Get latest report by ip or hostname

YannickNoah · October 6, 2020, 6:01pm

Hi everyone,
I am using the pdf-report.gmp.py and I was wondering if there’s a way to get a report by ip or hostname.
Or is there a command to get the reportID so I can save it into a variable?

Best regards,
Yannick

y0urself · October 7, 2020, 7:33am

There are different ways to get what you expect.
You can either modify the pdf-report.gmp.py the way you want to use it.
E.G. you can look up all reports with gmp.get_reports().
Or you can use gvm-pyshell or gvm-cli to get what you want.
You probably want to set a specific filter in the get_reports command


    def get_reports(
        self,
        *,
        filter: Optional[str] = None,
        filter_id: Optional[str] = None,
        note_details: Optional[bool] = None,
        override_details: Optional[bool] = None,
        details: Optional[bool] = None
    ) -> Any:

Here you can find filteroptions.
E.G.: gmp.get_reports(filter="127.0.0.1") gmp.get_reports(filter="name=my_report") etc.

YannickNoah · October 7, 2020, 9:31am

Thank you, that helped me out, in addition i modified the script to get text instead of a pdf (simply because i need text)

To show a few lines in my monitoring tool, i was wondering if i can even filter a report by Vulnerability Detection Result or something similar.

For example my monitoring shows me the GMP status GMP CRITICAL: 2 vulnerabilities found - High: 2 Medium: 0 Low: 0

Have you an advice how i can filter the report so that i get which Vulnerability was found?
Like it was possible to login using the following credentials (username:password)

best regards,
Yannick

y0urself · October 7, 2020, 9:43am

You might want to use the XML?

It is possible to traverse the xml and search for the tags that contain the vulnerability information.
You might want to take a deeper look into check-gmp.gmp.py. AFAIK you can gather the required information from this script.

YannickNoah · October 7, 2020, 12:27pm

Yes i took a look in line 779 of check-gmp.gmp.py
I think there i need to give the right output informations of the function def retrieve_nvt_data(result): in line 846

I think this is the right way?

YannickNoah · October 9, 2020, 1:57pm

I got a little struggle to determine the information i need in check-gmp.gmp.py. Is it okay if you tell me which function i should take a look at?
Then i should be able to modify it to my needs

y0urself · October 11, 2020, 9:28am

There are different possibilities.
If you e.g. use the xml, you can look up the tags and their text.
I am not sure what information you need.

But you can e.g. do something like this:

>>> z = gmp.get_report(report_id='3404b586-40be-4a7d-a964-c23c435d9abc', details=True)
>>> zz = z.find('report').find('report').find('results')
>>> for result in results:
...     pretty_print(result.find('nvt').find('name'))
...
<name>Adobe Acrobat 2017 Security Updates(apsb18-30)-MAC OS X</name>
>>>

YannickNoah · October 11, 2020, 11:39am

I need a very short description about what the scan found, like 2 lines at maximum. I would prefer gathering the Infos out of check-gmp.gmp.py, because in my Nagios plugin where I paste the gvm command, I can only do one command per plugin.

So I simply want to modify the print() of check-gmp.
Your solution looks very well. But there I got the problem that I need to give the report_id for a specific hostname, or a specific ip

y0urself · October 12, 2020, 8:35am

Line 891ff. is the NVT print in that script.

YannickNoah · October 12, 2020, 9:20am

Thank you, i tried this.
I am no developer, i thought this should be right:
print(
"GMP %s: %i vulnerabilities found - High: %i Medium: %i "
"Low: %i"
"\n"
" Output: "
% (
NAGIOS_MSG[ret],
(high_count + medium_count + low_count),
high_count,
medium_count,
low_count,
)
)
print(
print_nvt_data(
nvts,
show_log=script_args.showlog,
show_ports=script_args.show_ports,
descr=script_args.descr,
dfn=script_args.dfn,
)
)

It gives me the output None
What am i doing wrong? I dont see that any of these variables are overwritten, so they should contain the right informations

YannickNoah · October 13, 2020, 1:22pm

What else i tried is a for loop to print out the list/tuple in nvts right under the GMP-Status print
for a, *b in nvts: print(a, ' '.join(map(str, b)))

Only gives me the output: High,Medium,Low,Log

YannickNoah · October 14, 2020, 2:23pm

I took some code (for testing only) of the function print_nvt_data

for key, nvt_data in nvts.items():
for nvt in nvt_data:
print("NVT: %s (%s) %s" % (nvt[0], key, nvt[1]))

and placed it right under the GMP Status print. It seems like it have no content.
Has anyone some advice what i am doing wrong?