From 48f5170d3254b3557fb3b52c14fff6e5aadf8e44 Mon Sep 17 00:00:00 2001 From: mgeeky Date: Wed, 11 Dec 2019 11:42:02 +0100 Subject: [PATCH] openvas-automate.sh --- others/README.md | 2 + others/openvas-automate.sh | 284 +++++++++++++++++++++++++++++++++++++ 2 files changed, 286 insertions(+) create mode 100644 others/openvas-automate.sh diff --git a/others/README.md b/others/README.md index 44be154..e4d44d3 100644 --- a/others/README.md +++ b/others/README.md @@ -9,6 +9,8 @@ - **`forticlientsslvpn-expect.sh`** - Forticlient SSL VPN Client launching script utilizing expect. Useful while working for clients exposing their local networks through a Fortinet SSL VPN. [gist](https://gist.githubusercontent.com/mgeeky/8afc0e32b8b97fd6f96fce6098615a93/raw/cf127be09d02e04c00eb578e4ef1219a773d21cf/forticlientsslvpn-expect.sh) +- **`openvas-automate.sh`** - A simple OpenVAS scanner automation script. If you want to use your custom defined scan type - you'll need to edit script's code, especially `targets` array and `if` decision statement in lines 111-137. [gist](https://gist.github.com/mgeeky/a038f809dff4d308db94f5f657908da7) + - **`playRTPStream.sh`** - Using rtpdump to play RTP streams from PCAP files with VLC. This script was useful to extract RTP Streams from sniffed VoIP communication and then with a help of VLC to dump those streams into valid .wav files. (https://github.com/hdiniz/rtpdump). [gist](https://gist.github.com/mgeeky/0b8bd81a3f6fb70eec543bc0bae2f079) - **`vm-manager.sh`** - A bash script offering several aliases/functions for quick management of a single Virtualbox VM machine. Handy to use it for example to manage a Kali box. By issuing `startkali` the VM will raise, `sshkali` - offers instant SSH into your VM, `getkali` - returns VM's IP address, `iskali` - checks whether VM is running, `stopkali` goes without explanation. [gist](https://gist.github.com/mgeeky/80b1f7addb792796d8bfb67188d72f4a) diff --git a/others/openvas-automate.sh b/others/openvas-automate.sh new file mode 100644 index 0000000..e4624e2 --- /dev/null +++ b/others/openvas-automate.sh @@ -0,0 +1,284 @@ +#!/bin/bash +# +# OpenVAS automation script. +# Mariusz B. / mgeeky, '17 +# v0.2 +# + +trap ctrl_c INT + +# --- CONFIGURATION --- + +USER= +PASS= +HOST=127.0.0.1 +PORT=9390 + +# Must be one of the below defined targets +SCAN_PROFILE="" +#SCAN_PROFILE="Full and fast ultimate" + +FORMAT="PDF" + +# A valid "alive_test" parameter +# Defines how it is determined if the targets are alive +# Currently, valid values are the following: +# Scan Config Default +# ICMP, TCP-ACK Service & ARP Ping +# TCP-ACK Service & ARP Ping +# ICMP & ARP Ping +# ICMP & TCP-ACK Service Ping +# ARP Ping +# TCP-ACK Service Ping +# TCP-SYN Service Ping +# ICMP Ping +# Consider Alive +ALIVE_TEST='ICMP, TCP-ACK Service & ARP Ping' + +# --- END OF CONFIGURATION --- + +targets=( + "Discovery" + "Full and fast" + "Full and fast ultimate" + "Full and very deep" + "Full and very deep ultimate" + "Host Discovery" + "System Discovery" +) + +formats=( + "ARF" + "CPE" + "HTML" + "ITG" + "NBE" + "PDF" + "TXT" + "XML" +) + +able_to_clean=1 + +function usage { + echo + echo -ne "Usage: openvas-automate.sh " + echo + echo -ne "\n host\t- IP address or domain name of the host target." + echo + echo +} + +function omp_cmd { + cmd="omp -u $USER -w \"$PASS\" -h $HOST -p $PORT $@" + #>&2 echo "DBG: OMP cmd: \"$cmd\"" + eval $cmd 2>&1 +} + +function omp_cmd_xml { + omp_cmd "--xml='$@'" +} + +function end { + echo "[>] Performing cleanup" + + if [ $able_to_clean -eq 1 ]; then + omp_cmd -D $task_id + omp_cmd -X '' + fi + exit 1 +} + +function ctrl_c() { + echo "[?] CTRL-C trapped." + exit 1 + end +} + +echo +echo " :: OpenVAS automation script." +echo " mgeeky, 0.2" +echo + +out=$(omp_cmd -g | grep -i "discovery") +if [ -z "$out" ]; then + echo "Exiting due to OpenVAS authentication failure." + exit 1 +fi + +echo "[+] OpenVAS authenticated." + +if [ -z "$SCAN_PROFILE" ]; then + echo "[>] Please select scan type:" + echo -e "\t1. Discovery" + echo -e "\t2. Full and fast" + echo -e "\t3. Full and fast ultimate" + echo -e "\t4. Full and very deep" + echo -e "\t5. Full and very deep ultimate" + echo -e "\t6. Host Discovery" + echo -e "\t7. System Discovery" + echo -e "\t9. Exit" + echo "" + echo "--------------------------------" + + read -p "Please select an option: " m + + if [ $m -eq 9 ]; then exit 0; + elif [ $m -eq 1 ]; then SCAN_PROFILE="Discovery" + elif [ $m -eq 2 ]; then SCAN_PROFILE="Full and fast" + elif [ $m -eq 3 ]; then SCAN_PROFILE="Full and fast ultimate" + elif [ $m -eq 4 ]; then SCAN_PROFILE="Full and very deep" + elif [ $m -eq 5 ]; then SCAN_PROFILE="Full and very deep ultimate" + elif [ $m -eq 6 ]; then SCAN_PROFILE="Host Discovery" + elif [ $m -eq 7 ]; then SCAN_PROFILE="System Discovery" + else echo "[!] Unknown profile selected" && exit 1 + fi + echo +fi + +found=0 + +for i in "${targets[@]}" +do + if [ "$i" == "$SCAN_PROFILE" ]; then + found=1 + break + fi +done + +scan_profile_id=$(omp_cmd -g | grep "$SCAN_PROFILE" | cut -d' ' -f1) +if [ $found -eq 0 ] || [ -z "$scan_profile_id" ]; then + echo "[!] You've selected unknown SCAN_PROFILE. Please change it in script's settings." + exit 1 +fi + +found=0 + +for i in "${formats[@]}" +do + if [ "$i" == "$FORMAT" ]; then + found=1 + break + fi +done + +format_id=$(omp_cmd -F | grep "$FORMAT" | cut -d' ' -f1) + +if [ $found -eq 0 ] || [ -z $format_id ]; then + echo "[!] You've selected unknown FORMAT. Please change it in script's settings." + exit 1 +fi + +if [ -z "$1" ]; then + usage + exit 1 +fi + +TARGET="$1" +host "$TARGET" 2>&1 > /dev/null + +if [ $? -ne 0 ]; then + echo "[!] Specified target host seems to be unavailable!" + read -p "Are you sure you want to continue [Y/n]? " -n 1 -r + echo + if [[ $REPLY =~ ^[Yy]$ ]] + then + echo > /dev/null + else + exit 1 + fi +fi + +echo "[+] Tasked: '$SCAN_PROFILE' scan against '$TARGET' " + +target_id=$(omp_cmd -T | grep "$TARGET" | cut -d' ' -f1) + +out="" +if [ -z "$target_id" ]; then + + echo "[>] Creating a target..." + out=$(omp -u $USER -w '$PASS' -h $HOST -p $PORT --xml=\ +"\ +${TARGET}$TARGET\ +$ALIVE_TEST\ +") + target_id=$(echo "$out" | pcregrep -o1 'id="([^"]+)"') + +else + echo "[>] Reusing target..." +fi + +if [ -z "$target_id" ]; then + echo "[!] Something went wrong, couldn't acquire target's ID! Output:" + echo $out + exit 1 +else + echo "[+] Target's id: $target_id" +fi + +echo "[>] Creating a task..." +task_id=$(omp_cmd -C -n "$TARGET" --target=$target_id --config=$scan_profile_id) + +if [ $? -ne 0 ]; then + echo "[!] Could not create a task." + end +fi + +echo "[+] Task created successfully, id: '$task_id'" + +echo "[>] Starting the task..." +report_id=$(omp_cmd -S $task_id) + +if [ $? -ne 0 ]; then + echo "[!] Could not start a task." + end +fi + +able_to_clean=0 + +echo "[+] Task started. Report id: $report_id" +echo "[.] Awaiting for it to finish. This will take a long while..." +echo + +aborted=0 +while true; do + RET=$(omp_cmd -G) + if [ $? -ne 0 ]; then + echo '[!] Querying jobs failed.'; + end + fi + + RET=$(echo -n "$RET" | grep -m1 "$task_id" | tr '\n' ' ') + out=$(echo "$RET" | tr '\n' ' ') + echo -ne "$out\r" + if [ `echo "$RET" | grep -m1 -i "fail"` ]; then + echo '[!] Failed getting running jobs list' + end + fi + echo "$RET" | grep -m1 -i -E "done|Stopped" + if [ $? -ne 1 ]; then + aborted=1 + break + fi + sleep 1 + +done + +if [ $aborted -eq 0 ]; then + echo "[+] Job done, generating report..." + + FILENAME=${TARGET// /_} + FILENAME="openvas_${FILENAME//[^a-zA-Z0-9_\.\-]/}_$(date +%s)" + + out=$(omp_cmd --get-report $report_id --format $format_id > $FILENAME.$FORMAT ) + + if [ $? -ne 0 ]; then + echo '[!] Failed getting report.'; + echo "[!] Output: $out" + #end + fi + + echo "[+] Scanning done." +else + echo "[?] Scan monitoring has been aborted. You're on your own now." +fi