Hi everyone,
i am struggling with the reportID from scans.
I need to get the reportID by the task name only. Can anyone help me out with this?
best regards,
alessio
Hi everyone,
i am struggling with the reportID from scans.
I need to get the reportID by the task name only. Can anyone help me out with this?
best regards,
alessio
I assume you are using python-gvm / gvm-tools?
(.venv) bash-3.2$ gvm-pyshell --gmp-username x --gmp-password y ssh --hostname z.z.z.z
resp = gmp.get_tasks()
for task in resp.findall('task'):
last = task.find('last_report')
if last is not None:
report = last.find('report')
if report is not None:
print(report.get('id'))
else:
print('No report')
You could do something like this with gvm-pyshell to get the Report ID of the last Report within that task …
Hi, i used some of your code in my check_gmp script
task_name = sys.argv[11]
print(" Name of report: " + task_name)
def get_vulnerabilities(tname):
filterReport = gmp.get_reports(filter="tname")
report = filterReport.find('report')
#print(tname)
print(report.get('id'))
reportID = report.get('id')
print(reportID)
specReport = gmp.get_report(report_id='reportID', details=True)
jmpToResults = specReport.find('report').find('report').find('results')
for result in results:
pretty_print(result.find('nvt').find('name'))
get_vulnerabilities(task_name)
It gives me the following error about reportID = report.get('id')
'NoneType' object has no attribute 'get'
If i try this in pyshell it works and i get the report_id, if i add this in my script it does not work.
What am i doing wrong?
best regards
It seems, that you don’t have a Report object. So report
is None
you should check if you actually got a report back …
With your code above i get all the report_ID’s, so i should have report Objects…
I want to get the report_ID’s for a specific task_name but i dont get this to work
get_reports(filter=tname)
maybe this?
Yes this worked.
But now i am receiving the wrong ID
What i am trying to do is based on this older post of yours:
Its about this line:
gmp.get_report(report_id=...
If i paste the correct ID manually, it works fine.
Any idea how i get this ID based on the task name? I hope this clears up the situation.
So i want to use a variable for report_id
best regards
You also need to change the line in your code.
You only should use quotation marks for strings. Not if you want to pass a variable.
In your code above you wrote specReport = gmp.get_report(report_id='reportID', details=True)
What you want is specReport = gmp.get_report(report_id=reportID, details=True)
. I think after that change your code works fine.
Also I recommend you python coding style. E.g. variables should be named in snake_case
-style e.g. report_id
not reportID
.
Thank you, i missed the quotes. Now something is definitely working.
Now i get these results
<Element name at 0x7fbe288d24c0>
<Element name at 0x7fbe288d2b40>
<Element name at 0x7fbe288d24c0>
Do you have any idea why this is happening? Actually i should get at least some found vulnerabilities
best regards
When i got the right reportID, and i am searching for certain keywords with:
z.find('report').find('report').find('results')
what is the file type i am looking at? I think that makes the difference
Seems, that you are trying to print the XML-Element Object instead of the content.
Are you still using the pretty_print()
function?
For me your code works fine.
At least if you change the line
for result in results:
to for result in jmpToResults:
>>> for rep in reps:
... rep_id = rep.get('id')
... specReport = gmp.get_report(report_id=rep_id, details=True)
... jmpToResults = specReport.find('report').find('report').find('results')
... for result in jmpToResults:
... pretty_print(result.find('nvt').find('name'))
...
<name>Adobe Acrobat 2017 Security Updates(apsb18-30)-MAC OS X</name>
<name>Adobe Acrobat 2017 Security Updates(apsb18-30)-MAC OS X</name>
<name>Adobe Acrobat 2017 Security Updates(apsb18-30)-MAC OS X</name>
<name>Adobe Acrobat 2017 Security Updates(apsb18-30)-MAC OS X</name>
...
There is no certain “Filetype” you are traversing an xml.
You can look at it if you use pretty_print(gmp.get_report(report_id=reportID, details=True))
.
E.g.:
>>> pretty_print(gmp.get_report(report_id='5d11ff24-f40f-4729-84b6-b7e84fc20a7c', details=True))
<get_reports_response status="200" status_text="OK">
<report id="5d11ff24-f40f-4729-84b6-b7e84fc20a7c" format_id="" extension="" content_type="application/xml">
<owner>
<name>jloechte</name>
</owner>
<name/>
<comment/>
<creation_time/>
<modification_time>2020-08-18T18:37:03Z</modification_time>
<writable>0</writable>
<in_use>0</in_use>
<task id="6ed707a8-4953-4908-a835-3daa135c212f">
<name>work</name>
</task>
<report id="5d11ff24-f40f-4729-84b6-b7e84fc20a7c">
<gmp>
<version>20.08</version>
</gmp>
<sort>
<field>name<order>ascending</order></field>
</sort>
<filters id="">
<term>apply_overrides=0 min_qod=70 first=1 rows=100 sort=name</term>
<filter>High</filter>
<filter>Medium</filter>
<filter>Low</filter>
<filter>Log</filter>
<filter>Debug</filter>
<keywords>
<keyword>
<column>apply_overrides</column>
<relation>=</relation>
<value>0</value>
</keyword>
<keyword>
<column>min_qod</column>
<relation>=</relation>
<value>70</value>
</keyword>
<keyword>
<column>first</column>
<relation>=</relation>
<value>1</value>
</keyword>
<keyword>
<column>rows</column>
<relation>=</relation>
<value>100</value>
</keyword>
<keyword>
<column>sort</column>
<relation>=</relation>
<value>name</value>
</keyword>
</keywords>
</filters>
<severity_class id="d4c74cda-89e1-11e3-9c29-406186ea4fc5">
<name>nist</name>
<full_name>NVD Vulnerability Severity Ratings</full_name>
<severity_range>
<name>None</name>
<min>0.0</min>
<max>0.0</max>
</severity_range>
<severity_range>
<name>Low</name>
<min>0.1</min>
<max>3.9</max>
</severity_range>
<severity_range>
<name>Medium</name>
<min>4.0</min>
<max>6.9</max>
</severity_range>
<severity_range>
<name>High</name>
<min>7.0</min>
<max>10.0</max>
</severity_range>
</severity_class>
<scan_run_status>Done</scan_run_status>
<hosts>
<count>0</count>
</hosts>
<closed_cves>
<count>0</count>
</closed_cves>
<vulns>
<count>0</count>
</vulns>
<os>
<count>0</count>
</os>
<apps>
<count>0</count>
</apps>
<ssl_certs>
<count>0</count>
</ssl_certs>
<task id="6ed707a8-4953-4908-a835-3daa135c212f">
<name>work</name>
<comment>test</comment>
<target id="a1f478c1-27d0-4d8c-959f-150625186421">
<trash>0</trash>
<name>work</name>
<comment>test</comment>
</target>
<progress>0</progress>
</task>
<scan>
<task/>
</scan>
<timestamp>2020-08-18T18:36:28Z</timestamp>
<scan_start/>
<timezone>UTC</timezone>
<timezone_abbrev>UTC</timezone_abbrev>
<ports start="1" max="100">
<count>0</count>
</ports>
<results start="1" max="100"/>
<result_count>0<full>0</full><filtered>0</filtered><debug><full>0</full><filtered>0</filtered></debug><hole><full>0</full><filtered>0</filtered></hole><info><full>0</full><filtered>0</filtered></info><log><full>0</full><filtered>0</filtered></log><warning><full>0</full><filtered>0</filtered></warning><false_positive><full>0</full><filtered>0</filtered></false_positive></result_count>
<severity>
<full>-3.0</full>
<filtered>-3.0</filtered>
</severity>
<scan_end>2020-08-18T18:37:03Z</scan_end>
<errors>
<count>1</count>
<error>
<host>
<asset asset_id=""/>
</host>
<port/>
<description>Could not connect to Scanner</description>
<nvt oid="">
<type>nvt</type>
<name/>
<cvss_base/>
</nvt>
<scan_nvt_version/>
<severity>-3</severity>
</error>
</errors>
</report>
</report>
<filters id="">
<term>apply_overrides=0 min_qod=70 first=1 rows=100 sort=name</term>
<keywords>
<keyword>
<column>apply_overrides</column>
<relation>=</relation>
<value>0</value>
</keyword>
<keyword>
<column>min_qod</column>
<relation>=</relation>
<value>70</value>
</keyword>
<keyword>
<column>first</column>
<relation>=</relation>
<value>1</value>
</keyword>
<keyword>
<column>rows</column>
<relation>=</relation>
<value>100</value>
</keyword>
<keyword>
<column>sort</column>
<relation>=</relation>
<value>name</value>
</keyword>
</keywords>
</filters>
<sort>
<field>name<order>ascending</order></field>
</sort>
<reports start="1" max="-2"/>
<report_count>98<filtered>1</filtered><page>1</page></report_count>
</get_reports_response>
Ah thanks for the advice, i did not use the pretty_print. If i do it gives me the message
name "pretty_print" is not defined
. I imported pprint-library but it doesnt seem to be known
from gvm.xml import pretty_print
Thanks a lot, it works like a charm!