Vulnerability Scan with Python

Building from Source and Advanced Topics Greenbone Management Protocol (GMP)
1

Good afternoom, how are you?

I need to create an script in Python for deploy vulnerabilities scans in OpenVas, but i look in the API and i not find any that help me. Somebody can i help me?

2

Hello materiaprima, and welcome to the Greenbone Community Forum :slight_smile:

You can use start_task from the Greenbone Management Protocol to start an already existing task. You just need to specify the task UUID.

3 Likes
3

In this case, would I need to have already created the task within the OpenVas console to be able to start it through the script?

I’m thinking about automating the scans on my network and creating new scans using Python.

The final idea is to automate the OpenVas scan with the functionality to fix vulnerabilities with WSUS.

4

Yes, you need to supply a valid UUID of an already existing task. You can however also create tasks via GMP using create_task, which will directly give you the task’s UUID in its reply.

Not a bad idea, but have you already considered using scheduled scans?

1 Like
5

Thank for ideia.

But in this script i to go automatize with WSUS, when the OpenVAS detected a vulnerability in a host, the WSUS will to apply patch about the vulnerability find.

6

Per my understanding, GVM is rather a vulnerability scan focused tool instead of an security orchestration tool.
what you expected:

when the OpenVAS detected a vulnerability in a host, the WSUS will to apply patch about the vulnerability find.

what the requirements analyzed in a engineering perspective:

  1. scan a host by a task
  2. generate report containing the potential vulnerability
  3. analyze the vulnerability info. and trigger the corresponding signal.
  4. the signal will trigger the external service by any means, an orchestration tool or directly WSUS.
  5. necessary monitoring mechanism to ensure the service call success and recorded.

note:above is only the backbone requirements, you may also want to consider more in case some exception. say whether we can update the host at that very time.

GVM itself works great with #1 and #2. For, others, i don’t think GVM works good.

Per my experience i would suggest you gvm-tools specially the gvm-scripts for your consideration. you can learn from the demo scripts and customize #3,#4,#5 all as your wish.