-
-
Save muchiking/e59530171274ad96df3d28efd936b759 to your computer and use it in GitHub Desktop.
OpenVAS automation script.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# OpenVAS automation script. | |
# Mariusz B. / mgeeky, '17 | |
# v0.2 | |
# | |
trap ctrl_c INT | |
# --- CONFIGURATION --- | |
USER=<USERNAME> | |
PASS=<PASSWORD> | |
HOST=127.0.0.1 | |
PORT=9390 | |
# Must be one of the below defined targets | |
SCAN_PROFILE="" | |
#SCAN_PROFILE="Full and fast ultimate" | |
FORMAT="PDF" | |
# A valid "alive_test" parameter | |
# Defines how it is determined if the targets are alive | |
# Currently, valid values are the following: | |
# Scan Config Default | |
# ICMP, TCP-ACK Service & ARP Ping | |
# TCP-ACK Service & ARP Ping | |
# ICMP & ARP Ping | |
# ICMP & TCP-ACK Service Ping | |
# ARP Ping | |
# TCP-ACK Service Ping | |
# TCP-SYN Service Ping | |
# ICMP Ping | |
# Consider Alive | |
ALIVE_TEST='ICMP, TCP-ACK Service & ARP Ping' | |
# --- END OF CONFIGURATION --- | |
targets=( | |
"Discovery" | |
"Full and fast" | |
"Full and fast ultimate" | |
"Full and very deep" | |
"Full and very deep ultimate" | |
"Host Discovery" | |
"System Discovery" | |
) | |
formats=( | |
"ARF" | |
"CPE" | |
"HTML" | |
"ITG" | |
"NBE" | |
"PDF" | |
"TXT" | |
"XML" | |
) | |
able_to_clean=1 | |
function usage { | |
echo | |
echo -ne "Usage: openvas-automate.sh <host>" | |
echo | |
echo -ne "\n host\t- IP address or domain name of the host target." | |
echo | |
echo | |
} | |
function omp_cmd { | |
cmd="omp -u $USER -w \"$PASS\" -h $HOST -p $PORT $@" | |
#>&2 echo "DBG: OMP cmd: \"$cmd\"" | |
eval $cmd 2>&1 | |
} | |
function omp_cmd_xml { | |
omp_cmd "--xml='$@'" | |
} | |
function end { | |
echo "[>] Performing cleanup" | |
if [ $able_to_clean -eq 1 ]; then | |
omp_cmd -D $task_id | |
omp_cmd -X '<delete_target target_id="'$target_id'"/>' | |
fi | |
exit 1 | |
} | |
function ctrl_c() { | |
echo "[?] CTRL-C trapped." | |
exit 1 | |
end | |
} | |
echo | |
echo " :: OpenVAS automation script." | |
echo " mgeeky, 0.2" | |
echo | |
out=$(omp_cmd -g | grep -i "discovery") | |
if [ -z "$out" ]; then | |
echo "Exiting due to OpenVAS authentication failure." | |
exit 1 | |
fi | |
echo "[+] OpenVAS authenticated." | |
if [ -z "$SCAN_PROFILE" ]; then | |
echo "[>] Please select scan type:" | |
echo -e "\t1. Discovery" | |
echo -e "\t2. Full and fast" | |
echo -e "\t3. Full and fast ultimate" | |
echo -e "\t4. Full and very deep" | |
echo -e "\t5. Full and very deep ultimate" | |
echo -e "\t6. Host Discovery" | |
echo -e "\t7. System Discovery" | |
echo -e "\t9. Exit" | |
echo "" | |
echo "--------------------------------" | |
read -p "Please select an option: " m | |
if [ $m -eq 9 ]; then exit 0; | |
elif [ $m -eq 1 ]; then SCAN_PROFILE="Discovery" | |
elif [ $m -eq 2 ]; then SCAN_PROFILE="Full and fast" | |
elif [ $m -eq 3 ]; then SCAN_PROFILE="Full and fast ultimate" | |
elif [ $m -eq 4 ]; then SCAN_PROFILE="Full and very deep" | |
elif [ $m -eq 5 ]; then SCAN_PROFILE="Full and very deep ultimate" | |
elif [ $m -eq 6 ]; then SCAN_PROFILE="Host Discovery" | |
elif [ $m -eq 7 ]; then SCAN_PROFILE="System Discovery" | |
else echo "[!] Unknown profile selected" && exit 1 | |
fi | |
echo | |
fi | |
found=0 | |
for i in "${targets[@]}" | |
do | |
if [ "$i" == "$SCAN_PROFILE" ]; then | |
found=1 | |
break | |
fi | |
done | |
scan_profile_id=$(omp_cmd -g | grep "$SCAN_PROFILE" | cut -d' ' -f1) | |
if [ $found -eq 0 ] || [ -z "$scan_profile_id" ]; then | |
echo "[!] You've selected unknown SCAN_PROFILE. Please change it in script's settings." | |
exit 1 | |
fi | |
found=0 | |
for i in "${formats[@]}" | |
do | |
if [ "$i" == "$FORMAT" ]; then | |
found=1 | |
break | |
fi | |
done | |
format_id=$(omp_cmd -F | grep "$FORMAT" | cut -d' ' -f1) | |
if [ $found -eq 0 ] || [ -z $format_id ]; then | |
echo "[!] You've selected unknown FORMAT. Please change it in script's settings." | |
exit 1 | |
fi | |
if [ -z "$1" ]; then | |
usage | |
exit 1 | |
fi | |
TARGET="$1" | |
host "$TARGET" 2>&1 > /dev/null | |
if [ $? -ne 0 ]; then | |
echo "[!] Specified target host seems to be unavailable!" | |
read -p "Are you sure you want to continue [Y/n]? " -n 1 -r | |
echo | |
if [[ $REPLY =~ ^[Yy]$ ]] | |
then | |
echo > /dev/null | |
else | |
exit 1 | |
fi | |
fi | |
echo "[+] Tasked: '$SCAN_PROFILE' scan against '$TARGET' " | |
target_id=$(omp_cmd -T | grep "$TARGET" | cut -d' ' -f1) | |
out="" | |
if [ -z "$target_id" ]; then | |
echo "[>] Creating a target..." | |
out=$(omp -u $USER -w '$PASS' -h $HOST -p $PORT --xml=\ | |
"<create_target>\ | |
<name>${TARGET}</name><hosts>$TARGET</hosts>\ | |
<alive_tests>$ALIVE_TEST</alive_tests>\ | |
</create_target>") | |
target_id=$(echo "$out" | pcregrep -o1 'id="([^"]+)"') | |
else | |
echo "[>] Reusing target..." | |
fi | |
if [ -z "$target_id" ]; then | |
echo "[!] Something went wrong, couldn't acquire target's ID! Output:" | |
echo $out | |
exit 1 | |
else | |
echo "[+] Target's id: $target_id" | |
fi | |
echo "[>] Creating a task..." | |
task_id=$(omp_cmd -C -n "$TARGET" --target=$target_id --config=$scan_profile_id) | |
if [ $? -ne 0 ]; then | |
echo "[!] Could not create a task." | |
end | |
fi | |
echo "[+] Task created successfully, id: '$task_id'" | |
echo "[>] Starting the task..." | |
report_id=$(omp_cmd -S $task_id) | |
if [ $? -ne 0 ]; then | |
echo "[!] Could not start a task." | |
end | |
fi | |
able_to_clean=0 | |
echo "[+] Task started. Report id: $report_id" | |
echo "[.] Awaiting for it to finish. This will take a long while..." | |
echo | |
aborted=0 | |
while true; do | |
RET=$(omp_cmd -G) | |
if [ $? -ne 0 ]; then | |
echo '[!] Querying jobs failed.'; | |
end | |
fi | |
RET=$(echo -n "$RET" | grep -m1 "$task_id" | tr '\n' ' ') | |
out=$(echo "$RET" | tr '\n' ' ') | |
echo -ne "$out\r" | |
if [ `echo "$RET" | grep -m1 -i "fail"` ]; then | |
echo '[!] Failed getting running jobs list' | |
end | |
fi | |
echo "$RET" | grep -m1 -i -E "done|Stopped" | |
if [ $? -ne 1 ]; then | |
aborted=1 | |
break | |
fi | |
sleep 1 | |
done | |
if [ $aborted -eq 0 ]; then | |
echo "[+] Job done, generating report..." | |
FILENAME=${TARGET// /_} | |
FILENAME="openvas_${FILENAME//[^a-zA-Z0-9_\.\-]/}_$(date +%s)" | |
out=$(omp_cmd --get-report $report_id --format $format_id > $FILENAME.$FORMAT ) | |
if [ $? -ne 0 ]; then | |
echo '[!] Failed getting report.'; | |
echo "[!] Output: $out" | |
#end | |
fi | |
echo "[+] Scanning done." | |
else | |
echo "[?] Scan monitoring has been aborted. You're on your own now." | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment