mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-22 17:15:06 +01:00
openvas-automate.sh
This commit is contained in:
parent
f552d315df
commit
48f5170d32
@ -9,6 +9,8 @@
|
||||
|
||||
- **`forticlientsslvpn-expect.sh`** - Forticlient SSL VPN Client launching script utilizing expect. Useful while working for clients exposing their local networks through a Fortinet SSL VPN. [gist](https://gist.githubusercontent.com/mgeeky/8afc0e32b8b97fd6f96fce6098615a93/raw/cf127be09d02e04c00eb578e4ef1219a773d21cf/forticlientsslvpn-expect.sh)
|
||||
|
||||
- **`openvas-automate.sh`** - A simple OpenVAS scanner automation script. If you want to use your custom defined scan type - you'll need to edit script's code, especially `targets` array and `if` decision statement in lines 111-137. [gist](https://gist.github.com/mgeeky/a038f809dff4d308db94f5f657908da7)
|
||||
|
||||
- **`playRTPStream.sh`** - Using rtpdump to play RTP streams from PCAP files with VLC. This script was useful to extract RTP Streams from sniffed VoIP communication and then with a help of VLC to dump those streams into valid .wav files. (https://github.com/hdiniz/rtpdump). [gist](https://gist.github.com/mgeeky/0b8bd81a3f6fb70eec543bc0bae2f079)
|
||||
|
||||
- **`vm-manager.sh`** - A bash script offering several aliases/functions for quick management of a single Virtualbox VM machine. Handy to use it for example to manage a Kali box. By issuing `startkali` the VM will raise, `sshkali` - offers instant SSH into your VM, `getkali` - returns VM's IP address, `iskali` - checks whether VM is running, `stopkali` goes without explanation. [gist](https://gist.github.com/mgeeky/80b1f7addb792796d8bfb67188d72f4a)
|
||||
|
284
others/openvas-automate.sh
Normal file
284
others/openvas-automate.sh
Normal file
@ -0,0 +1,284 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# OpenVAS automation script.
|
||||
# Mariusz B. / mgeeky, '17
|
||||
# v0.2
|
||||
#
|
||||
|
||||
trap ctrl_c INT
|
||||
|
||||
# --- CONFIGURATION ---
|
||||
|
||||
USER=<USERNAME>
|
||||
PASS=<PASSWORD>
|
||||
HOST=127.0.0.1
|
||||
PORT=9390
|
||||
|
||||
# Must be one of the below defined targets
|
||||
SCAN_PROFILE=""
|
||||
#SCAN_PROFILE="Full and fast ultimate"
|
||||
|
||||
FORMAT="PDF"
|
||||
|
||||
# A valid "alive_test" parameter
|
||||
# Defines how it is determined if the targets are alive
|
||||
# Currently, valid values are the following:
|
||||
# Scan Config Default
|
||||
# ICMP, TCP-ACK Service & ARP Ping
|
||||
# TCP-ACK Service & ARP Ping
|
||||
# ICMP & ARP Ping
|
||||
# ICMP & TCP-ACK Service Ping
|
||||
# ARP Ping
|
||||
# TCP-ACK Service Ping
|
||||
# TCP-SYN Service Ping
|
||||
# ICMP Ping
|
||||
# Consider Alive
|
||||
ALIVE_TEST='ICMP, TCP-ACK Service & ARP Ping'
|
||||
|
||||
# --- END OF CONFIGURATION ---
|
||||
|
||||
targets=(
|
||||
"Discovery"
|
||||
"Full and fast"
|
||||
"Full and fast ultimate"
|
||||
"Full and very deep"
|
||||
"Full and very deep ultimate"
|
||||
"Host Discovery"
|
||||
"System Discovery"
|
||||
)
|
||||
|
||||
formats=(
|
||||
"ARF"
|
||||
"CPE"
|
||||
"HTML"
|
||||
"ITG"
|
||||
"NBE"
|
||||
"PDF"
|
||||
"TXT"
|
||||
"XML"
|
||||
)
|
||||
|
||||
able_to_clean=1
|
||||
|
||||
function usage {
|
||||
echo
|
||||
echo -ne "Usage: openvas-automate.sh <host>"
|
||||
echo
|
||||
echo -ne "\n host\t- IP address or domain name of the host target."
|
||||
echo
|
||||
echo
|
||||
}
|
||||
|
||||
function omp_cmd {
|
||||
cmd="omp -u $USER -w \"$PASS\" -h $HOST -p $PORT $@"
|
||||
#>&2 echo "DBG: OMP cmd: \"$cmd\""
|
||||
eval $cmd 2>&1
|
||||
}
|
||||
|
||||
function omp_cmd_xml {
|
||||
omp_cmd "--xml='$@'"
|
||||
}
|
||||
|
||||
function end {
|
||||
echo "[>] Performing cleanup"
|
||||
|
||||
if [ $able_to_clean -eq 1 ]; then
|
||||
omp_cmd -D $task_id
|
||||
omp_cmd -X '<delete_target target_id="'$target_id'"/>'
|
||||
fi
|
||||
exit 1
|
||||
}
|
||||
|
||||
function ctrl_c() {
|
||||
echo "[?] CTRL-C trapped."
|
||||
exit 1
|
||||
end
|
||||
}
|
||||
|
||||
echo
|
||||
echo " :: OpenVAS automation script."
|
||||
echo " mgeeky, 0.2"
|
||||
echo
|
||||
|
||||
out=$(omp_cmd -g | grep -i "discovery")
|
||||
if [ -z "$out" ]; then
|
||||
echo "Exiting due to OpenVAS authentication failure."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[+] OpenVAS authenticated."
|
||||
|
||||
if [ -z "$SCAN_PROFILE" ]; then
|
||||
echo "[>] Please select scan type:"
|
||||
echo -e "\t1. Discovery"
|
||||
echo -e "\t2. Full and fast"
|
||||
echo -e "\t3. Full and fast ultimate"
|
||||
echo -e "\t4. Full and very deep"
|
||||
echo -e "\t5. Full and very deep ultimate"
|
||||
echo -e "\t6. Host Discovery"
|
||||
echo -e "\t7. System Discovery"
|
||||
echo -e "\t9. Exit"
|
||||
echo ""
|
||||
echo "--------------------------------"
|
||||
|
||||
read -p "Please select an option: " m
|
||||
|
||||
if [ $m -eq 9 ]; then exit 0;
|
||||
elif [ $m -eq 1 ]; then SCAN_PROFILE="Discovery"
|
||||
elif [ $m -eq 2 ]; then SCAN_PROFILE="Full and fast"
|
||||
elif [ $m -eq 3 ]; then SCAN_PROFILE="Full and fast ultimate"
|
||||
elif [ $m -eq 4 ]; then SCAN_PROFILE="Full and very deep"
|
||||
elif [ $m -eq 5 ]; then SCAN_PROFILE="Full and very deep ultimate"
|
||||
elif [ $m -eq 6 ]; then SCAN_PROFILE="Host Discovery"
|
||||
elif [ $m -eq 7 ]; then SCAN_PROFILE="System Discovery"
|
||||
else echo "[!] Unknown profile selected" && exit 1
|
||||
fi
|
||||
echo
|
||||
fi
|
||||
|
||||
found=0
|
||||
|
||||
for i in "${targets[@]}"
|
||||
do
|
||||
if [ "$i" == "$SCAN_PROFILE" ]; then
|
||||
found=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
scan_profile_id=$(omp_cmd -g | grep "$SCAN_PROFILE" | cut -d' ' -f1)
|
||||
if [ $found -eq 0 ] || [ -z "$scan_profile_id" ]; then
|
||||
echo "[!] You've selected unknown SCAN_PROFILE. Please change it in script's settings."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
found=0
|
||||
|
||||
for i in "${formats[@]}"
|
||||
do
|
||||
if [ "$i" == "$FORMAT" ]; then
|
||||
found=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
format_id=$(omp_cmd -F | grep "$FORMAT" | cut -d' ' -f1)
|
||||
|
||||
if [ $found -eq 0 ] || [ -z $format_id ]; then
|
||||
echo "[!] You've selected unknown FORMAT. Please change it in script's settings."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
TARGET="$1"
|
||||
host "$TARGET" 2>&1 > /dev/null
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "[!] Specified target host seems to be unavailable!"
|
||||
read -p "Are you sure you want to continue [Y/n]? " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]
|
||||
then
|
||||
echo > /dev/null
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "[+] Tasked: '$SCAN_PROFILE' scan against '$TARGET' "
|
||||
|
||||
target_id=$(omp_cmd -T | grep "$TARGET" | cut -d' ' -f1)
|
||||
|
||||
out=""
|
||||
if [ -z "$target_id" ]; then
|
||||
|
||||
echo "[>] Creating a target..."
|
||||
out=$(omp -u $USER -w '$PASS' -h $HOST -p $PORT --xml=\
|
||||
"<create_target>\
|
||||
<name>${TARGET}</name><hosts>$TARGET</hosts>\
|
||||
<alive_tests>$ALIVE_TEST</alive_tests>\
|
||||
</create_target>")
|
||||
target_id=$(echo "$out" | pcregrep -o1 'id="([^"]+)"')
|
||||
|
||||
else
|
||||
echo "[>] Reusing target..."
|
||||
fi
|
||||
|
||||
if [ -z "$target_id" ]; then
|
||||
echo "[!] Something went wrong, couldn't acquire target's ID! Output:"
|
||||
echo $out
|
||||
exit 1
|
||||
else
|
||||
echo "[+] Target's id: $target_id"
|
||||
fi
|
||||
|
||||
echo "[>] Creating a task..."
|
||||
task_id=$(omp_cmd -C -n "$TARGET" --target=$target_id --config=$scan_profile_id)
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "[!] Could not create a task."
|
||||
end
|
||||
fi
|
||||
|
||||
echo "[+] Task created successfully, id: '$task_id'"
|
||||
|
||||
echo "[>] Starting the task..."
|
||||
report_id=$(omp_cmd -S $task_id)
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "[!] Could not start a task."
|
||||
end
|
||||
fi
|
||||
|
||||
able_to_clean=0
|
||||
|
||||
echo "[+] Task started. Report id: $report_id"
|
||||
echo "[.] Awaiting for it to finish. This will take a long while..."
|
||||
echo
|
||||
|
||||
aborted=0
|
||||
while true; do
|
||||
RET=$(omp_cmd -G)
|
||||
if [ $? -ne 0 ]; then
|
||||
echo '[!] Querying jobs failed.';
|
||||
end
|
||||
fi
|
||||
|
||||
RET=$(echo -n "$RET" | grep -m1 "$task_id" | tr '\n' ' ')
|
||||
out=$(echo "$RET" | tr '\n' ' ')
|
||||
echo -ne "$out\r"
|
||||
if [ `echo "$RET" | grep -m1 -i "fail"` ]; then
|
||||
echo '[!] Failed getting running jobs list'
|
||||
end
|
||||
fi
|
||||
echo "$RET" | grep -m1 -i -E "done|Stopped"
|
||||
if [ $? -ne 1 ]; then
|
||||
aborted=1
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
|
||||
done
|
||||
|
||||
if [ $aborted -eq 0 ]; then
|
||||
echo "[+] Job done, generating report..."
|
||||
|
||||
FILENAME=${TARGET// /_}
|
||||
FILENAME="openvas_${FILENAME//[^a-zA-Z0-9_\.\-]/}_$(date +%s)"
|
||||
|
||||
out=$(omp_cmd --get-report $report_id --format $format_id > $FILENAME.$FORMAT )
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo '[!] Failed getting report.';
|
||||
echo "[!] Output: $out"
|
||||
#end
|
||||
fi
|
||||
|
||||
echo "[+] Scanning done."
|
||||
else
|
||||
echo "[?] Scan monitoring has been aborted. You're on your own now."
|
||||
fi
|
Loading…
Reference in New Issue
Block a user