OpenVAS6到8的OpenVAS管理器和XML报表分析器

  1. 您所在的位置:
  2. Python中文网 >
  3. pypi >
  4. openvas-lib库 >
  5. 正文

openvas-lib的Python项目详细描述


这个lib是什么?

此项目是一个python库,用于使用omp协议连接和管理openvas服务器。支持OpenVAS6、7、8和9(7和8版本仍处于试验阶段)

此外,您还可以解析和解释openvas xml报告。

为什么要这么做?

openvas有一个[官方的python库](https://pypi.python.org/pypi/openvas.omplib),但它不能与基于ompv4的版本(openvas 6)一起工作。

此外,官方库还有许多未修复的错误,它无法读取和解释xml报告。

许可证

此库是根据BSD第3条许可证发布的

python版本

目前,这个库只在Python2.7及更高版本下运行。未计划到Python3.x的端口。

错误、端口和新功能

请随意移植、修补或添加任何新功能到此库中,并向我们发送拉取请求。我们提前感谢您:)

快速启动

安装

从代码下载

要下载最新的源代码,请输入以下命令:

git clone https://github.com/golismero/openvas_lib.git

然后,在默认的python安装中安装库,运行以下命令:

python setup.py install

使用pip安装 
pip install openvas_lib

管理openvas服务器

连接到服务器 
fromopenvas_libimportVulnscanManager,VulnscanExceptiontry:scanner=VulnscanManager(HOST,USER,PASSWORD,PORT,TIMEOUT)exceptVulnscanExceptionase:print("Error:")print(e)

启动一个简单的扫描 
fromopenvas_libimportVulnscanManager,VulnscanExceptionscanner=VulnscanManager(HOST,USER,PASSWORD,PORT,TIMEOUT)scan_id,target_id=scanner.launch_scan(target="127.0.0.1",# Target to scanprofile="Full and fast")

启动高级扫描

库支持回调。它们将每10秒运行一次,并报告扫描状态(“callback_progress”)或扫描结束(“callback_end”)。

fromthreadingimportSemaphorefromfunctoolsimportpartialfromopenvas_libimportVulnscanManager,VulnscanExceptiondefmy_print_status(i):print(str(i))defmy_launch_scanner():sem=Semaphore(0)# Configuremanager=VulnscanManager("localhost","admin","admin")# Launchmanager.launch_scan(target,profile="empty",callback_end=partial(lambdax:x.release(),sem),callback_progress=my_print_status)# WaitSem.acquire()# Finished scanprint("finished")

运行它:

>>>my_launch_scanner()# It can take some time010396090finished

获取扫描结果 
from__future__importprint_functionfromopenvas_libimportVulnscanManager,VulnscanExceptionscanner=VulnscanManager(HOST,USER,PASSWORD,PORT,TIMEOUT)openvas_results=scanner.get_results(SCAN_ID)

删除扫描

from__future__importprint_functionfromopenvas_libimportVulnscanManager,VulnscanExceptionscanner=VulnscanManager(HOST,USER,PASSWORD,PORT,TIMEOUT)scanner.delete_scan(SCAN_ID)

删除目标

from__future__importprint_functionfromopenvas_libimportVulnscanManager,VulnscanExceptionscanner=VulnscanManager(HOST,USER,PASSWORD,PORT,TIMEOUT)scanner.delete_target(TARGET_ID)

分析OpenVAS XML报表

您可以使用test/文件夹中的示例报告作为“xml”扩展。此报告是使用metasploitable生成的 Linux发行版。

>>> from__future__importprint_function>>> fromopenvas_libimportreport_parser>>> results=report_parser("tests/metasploitable_all.xml")>>> print(results)[<openvas_lib.data.OpenVASResult object at 0x108f2d250>, <openvas_lib.data.OpenVASResult object at 0x108f2d290>, <openvas_lib.data.OpenVASResult object at 0x108e7fcd0>, <openvas_lib.data.OpenVASResult object at 0x108e88e90>, <openvas_lib.data.OpenVASResult object at 0x108e88050>, <openvas_lib.data.OpenVASResult object at 0x108e88410>, <openvas_lib.data.OpenVASResult object at 0x108e88550>, <openvas_lib.data.OpenVASResult object at 0x108f2d650>, <openvas_lib.data.OpenVASResult object at 0x108f2d750>, <openvas_lib.data.OpenVASResult object at 0x108f2d850>, <openvas_lib.data.OpenVASResult object at 0x108f2d950>, <openvas_lib.data.OpenVASResult object at 0x108f2da50>, <openvas_lib.data.OpenVASResult object at 0x108f2db50>, <openvas_lib.data.OpenVASResult object at 0x108f2dc50>, <openvas_lib.data.OpenVASResult object at 0x108eb56d0>, <openvas_lib.data.OpenVASResult object at 0x108eb5750>, <openvas_lib.data.OpenVASResult object at 0x108f2ded0>, <openvas_lib.data.OpenVASResult object at 0x108f2dfd0>, <openvas_lib.data.OpenVASResult object at 0x108f35110>, <openvas_lib.data.OpenVASResult object at 0x108eb5950>, <openvas_lib.data.OpenVASResult object at 0x108f35210>, <openvas_lib.data.OpenVASResult object at 0x108eb5a90>, <openvas_lib.data.OpenVASResult object at 0x108eb5ad0>, <openvas_lib.data.OpenVASResult object at 0x108f355d0>, <openvas_lib.data.OpenVASResult object at 0x108f356d0>, <openvas_lib.data.OpenVASResult object at 0x108eb5dd0>, <openvas_lib.data.OpenVASResult object at 0x108f357d0>, <openvas_lib.data.OpenVASResult object at 0x108eb5f90>, <openvas_lib.data.OpenVASResult object at 0x108e101d0>, <openvas_lib.data.OpenVASResult object at 0x108e10390>, <openvas_lib.data.OpenVASResult object at 0x108eb5d90>, <openvas_lib.data.OpenVASResult object at 0x108f35910>, <openvas_lib.data.OpenVASResult object at 0x108f35a10>, <openvas_lib.data.OpenVASResult object at 0x108f35b10>, <openvas_lib.data.OpenVASResult object at 0x108f35c10>, <openvas_lib.data.OpenVASResult object at 0x108f35d10>, <openvas_lib.data.OpenVASResult object at 0x108f35e10>, <openvas_lib.data.OpenVASResult object at 0x108f35f10>, <openvas_lib.data.OpenVASResult object at 0x108f3a050>, <openvas_lib.data.OpenVASResult object at 0x108e102d0>, <openvas_lib.data.OpenVASResult object at 0x108e10910>, <openvas_lib.data.OpenVASResult object at 0x108e10ad0>, <openvas_lib.data.OpenVASResult object at 0x108e10c10>, <openvas_lib.data.OpenVASResult object at 0x108f3a150>, <openvas_lib.data.OpenVASResult object at 0x108f3a250>, <openvas_lib.data.OpenVASResult object at 0x108f3a350>, <openvas_lib.data.OpenVASResult object at 0x108f3a450>, <openvas_lib.data.OpenVASResult object at 0x108f3a550>, <openvas_lib.data.OpenVASResult object at 0x108e10e50>, <openvas_lib.data.OpenVASResult object at 0x108e10e90>, <openvas_lib.data.OpenVASResult object at 0x108e28090>, <openvas_lib.data.OpenVASResult object at 0x108f3a750>, <openvas_lib.data.OpenVASResult object at 0x108f3a910>, <openvas_lib.data.OpenVASResult object at 0x108f3aa10>, <openvas_lib.data.OpenVASResult object at 0x108e28250>, <openvas_lib.data.OpenVASResult object at 0x108e28210>, <openvas_lib.data.OpenVASResult object at 0x108e28350>, <openvas_lib.data.OpenVASResult object at 0x108e28450>, <openvas_lib.data.OpenVASResult object at 0x108f3ad10>, <openvas_lib.data.OpenVASResult object at 0x108f3ae10>, <openvas_lib.data.OpenVASResult object at 0x108f3ac10>, <openvas_lib.data.OpenVASResult object at 0x108e287d0>, <openvas_lib.data.OpenVASResult object at 0x108e28890>, <openvas_lib.data.OpenVASResult object at 0x108e289d0>, <openvas_lib.data.OpenVASResult object at 0x108e28ad0>, <openvas_lib.data.OpenVASResult object at 0x108e28c10>, <openvas_lib.data.OpenVASResult object at 0x108f3e210>, <openvas_lib.data.OpenVASResult object at 0x108e28710>, <openvas_lib.data.OpenVASResult object at 0x108e28d90>, <openvas_lib.data.OpenVASResult object at 0x108e28ed0>, <openvas_lib.data.OpenVASResult object at 0x108e28f10>, <openvas_lib.data.OpenVASResult object at 0x108e28f90>, <openvas_lib.data.OpenVASResult object at 0x108f3e510>, <openvas_lib.data.OpenVASResult object at 0x108f3e610>, <openvas_lib.data.OpenVASResult object at 0x108f3e710>, <openvas_lib.data.OpenVASResult object at 0x108f3e810>, <openvas_lib.data.OpenVASResult object at 0x108f3e910>, <openvas_lib.data.OpenVASResult object at 0x108f3ea10>, <openvas_lib.data.OpenVASResult object at 0x108f3eb10>]
# get properties from a vuln with more info
>>> r=None>>> forxinresults:  if x.id == "07cdd3dc-9f5b-4a75-a173-f7ca50bfb4f3":
    r = x
>>> r.id'07cdd3dc-9f5b-4a75-a173-f7ca50bfb4f3'
>>> r.host'10.211.55.35'
>>> r.raw_description"\n  Summary:\n  The host is running MySQL and is prone to Denial Of Service\n  vulnerability.\n\n  Vulnerability Insight:\n  The flaw is due to an error when processing the 'ALTER DATABASE' statement and\n  can be exploited to corrupt the MySQL data directory using the '#mysql50#'\n  prefix followed by a '.' or '..'.\n\n  NOTE: Successful exploitation requires 'ALTER' privileges on a database.\n  Impact:\n  Successful exploitation could allow an attacker to cause a Denial of Service.\n  Impact Level: Application\n\n  Affected Software/OS:\n  MySQL version priot to 5.1.48 on all running platform.\n\n  Solution:\n  Upgrade to MySQL version 5.1.48\n  For updates refer to http://dev.mysql.com/downloads\n"
>>> print(r.raw_description)  Summary:
  The host is running MySQL and is prone to Denial Of Service
  vulnerability.

  Vulnerability Insight:
  The flaw is due to an error when processing the 'ALTER DATABASE' statement and
  can be exploited to corrupt the MySQL data directory using the '#mysql50#'
  prefix followed by a '.' or '..'.

  NOTE: Successful exploitation requires 'ALTER' privileges on a database.
  Impact:
  Successful exploitation could allow an attacker to cause a Denial of Service.
  Impact Level: Application

  Affected Software/OS:
  MySQL version priot to 5.1.48 on all running platform.

  Solution:
  Upgrade to MySQL version 5.1.48
  For updates refer to http://dev.mysql.com/downloads
>>> r.summary'The host is running MySQL and is prone to Denial Of Service vulnerability.'
>>> r.vulnerability_insight"The flaw is due to an error when processing the 'ALTER DATABASE' statement and can be exploited to corrupt the MySQL data directory using the '#mysql50#' prefix followed by a '.' or '..'. NOTE: Successful exploitation requires 'ALTER' privileges on a database."
>>> r.impact'Successful exploitation could allow an attacker to cause a Denial of Service. Impact Level: Application'
>>> r.affected_software'MySQL version priot to 5.1.48 on all running platform.'
>>> r.solution'Upgrade to MySQL version 5.1.48 For updates refer to http://dev.mysql.com/downloads'
>>> r.threat'Medium'
>>> r.port.number3306
>>> r.port.proto'tcp'
>>> r.port.port_name'mysql'

欢迎加入QQ群-->: 979659372 Python中文网_新手群

推荐PyPI第三方库


导 航 栏

项目 链接

标 签

许可证: BSD许可证(BSD 3条款)

作者信息:: 暂无

维护者

pypi user: golismero_project golismero_project

最新PyPI项目

最新Python常见问题

热门话题
java本机方法的源代码可用吗?   java如何使父方法抛出异常?   java Android以编程方式设置不同屏幕大小/密度的布局   java如何使用一个变量来管理所有客户端请求   java输入一个txt文件,每行有一组数字   json java从jsonobject获取jsonarray错误   java将一个(WAV)写入一个文件只会说一个单词(最后一个单词)   java Telnet忽略原始字节   proguard java。运行桌面应用程序时出现lang.VerifyError   java用左键移动JLabel?   java如何在jText区域验证选项卡?   文件服务器客户端Javasocket编程中的字符串搜索   java省略了JSTL中的最后一个逗号<c:out>   java如何找到if或else代码已执行的次数?   java JavaScript WebSocket send()方法未执行   浮点数声明上的java标识符预期错误   java这是指二进制搜索算法吗?   编译mod at:reobfJar java时的minecraft问题。util。拉链ZipException:重复条目   java检测特定的震动运动(如图所示:D)