Hello together,
I try to export the scan results in CVS format. So far this works quite well with the following comannds.
echo $(echo $(sudo -u pi gvm-cli --gmp-username XXXX --gmp-password XXXX socket --socketpath /var/opt/gvm/var/run/gvmd.sock --xml “<get_reports report_id=“XXXXXXX” details=“1” format_id=“c1645568-627a-11e3-a660-406186ea4fc5”/>” | gawk ‘match($0, /report_format>(.*?)</report>/, a) {{ print a[1] }}’ )) | base64 --decode
But the export only contain enries with a LOW severity. If I export the same report from the Web Frontend, I get also entries with a HIGH severity. I think this depends on the filter configuration. So I tried to implement this in my command line like this:
echo $(echo $(sudo -u pi gvm-cli --gmp-username XXXX --gmp-password XXXX socket --socketpath /var/opt/gvm/var/run/gvmd.sock --xml “<get_reports report_id=“XXXXXXX” filter=apply_overrides=“0” levels=“hml” min_qod=“50” first=“1” rows=“1000” details=“1” format_id=“c1645568-627a-11e3-a660-406186ea4fc5”/>” | gawk ‘match($0, /report_format>(.*?)</report>/, a) {{ print a[1] }}’ )) | base64 --decode
But it doesn’t work. Whats the correct syntax to implement the filter spezifications? Or how can I configure on a central point, that the export always contains ALL entries (especially entries with a medium and high severity)?
Thanks for your support and beste regards,
**gsad:Greenbone Security Assistant 20.08.0~git-fdd51705e-gsa-20.08gvmd: Greenbone Vulnerability Manager 20.08.0~git-97bdbeeb-gvmd-20.08openvas-scanner: OpenVAS 20.8.0
Linux core 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux
Your XML is not valid. XML attributes need to be quoted. Can you try the following XML instead?
<get_reports report_id=“XXXXXXX” filter="apply_overrides=0 levels=hml min_qod=50 first=1 rows=1000 details=1" format_id=“c1645568-627a-11e3-a660-406186ea4fc5”/>
Btw. for such things it is best to write a gmp script .
1 Like
Hi bricks,
this doesn’t work. Here are the output:
sudo -u pi gvm-cli --gmp-username XXXXX --gmp-password XXXXXX --socketpath /var/opt/gvm/var/run/gvmd.sock --xml "<get_reports report_id=“a492905c-72ca-4a7f-be1e-14e5821463f5” filter="apply_overrides=0 levels=hml min_qod=50 first=1 rows=1000 details=1" format_id=“c1645568-627a-11e3-a660-406186ea4fc5”/>"
usage: gvm-cli [-h] [-c [CONFIG]]
The formatsudo -u pi gvm-cli --gmp-username XXXX --gmp-password XXXXX socket --socketpath /var/opt/gvm/var/run/gvmd.sock --xml "<get_reports report_id=\"a492905c-72ca-4a7f-be1e-14e5821463f5\" details=\"1\" format_id=\"c1645568-627a-11e3-a660-406186ea4fc5\"/>"
works fine and without error. It seems that the XML definitions need to be defined withbackslash " backslash "
Yeah of course you need do adapt that to your quoting for the shell command. Getting the quoting right is difficult with shell scripts. One reason for using a GMP script instead.
1 Like
Python scripts are easier to write and read then shell script
In that case maybe putting the XML into a file would be best.
2 Likes
ok… we will see.
But better there is a way to configure this as a default and template what I can use. It musst be possible to define the export file configuration on a centrale place. maybe in the web frontend? But until now I haven’t found the right point there.
Ok. Maybe I found a solution by myself. It looks like it works with
gvm-cli --gmp-username XXXX --gmp-password XXXXX --timeout 600 socket --socketpath /var/opt/gvm/var/run/gvmd.sock --xml “<get_reports report_id="a492905c-72ca-4a7f-be1e-14e5821463f5" details="1" ignore_pagination="1" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>”
1 Like
Dexus
May 19, 2022, 11:57am
9
only as a tipp: write the xml to a file and use the file as input.
echo '<get_reports report_id="a492905c-72ca-4a7f-be1e-14e5821463f5" filter="apply_overrides=0 levels=hml min_qod=50 first=1 rows=1000 details=1" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>' >/tmp/xml_request
gvm-cli --gmp-username XXXX --gmp-password XXXXX --timeout 600 socket --socketpath /var/opt/gvm/var/run/gvmd.sock /tmp/xml_request
# or alternative
gvm-cli --gmp-username XXXX --gmp-password XXXXX --timeout 600 socket --socketpath /var/opt/gvm/var/run/gvmd.sock </tmp/xml_request
# or alternative singlequote:
# all below are untested
sudo -u pi gvm-cli --gmp-username XXXXX --gmp-password XXXXXX --socketpath /var/opt/gvm/var/run/gvmd.sock --xml '<get_reports report_id="a492905c-72ca-4a7f-be1e-14e5821463f5" filter="apply_overrides=0 levels=hml min_qod=50 first=1 rows=1000 details=1" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>'
# or
echo $(echo $(sudo -u pi gvm-cli --gmp-username XXXX --gmp-password XXXX socket --socketpath /var/opt/gvm/var/run/gvmd.sock --xml '<get_reports report_id="XXXXXXX" details="1" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>' | gawk "match($0, /report_format>(.*?)</report>/, a) {{ print a[1] }}" )) | base64 --decode
echo $(echo $(sudo -u pi gvm-cli --gmp-username XXXX --gmp-password XXXX socket --socketpath /var/opt/gvm/var/run/gvmd.sock --xml '<get_reports report_id="XXXXXXX" filter="apply_overrides=0 levels=hml min_qod=50 first=1 rows=1000" details="1" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>' | gawk "match($0, /report_format>(.*?)</report>/, a) {{ print a[1] }}" )) | base64 --decode
# or WITH ENV
REPORT_ID="XXXXXXX"
echo $(echo $(sudo -u pi gvm-cli --gmp-username XXXX --gmp-password XXXX socket --socketpath /var/opt/gvm/var/run/gvmd.sock --xml '<get_reports report_id="'"${REPORT_ID}"'" details="1" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>' | gawk "match($0, /report_format>(.*?)</report>/, a) {{ print a[1] }}" )) | base64 --decode
echo $(echo $(sudo -u pi gvm-cli --gmp-username XXXX --gmp-password XXXX socket --socketpath /var/opt/gvm/var/run/gvmd.sock --xml '<get_reports report_id="'"${REPORT_ID}"'" filter="apply_overrides=0 levels=hml min_qod=50 first=1 rows=1000" details="1" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>' | gawk "match($0, /report_format>(.*?)</report>/, a) {{ print a[1] }}" )) | base64 --decode
1 Like
And thats my problem. I can’t implement this in a script, because im not a developer. I hoped to finde a simple way to do this with my working shell script.