XML report not the same as using the GUI

Hi all,

I’m trying to create an xml report in python using this piece of python code:

from gvm.connections import UnixSocketConnection
from gvm.protocols.gmp import Gmp
from gvm.transforms import EtreeTransform
from gvm.xml import pretty_print

connection = UnixSocketConnection()
transform = EtreeTransform()

with Gmp(connection, transform=transform) as gmp:
    # Login
    gmp.authenticate('admin', 'password')

def get_report(report_id):
    resp = gmp.get_report(report_id, report_format_id="a994b278-1f62-11e1-96ac-406186ea4fc5", ignore_pagination=True)

get_report(report_id, file_name)

But this gives me another type of output than the gui would give me. The gvm.xml library (pretty_print()) seems to convert the xml in another way. How would I be able to create the exact xml format (more on 1 line and no indentation etc. ) using gmp (or other cli tools/tricks for further scripting with the xml files)?

Kind regards,

Yes the UI uses a different filter for the report by default. You can look up the exact query in your browser by inspecting the network requests.


Hi @bricks , thanks for the help.
I found the filter:

apply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1

aswell as the request url etc.

But when adding this filter with type: filter and adding the filter_id(id) parameter I keep getting the same formatted xml.

The one that’s being created by the code has indentation and lots of shorter lines (which I don’t want), the one UI generates has less, but longer lines and no indentation, which is exactly what I need.

I was able to use this URL to get the right formatted reports:
https://openvas.company.be/gmp?token=<token>&cmd=get_report&details=1&report_id=98d17e48-5fda-4733-a377-8e837acbb608&report_format_id=a994b278-1f62-11e1-96ac-406186ea4fc5&filter=apply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1
But once logged out, I get authentication required errors.
Is there maybe a way to authenticate and after that do this get request?

You can either set a filter string or a filter_id. Not both. Currently I don’t know which one takes precedence.

The HTTP API is not documented at all and considered as a private API. You need to get a session cookie and a session token for making authenticated request. This isn’t magic and can be looked up in your browser via the network requests.

I am a bit confused. You need some specific XML formatting? That’s up to the consumer of the response. If you want to get the 1:1 formatting as it is returned from gvmd you can’t use the EtreeTransfrom because it already parses the XML.


Thank you sir,
this was the solution.

Hi Miro, im trying to do the same thing, and the report that i downloaded form the gui show me only the vulnerabilities, in my case a medium one, but when download the same report from my script only shows me vulnerabilities risk none. I changed the filter using the final_answer.replace(‘apply_overrides=0 min_qod=70 first=1 rows=10 sort=name’, ‘apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1’), but still does not change nothing.
Im seeding the good and bad report in docx format and in xml fomat to show how is the output
teste1-bom.xml (193.8 KB)
teste1-bom.docx (55.2 KB)
teste1-mau2.xml (216.9 KB)
teste1-mau2.docx (64.6 KB)