openvas-automate.sh

others/README.md

@@ -9,6 +9,8 @@
 
 - **`forticlientsslvpn-expect.sh`** - Forticlient SSL VPN Client launching script utilizing expect. Useful while working for clients exposing their local networks through a Fortinet SSL VPN. [gist](https://gist.githubusercontent.com/mgeeky/8afc0e32b8b97fd6f96fce6098615a93/raw/cf127be09d02e04c00eb578e4ef1219a773d21cf/forticlientsslvpn-expect.sh)
 
+- **`openvas-automate.sh`** - A simple OpenVAS scanner automation script. If you want to use your custom defined scan type - you'll need to edit script's code, especially `targets` array and `if` decision statement in lines 111-137. [gist](https://gist.github.com/mgeeky/a038f809dff4d308db94f5f657908da7)
+
 - **`playRTPStream.sh`** - Using rtpdump to play RTP streams from PCAP files with VLC. This script was useful to extract RTP Streams from sniffed VoIP communication and then with a help of VLC to dump those streams into valid .wav files. (https://github.com/hdiniz/rtpdump). [gist](https://gist.github.com/mgeeky/0b8bd81a3f6fb70eec543bc0bae2f079)
 
 - **`vm-manager.sh`** - A bash script offering several aliases/functions for quick management of a single Virtualbox VM machine. Handy to use it for example to manage a Kali box. By issuing `startkali` the VM will raise, `sshkali` - offers instant SSH into your VM, `getkali` - returns VM's IP address, `iskali` - checks whether VM is running, `stopkali` goes without explanation. [gist](https://gist.github.com/mgeeky/80b1f7addb792796d8bfb67188d72f4a)

others/openvas-automate.sh

@@ -0,0 +1,284 @@
+#!/bin/bash
+#
+# OpenVAS automation script.
+# Mariusz B. / mgeeky, '17
+#	v0.2
+#
+
+trap ctrl_c INT
+
+# --- CONFIGURATION ---
+
+USER=<USERNAME>
+PASS=<PASSWORD>
+HOST=127.0.0.1
+PORT=9390
+
+# Must be one of the below defined targets
+SCAN_PROFILE=""
+#SCAN_PROFILE="Full and fast ultimate"
+
+FORMAT="PDF"
+
+# A valid "alive_test" parameter
+# Defines how it is determined if the targets are alive
+# Currently, valid values are the following:
+#     Scan Config Default
+#     ICMP, TCP-ACK Service & ARP Ping
+#     TCP-ACK Service & ARP Ping
+#     ICMP & ARP Ping
+#     ICMP & TCP-ACK Service Ping
+#     ARP Ping
+#     TCP-ACK Service Ping
+#     TCP-SYN Service Ping
+#     ICMP Ping
+#     Consider Alive
+ALIVE_TEST='ICMP, TCP-ACK Service &amp; ARP Ping'
+
+# --- END OF CONFIGURATION ---
+
+targets=(
+	"Discovery"
+	"Full and fast"
+	"Full and fast ultimate"
+	"Full and very deep"
+	"Full and very deep ultimate"
+	"Host Discovery"
+	"System Discovery"
+)
+
+formats=(
+	"ARF"
+	"CPE"
+	"HTML"
+	"ITG"
+	"NBE"
+	"PDF"
+	"TXT"
+	"XML"
+)
+
+able_to_clean=1
+
+function usage {
+	echo
+	echo -ne "Usage: openvas-automate.sh <host>"
+	echo
+	echo -ne "\n  host\t- IP address or domain name of the host target."
+	echo
+	echo
+}
+
+function omp_cmd {
+	cmd="omp -u $USER -w \"$PASS\" -h $HOST -p $PORT $@"
+	#>&2 echo "DBG: OMP cmd: \"$cmd\""
+	eval $cmd 2>&1
+}
+
+function omp_cmd_xml {
+	omp_cmd "--xml='$@'"
+}
+
+function end {
+	echo "[>] Performing cleanup"	
+
+	if [ $able_to_clean -eq 1 ]; then
+		omp_cmd -D $task_id
+		omp_cmd -X '<delete_target target_id="'$target_id'"/>'
+	fi
+	exit 1
+}
+
+function ctrl_c() {
+	echo "[?] CTRL-C trapped."
+	exit 1
+	end
+}
+
+echo
+echo " :: OpenVAS automation script."
+echo "    mgeeky, 0.2"
+echo
+
+out=$(omp_cmd -g | grep -i "discovery")
+if [ -z "$out" ]; then
+	echo "Exiting due to OpenVAS authentication failure."
+	exit 1
+fi
+
+echo "[+] OpenVAS authenticated."
+
+if [ -z "$SCAN_PROFILE" ]; then
+	echo "[>] Please select scan type:"
+	echo -e "\t1. Discovery"
+	echo -e "\t2. Full and fast"
+	echo -e "\t3. Full and fast ultimate"
+	echo -e "\t4. Full and very deep"
+	echo -e "\t5. Full and very deep ultimate"
+	echo -e "\t6. Host Discovery"
+	echo -e "\t7. System Discovery"
+	echo -e "\t9. Exit"
+	echo ""
+	echo "--------------------------------"
+
+	read -p "Please select an option: " m
+
+	if [ $m -eq 9 ]; then exit 0;
+	elif [ $m -eq 1 ]; then SCAN_PROFILE="Discovery"
+	elif [ $m -eq 2 ]; then SCAN_PROFILE="Full and fast"
+	elif [ $m -eq 3 ]; then SCAN_PROFILE="Full and fast ultimate"
+	elif [ $m -eq 4 ]; then SCAN_PROFILE="Full and very deep"
+	elif [ $m -eq 5 ]; then SCAN_PROFILE="Full and very deep ultimate"
+	elif [ $m -eq 6 ]; then SCAN_PROFILE="Host Discovery"
+	elif [ $m -eq 7 ]; then SCAN_PROFILE="System Discovery"
+	else echo "[!] Unknown profile selected" && exit 1
+	fi
+	echo
+fi
+
+found=0
+
+for i in "${targets[@]}"
+do
+	if [ "$i" == "$SCAN_PROFILE" ]; then
+		found=1
+		break
+	fi
+done
+
+scan_profile_id=$(omp_cmd -g | grep "$SCAN_PROFILE" | cut -d' ' -f1)
+if [ $found -eq 0 ] || [ -z "$scan_profile_id" ]; then
+	echo "[!] You've selected unknown SCAN_PROFILE. Please change it in script's settings."
+	exit 1
+fi
+
+found=0
+
+for i in "${formats[@]}"
+do
+	if [ "$i" == "$FORMAT" ]; then
+		found=1
+		break
+	fi
+done
+
+format_id=$(omp_cmd -F | grep "$FORMAT" | cut -d' ' -f1)
+
+if [ $found -eq 0 ] || [ -z $format_id ]; then
+	echo "[!] You've selected unknown FORMAT. Please change it in script's settings."
+	exit 1
+fi
+
+if [ -z "$1" ]; then
+	usage
+	exit 1
+fi
+
+TARGET="$1"
+host "$TARGET" 2>&1 > /dev/null
+
+if [ $? -ne 0 ]; then
+	echo "[!] Specified target host seems to be unavailable!"
+	read -p "Are you sure you want to continue [Y/n]? " -n 1 -r
+	echo
+	if [[ $REPLY =~ ^[Yy]$ ]]
+	then
+		echo > /dev/null
+	else
+		exit 1
+	fi
+fi
+
+echo "[+] Tasked: '$SCAN_PROFILE' scan against '$TARGET' "
+
+target_id=$(omp_cmd -T | grep "$TARGET" | cut -d' ' -f1)
+
+out=""
+if [ -z "$target_id" ]; then
+
+	echo "[>] Creating a target..."
+	out=$(omp -u $USER -w '$PASS' -h $HOST -p $PORT --xml=\
+"<create_target>\
+<name>${TARGET}</name><hosts>$TARGET</hosts>\
+<alive_tests>$ALIVE_TEST</alive_tests>\
+</create_target>")
+	target_id=$(echo "$out" | pcregrep -o1 'id="([^"]+)"')
+
+else
+	echo "[>] Reusing target..."
+fi
+
+if [ -z "$target_id" ]; then
+	echo "[!] Something went wrong, couldn't acquire target's ID! Output:"
+	echo $out
+	exit 1
+else 
+	echo "[+] Target's id: $target_id"
+fi
+
+echo "[>] Creating a task..."
+task_id=$(omp_cmd -C -n "$TARGET" --target=$target_id --config=$scan_profile_id)
+	
+if [ $? -ne 0 ]; then
+	echo "[!] Could not create a task."
+	end
+fi
+
+echo "[+] Task created successfully, id: '$task_id'"
+
+echo "[>] Starting the task..."
+report_id=$(omp_cmd -S $task_id)
+	
+if [ $? -ne 0 ]; then
+	echo "[!] Could not start a task."
+	end
+fi
+
+able_to_clean=0
+
+echo "[+] Task started. Report id: $report_id"
+echo "[.] Awaiting for it to finish. This will take a long while..."
+echo
+
+aborted=0
+while true; do
+    RET=$(omp_cmd -G)
+    if [ $? -ne 0 ]; then 
+			echo '[!] Querying jobs failed.'; 
+			end
+		fi
+
+    RET=$(echo -n "$RET" | grep -m1 "$task_id" | tr '\n' ' ')
+    out=$(echo "$RET" | tr '\n' ' ')
+		echo -ne "$out\r"
+    if [ `echo "$RET" | grep -m1 -i "fail"` ]; then
+			echo '[!] Failed getting running jobs list'
+			end
+		fi
+    echo "$RET" | grep -m1 -i -E "done|Stopped"
+    if [ $? -ne 1 ]; then
+        aborted=1
+        break
+    fi
+    sleep 1
+
+done
+
+if [ $aborted -eq 0 ]; then
+	echo "[+] Job done, generating report..."
+
+	FILENAME=${TARGET// /_}
+	FILENAME="openvas_${FILENAME//[^a-zA-Z0-9_\.\-]/}_$(date +%s)"
+
+	out=$(omp_cmd --get-report $report_id --format $format_id > $FILENAME.$FORMAT )
+
+	if [ $? -ne 0 ]; then 
+		echo '[!] Failed getting report.'; 
+		echo "[!] Output: $out"
+		#end
+	fi
+
+	echo "[+] Scanning done."
+else
+	echo "[?] Scan monitoring has been aborted. You're on your own now."
+fi