Launching scans from command line

Hi,

I probably missed something here. I have set up some scans and I saw this command:

openvas -scan-start=UUID

However, I can’t figure out how to find this UUID for already made task

Many thanks!

OpenVAS is the scanner itself and it cannot “see” tasks managed by gvmd. To start a task via command line, you should use the Greenbone Management Protocol (GMP) (Documentation here).

In your concrete case, open a shell for the gvmd docker container (I am assuming that you are following best practise and are using the Community Containers) and start the task with sudo -u gvmd gvm-cli --gmp-username 'yourUsername' --gmp-password 'yourPassword' socket --xml '<start_task task_id="your-Task-Id"/>'.

I have OpenVAS installed on Kali

sudo -u _gvm gvm-cli --gpm-username 'admin' --gmp-password '*******' socket --xml '<start_task task_id="your-Task-Id"/>'                                                                                                                                                                                                                                       2 ⨯
usage: gvm-cli [-h] [-c [CONFIG]] [--log [{DEBUG,INFO,WARNING,ERROR,CRITICAL}]] [--timeout TIMEOUT] [--gmp-username GMP_USERNAME] [--gmp-password GMP_PASSWORD] [-V] [--protocol {GMP,OSP}] CONNECTION_TYPE ...
gvm-cli: error: argument CONNECTION_TYPE: invalid choice: 'admin' (choose from 'ssh', 'tls', 'socket')

Maybe your version of gvm-cli is outdated? Try: sudo -u _gvm gvm-cli socket --gmp-username 'admin' --gmp-password 'yourPassword' --xml '<start_task task_id="your-Task-Id"/>'

This looks like a syntax issue to me, otherwise there wouldn’t be a usage note I guess. Have you tried executing the command without username and password?

PS: You just leaked your password in the error message on the last line, have fun changing it. :slight_smile:

It’s really a pain honestly.

 sudo -u _gvm gvm-cli socket  --xml '<start_task task_id="your-Task-Id"/>'
ERROR:gvmtools.cli:Remote manager daemon uses an unsupported version of GMP. The GMP version was 22.5

your version of python-gvm is too old. Update python-gvm in your current Python environment. How to update depends on your installation method.

1 Like

I have no update for python-gvm the one I have is:

dpkg -l | grep gvm
ii  gvm                                            23.11.2~kali1                            all          remote network security auditor - metapackage and useful scripts
ii  gvm-tools                                      23.11.0-1                                all          Remote control the Greenbone Vulnerability Manager
ii  gvmd                                           23.3.0-0kali2                            amd64        Manager Module of Greenbone Vulnerability Manager
ii  gvmd-common                                    23.3.0-0kali2                            all          architecture independent files for Greenbone Vulnerability Manager
ii  libgvm22:amd64                                 22.8.0-0kali1                            amd64        remote network security auditor - shared libraries
ii  postgresql-16-pg-gvm                           22.6.4-0kali1                            amd64        PostgreSQL extension for ical object manipulation
ii  python3-gvm                                    23.11.0-1                                all          Greenbone Vulnerability Management Python Library (Python 3)

apt list --upgradable  #<< returns nothing

I’m on Kali Linux up to date

You will need

3 Likes

A request to update such outdated versions of the Python components could be usually posted over here:

https://bugs.kali.org/

2 Likes

ok but here looks like they are at the same level, an “old” software cannot ask for the latest one and we are talking +0.1 version :expressionless:

Not sure if i fully understand the previous comment but AFAICT they are actually not the same:

The remote manager is using the GMP API version 22.5 while the used python-gvm version only supports the GMP API up to version 22.4, that’s why the python-gvm needs to be updated so that it includes support for the newer GMP API version.

3 Likes

Thank you, all done: 0008731: OpenVas services,librairies and python not at the same level - Kali Linux Bug Tracker

2 Likes

I tried again with new versions updated:

sudo -u _gvm gvm-cli socket --gmp-username 'admin' --gmp-password '********' --xml '<start_task task_id="your-Task-Id"/>'  
usage: gvm-cli [-h] [-c [CONFIG]] [--log [{DEBUG,INFO,WARNING,ERROR,CRITICAL}]] [--timeout TIMEOUT] [--gmp-username GMP_USERNAME] [--gmp-password GMP_PASSWORD] [-V]
               [--protocol {GMP,OSP}]
               CONNECTION_TYPE ...
gvm-cli: error: unrecognized arguments --gmp-username --gmp-password ********

Any idea ?

These are argument that have to be passed before the connection type. Sadly that’s a limitation of the arguments parser.

Please try

sudo -u _gvm gvm-cli --gmp-username 'admin' --gmp-password '********' socket --xml '<start_task task_id="your-Task-Id"/>'
1 Like

Thanks for the reply indeed we are going further:

sudo -u _gvm gvm-cli --gmp-username 'admin' --gmp-password '********' socket --xml '<start_task task_id="your-Task-Id"/>' 
ERROR:gvmtools.cli:Response Error 404. Failed to find task 'your-Task-Id'

So I guess your-Task-Id has to be changed by something. It’s sad we cannot find those UUID from the webinterface or maybe from an sql query ?

This UUID is shown at several places in the UI. First of all in the URL. Just click on the desired task open the details page and take a look at the URL in your browser. The URL has the format /task/<UUID>.

You can also find the UUID by using gmp.get_tasks. The returned task id is the UUID.

I found the UUID
image
clicking on the button on the left of Target
However:
openvas --scan-start=UUID_I_found_In_The_URL
does nothing, even returns 1 if UUID is “valid” or not :expressionless:

Yes because that is a different UUID. Task ID in the web UI/gvmd is not the same as scan ID on openvas!