Is there any way around to create a scan configuration(scan config) for OpenVAS running in CentOS 7 by specifying the NVT-Families by means of the OMP command create_config ?
If so, please provide a detailed example.
Asked
Active
Viewed 3,768 times
2 Answers
0
I don't know about creating a scan config by specifiying only the NVT families but you can for ex download a config from the greenbone gui and then add
<create_config>YOUR CONFIG RESPONSE GOES HERE</create_config>
Then easily you can with omp
cat scan-config.xml | $CS_OMP -u $USER_NAME -w $USER_PASSWORD -i -X -
Ref: http://docs.greenbone.net/API/OMP/omp-7.0.html#command_create_config
Hardy
- 1
0
This is the only major drawback to automation via OpenVas. You can create a scan config solely using OMP, but how you specify the NVT's to use in config is backwards. You can't specify simply the NVT's you would not like to use. You have to specify the NVT's you'd like to use minus the ones you don't.
i.e. You grab a list of all families, and within each family, you specify every NVT you want by grabbing a list of all nvts within that family. You then modify a cloned default config using repeated calls to modify_config for each family, including all the NVT's you wanted to use in that family.
It is super painful. Nearly every article on the web details either basic scanning, or gui usage which is useless. Programmatically specifying a custom scan config is what you want, and the OMP is not well suited to the task as it is today. If you can find the backend calls gsad (the greenbone UI) is using to directly modify cloned scan configs (i.e. unchecking an unwanted NVT) let me know. I have yet to look at the source code in detail. The problem with that implementation is that it probably circumvents OMP, and is not recommended as it may break with each release of OpenVas.
Goodluck and happy coding.
MalformedPacket
- 22
- 2