Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenVAS automation script.
#!/bin/bash
#
# OpenVAS automation script.
# Mariusz B. / mgeeky, '17
# v0.2
#
trap ctrl_c INT
# --- CONFIGURATION ---
USER=<USERNAME>
PASS=<PASSWORD>
HOST=127.0.0.1
PORT=9390
# Must be one of the below defined targets
SCAN_PROFILE=""
#SCAN_PROFILE="Full and fast ultimate"
FORMAT="PDF"
# A valid "alive_test" parameter
# Defines how it is determined if the targets are alive
# Currently, valid values are the following:
# Scan Config Default
# ICMP, TCP-ACK Service & ARP Ping
# TCP-ACK Service & ARP Ping
# ICMP & ARP Ping
# ICMP & TCP-ACK Service Ping
# ARP Ping
# TCP-ACK Service Ping
# TCP-SYN Service Ping
# ICMP Ping
# Consider Alive
ALIVE_TEST='ICMP, TCP-ACK Service &amp; ARP Ping'
# --- END OF CONFIGURATION ---
targets=(
"Discovery"
"Full and fast"
"Full and fast ultimate"
"Full and very deep"
"Full and very deep ultimate"
"Host Discovery"
"System Discovery"
)
formats=(
"ARF"
"CPE"
"HTML"
"ITG"
"NBE"
"PDF"
"TXT"
"XML"
)
able_to_clean=1
function usage {
echo
echo -ne "Usage: openvas-automate.sh <host>"
echo
echo -ne "\n host\t- IP address or domain name of the host target."
echo
echo
}
function omp_cmd {
cmd="omp -u $USER -w \"$PASS\" -h $HOST -p $PORT $@"
#>&2 echo "DBG: OMP cmd: \"$cmd\""
eval $cmd 2>&1
}
function omp_cmd_xml {
omp_cmd "--xml='$@'"
}
function end {
echo "[>] Performing cleanup"
if [ $able_to_clean -eq 1 ]; then
omp_cmd -D $task_id
omp_cmd -X '<delete_target target_id="'$target_id'"/>'
fi
exit 1
}
function ctrl_c() {
echo "[?] CTRL-C trapped."
exit 1
end
}
echo
echo " :: OpenVAS automation script."
echo " mgeeky, 0.2"
echo
out=$(omp_cmd -g | grep -i "discovery")
if [ -z "$out" ]; then
echo "Exiting due to OpenVAS authentication failure."
exit 1
fi
echo "[+] OpenVAS authenticated."
if [ -z "$SCAN_PROFILE" ]; then
echo "[>] Please select scan type:"
echo -e "\t1. Discovery"
echo -e "\t2. Full and fast"
echo -e "\t3. Full and fast ultimate"
echo -e "\t4. Full and very deep"
echo -e "\t5. Full and very deep ultimate"
echo -e "\t6. Host Discovery"
echo -e "\t7. System Discovery"
echo -e "\t9. Exit"
echo ""
echo "--------------------------------"
read -p "Please select an option: " m
if [ $m -eq 9 ]; then exit 0;
elif [ $m -eq 1 ]; then SCAN_PROFILE="Discovery"
elif [ $m -eq 2 ]; then SCAN_PROFILE="Full and fast"
elif [ $m -eq 3 ]; then SCAN_PROFILE="Full and fast ultimate"
elif [ $m -eq 4 ]; then SCAN_PROFILE="Full and very deep"
elif [ $m -eq 5 ]; then SCAN_PROFILE="Full and very deep ultimate"
elif [ $m -eq 6 ]; then SCAN_PROFILE="Host Discovery"
elif [ $m -eq 7 ]; then SCAN_PROFILE="System Discovery"
else echo "[!] Unknown profile selected" && exit 1
fi
echo
fi
found=0
for i in "${targets[@]}"
do
if [ "$i" == "$SCAN_PROFILE" ]; then
found=1
break
fi
done
scan_profile_id=$(omp_cmd -g | grep "$SCAN_PROFILE" | cut -d' ' -f1)
if [ $found -eq 0 ] || [ -z "$scan_profile_id" ]; then
echo "[!] You've selected unknown SCAN_PROFILE. Please change it in script's settings."
exit 1
fi
found=0
for i in "${formats[@]}"
do
if [ "$i" == "$FORMAT" ]; then
found=1
break
fi
done
format_id=$(omp_cmd -F | grep "$FORMAT" | cut -d' ' -f1)
if [ $found -eq 0 ] || [ -z $format_id ]; then
echo "[!] You've selected unknown FORMAT. Please change it in script's settings."
exit 1
fi
if [ -z "$1" ]; then
usage
exit 1
fi
TARGET="$1"
host "$TARGET" 2>&1 > /dev/null
if [ $? -ne 0 ]; then
echo "[!] Specified target host seems to be unavailable!"
read -p "Are you sure you want to continue [Y/n]? " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
echo > /dev/null
else
exit 1
fi
fi
echo "[+] Tasked: '$SCAN_PROFILE' scan against '$TARGET' "
target_id=$(omp_cmd -T | grep "$TARGET" | cut -d' ' -f1)
out=""
if [ -z "$target_id" ]; then
echo "[>] Creating a target..."
out=$(omp -u $USER -w '$PASS' -h $HOST -p $PORT --xml=\
"<create_target>\
<name>${TARGET}</name><hosts>$TARGET</hosts>\
<alive_tests>$ALIVE_TEST</alive_tests>\
</create_target>")
target_id=$(echo "$out" | pcregrep -o1 'id="([^"]+)"')
else
echo "[>] Reusing target..."
fi
if [ -z "$target_id" ]; then
echo "[!] Something went wrong, couldn't acquire target's ID! Output:"
echo $out
exit 1
else
echo "[+] Target's id: $target_id"
fi
echo "[>] Creating a task..."
task_id=$(omp_cmd -C -n "$TARGET" --target=$target_id --config=$scan_profile_id)
if [ $? -ne 0 ]; then
echo "[!] Could not create a task."
end
fi
echo "[+] Task created successfully, id: '$task_id'"
echo "[>] Starting the task..."
report_id=$(omp_cmd -S $task_id)
if [ $? -ne 0 ]; then
echo "[!] Could not start a task."
end
fi
able_to_clean=0
echo "[+] Task started. Report id: $report_id"
echo "[.] Awaiting for it to finish. This will take a long while..."
echo
aborted=0
while true; do
RET=$(omp_cmd -G)
if [ $? -ne 0 ]; then
echo '[!] Querying jobs failed.';
end
fi
RET=$(echo -n "$RET" | grep -m1 "$task_id" | tr '\n' ' ')
out=$(echo "$RET" | tr '\n' ' ')
echo -ne "$out\r"
if [ `echo "$RET" | grep -m1 -i "fail"` ]; then
echo '[!] Failed getting running jobs list'
end
fi
echo "$RET" | grep -m1 -i -E "done|Stopped"
if [ $? -ne 1 ]; then
aborted=1
break
fi
sleep 1
done
if [ $aborted -eq 0 ]; then
echo "[+] Job done, generating report..."
FILENAME=${TARGET// /_}
FILENAME="openvas_${FILENAME//[^a-zA-Z0-9_\.\-]/}_$(date +%s)"
out=$(omp_cmd --get-report $report_id --format $format_id > $FILENAME.$FORMAT )
if [ $? -ne 0 ]; then
echo '[!] Failed getting report.';
echo "[!] Output: $out"
#end
fi
echo "[+] Scanning done."
else
echo "[?] Scan monitoring has been aborted. You're on your own now."
fi
@salem-nafi

This comment has been minimized.

Copy link

salem-nafi commented Mar 20, 2019

Can you give an example of how me make it work please

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.