OpenVAS integration with MulVAL

Hi all!
I am currently engaged in a project that involves automating the process of penetration testing, with a particular focus on network topology automation. In this context, I am exploring tools and methods to effectively integrate OpenVAS with MulVAL.

My primary goal is to automate the generation of network topologies, especially for larger networks (over 40 hosts), which pose significant challenges in manual processes. I am particularly interested in tools or scripts that can parse the output from OpenVAS scans and feed it into MulVAL for automated topology creation.

I am aware of the capabilities of OpenVAS in vulnerability scanning and reporting, but I am looking for ways to extend its utility towards automated network topology mapping, which is a crucial aspect of my project.

Does anyone in the community know of existing tools, scripts, or methodologies that can facilitate this integration? Alternatively, any guidance or suggestions on developing such a tool would be highly appreciated.

Your insights and advice will be invaluable to my research and the success of this project.

Thank you in advance for your time and help!

Yes, this is the purpose of the tool python-gvm. python-gvm is the official python library to control Greenbone Community Edition installations and Greenbone Enterprise Appliances remotely. This includes using Python scripts to export the results of scan tasks, hosts, and virtually any other type of GVM data-object in XML format.

The repository gvm-tools also has a set of example scripts for basic functionality.

Python-gvm would allow you to automate network topologies such as the results from a Host Discovery or System Discovery scans (or scan configurations such as Full and Fast) to MulVAL.

@rippledj Thank you very much for your availability! What I need is a script that acts as a parser for the input of MulVAL. I would like to know if it is available or if I need to implement it myself… I couldn’t find anything on gvm-tools in the script section.

I would appreciate any references or other information on this topic. So, the output from OpenVAS needs to be fed into MulVAL. Currently, MulVAL has an adapter (a parser) to prepare the data, but only for the XML output of Nessus and OVAL. There’s nothing else available.

It looks like MulVAL has not seen an update in 9 years although some searches on the internet shows a fair amount of academic papers, and some are quite recent . Overall looks like OVAL has been depreciated in GVM.

There is some information about OpenVAS using the OVAL standard to create an OVAL System Characteristics object and python-gvm has a function to export OVAL definitions. It’s not immediately clear whether this function exports an OVAL Characteristics Object but perhaps the GMP XML is close to the OVAL format.

The MulVAL script for parsing Nessus XML scan results is from 2011 so, that’s even older about 11-12 years old and it depends on a Java program named GetTplQry_nessusXML which I can’t find reference to. However it just outupts the Nessus XML to a formatted text file. The rest of the script could be usable since it translates a text file with vulnerability information into Datalog format.