OpenVAS adding target through cli
Command Line OpenVAS Scanning with OMP
Usually required for automating OpenVAS scans, the command-line client (omp) for OpenVAS allows you to turn the system into a custom solution for your own needs.
The omp command has a large number of options. A nice feature is the ability to save your connection credentials into a file so they don't have to be repeated on the command line.
The configuration file of omp
The configuration file ~/omp.config can be used to store connection parameters like host, port, username, and password. Alternatively, the connection parameter can be passed with the respective options or read from a file specified with the --configfile option.
An exemplary configuration file looks like
[Connection]
host=localhost
port=9390
username=exampleuser
password=examplepassword
While there are a number of shortcuts that can be used as command line parameters, for full control the XML option is the go to option. This gives you full control over the system.
# omp --help
Usage:
omp [OPTION...] - OpenVAS OMP Command Line Interface
Help Options:
-?, --help Show help options
Application Options:
-h, --host= Connect to manager on host
-p, --port= Use port number
-V, --version Print version.
-v, --verbose Verbose messages (WARNING: may reveal passwords).
--use-certs Use client certificates to authenticate.
--client-cert= Client certificate. Default: /usr/local/var/lib/openvas/CA/clientcert.pem
--client-key= Client key. Default: /usr/local/var/lib/openvas/private/CA/clientkey.pem
--client-ca-cert= Client CA certificate. Default: /usr/local/var/lib/openvas/CA/cacert.pem
-u, --username= OMP username
-w, --password= OMP password
--config-file= Configuration file for connection parameters.
-P, --prompt Prompt to exit.
-O, --get-omp-version Print OMP version.
-n, --name= Name for create-task.
-C, --create-task Create a task.
-m, --comment= Comment for create-task.
-c, --config= Config for create-task.
-t, --target= Target for create-task.
-E, --delete-report Delete one or more reports.
-D, --delete-task Delete one or more tasks.
-R, --get-report Get report of one task.
-F, --get-report-formats Get report formats. (OMP 2.0 only)
-f, --format= Format for get-report.
--filter= Filter string for get-report
-G, --get-tasks Get status of one, many or all tasks.
-g, --get-configs Get configs.
-T, --get-targets Get targets.
-i, --pretty-print In combination with -X, pretty print the response.
-S, --start-task Start one or more tasks.
-M, --modify-task Modify a task.
--ping Ping OMP server
--timeout= Wait seconds for OMP ping response
--file Add text in stdin as file on task.
-X, --xml= XML command (e.g. ""). "-" to read from stdin.
--send-file= Replace SENDFILE in xml with base64 offile.
--details Enable detailed view.
A very simple example of sending an XML query using the omp client is to actually ask for help. The response from this command gives details of other possible XML queries.
omp --xml=""
Starting a Scan from the Command Line
As a quick introduction, the process for starting a scan from the command line involves:
*Create Target (--xml="My Targetmytargettotest.com")
*Create Task (use -C and the option --config=ID of your scan config, also requires --target=ID of target)
*Start Task (--xml="")
*Get Report (--xml="/usr/local/openvas/bin/omp --pretty-print --xml "" /usr/local/openvas/bin/omp --pretty-print --xml ""
Once the scan has completed you can retrieve the report using the get_reports XML. Requires the report_id and the format_id parameters.
Initially, this may seem a bit overwhelming however, it is quite logical once you step through the process.
Relevant Blogs:
Recent Comments
No comments
Leave a Comment
We will be happy to hear what you think about this post