l_nvt_object.cvss_base_vector = cvss_tmp.group(2) if len(cvss_tmp.groups()) >= 2 else ""

                            # Add to the NVT Object
                            try:
                                    l_partial_result.nvt = l_nvt_object
                            except (TypeError, ValueError) as e:
                                    logging.warning(
                                            "NVT oid %s is not a valid NVT value for %s vulnerability. skipping vulnerability..."
                                            % (l_nvt_object.oid,
                                               l_vid))
                                    logging.debug(e)
                                    continue

                    # --------------------------------------------------------------------------
                    # Unknown tags
                    # --------------------------------------------------------------------------
                    else:
                            # Unrecognised tag
                            logging.info("%s tag unrecognised" % l_tag)

@mohsen-abbaspour
Copy link

@amngibson
so tnx my friend i change it and
when run this code :
results = report_parser(os.path.dirname(os.path.abspath(file)) + "/results/xml/"+"192.168.1.223.xml")
print(results)

i get ths result ::
[<openvas_lib.data.OpenVASResult object at (for exampleHEXNUMBER) ]

so how can I view report ??
where is the out put of parser module ??
so tnx for help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@amngibson @kapoios @mohsen-abbaspour