XML report not the same as using the GUI

Hi all,

I’m trying to create an xml report in python using this piece of python code:

from gvm.connections import UnixSocketConnection
from gvm.protocols.gmp import Gmp
from gvm.transforms import EtreeTransform
from gvm.xml import pretty_print

connection = UnixSocketConnection()
transform = EtreeTransform()

with Gmp(connection, transform=transform) as gmp:
    # Login
    gmp.authenticate('admin', 'password')

def get_report(report_id):
    resp = gmp.get_report(report_id, report_format_id="a994b278-1f62-11e1-96ac-406186ea4fc5", ignore_pagination=True)
    pretty_print(resp)

report_id="98d17e48-5fda-4733-a377-8e837acbb608"
get_report(report_id, file_name)

But this gives me another type of output than the gui would give me. The gvm.xml library (pretty_print()) seems to convert the xml in another way. How would I be able to create the exact xml format (more on 1 line and no indentation etc. ) using gmp (or other cli tools/tricks for further scripting with the xml files)?

Kind regards,
Miro

Yes the UI uses a different filter for the report by default. You can look up the exact query in your browser by inspecting the network requests.

2 Likes

Hi @bricks , thanks for the help.
I found the filter:

apply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1

aswell as the request url etc.

But when adding this filter with type: filter and adding the filter_id(id) parameter I keep getting the same formatted xml.

The one that’s being created by the code has indentation and lots of shorter lines (which I don’t want), the one UI generates has less, but longer lines and no indentation, which is exactly what I need.

I was able to use this URL to get the right formatted reports:
https://openvas.company.be/gmp?token=<token>&cmd=get_report&details=1&report_id=98d17e48-5fda-4733-a377-8e837acbb608&report_format_id=a994b278-1f62-11e1-96ac-406186ea4fc5&filter=apply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1
But once logged out, I get authentication required errors.
Is there maybe a way to authenticate and after that do this get request?

You can either set a filter string or a filter_id. Not both. Currently I don’t know which one takes precedence.

The HTTP API is not documented at all and considered as a private API. You need to get a session cookie and a session token for making authenticated request. This isn’t magic and can be looked up in your browser via the network requests.

I am a bit confused. You need some specific XML formatting? That’s up to the consumer of the response. If you want to get the 1:1 formatting as it is returned from gvmd you can’t use the EtreeTransfrom because it already parses the XML.

2 Likes

Thank you sir,
this was the solution.

Hi Miro, im trying to do the same thing, and the report that i downloaded form the gui show me only the vulnerabilities, in my case a medium one, but when download the same report from my script only shows me vulnerabilities risk none. I changed the filter using the final_answer.replace(‘apply_overrides=0 min_qod=70 first=1 rows=10 sort=name’, ‘apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1’), but still does not change nothing.
Im seeding the good and bad report in docx format and in xml fomat to show how is the output
teste1-bom.xml (193.8 KB)
teste1-bom.docx (55.2 KB)
teste1-mau2.xml (216.9 KB)
teste1-mau2.docx (64.6 KB)