How to connect to remote OpenVas scanner with python?

Question

I am exploring OpenVas tool for a project requirement, openVas is currently managed by Greenbone. I am getting error when I try to use remote scanner using python api.

I did all initial configuration, setup the required gui account etc and was able to scan the required systems manually however when I try to do the same using Python Api its not working. There isn't any example available on internet nor in there manual to verify my code. I have used [https://pypi.org/project/python-gvm/] api.

I wrote simple code but its not working..

from gvm.connections import SSHConnection
from gvm.protocols.latest import Gmp
from gvm.transforms import EtreeTransform
from gvm.xml import pretty_print

connection = SSHConnection(hostname='192.168.1.84',username='alex',password='alex@123')
gmp = Gmp(connection)
gmp.authenticate('admin', 'admin')

# Retrieve current GMP version
version = gmp.get_version()

# Prints the XML in beautiful form
pretty_print(version)

I am getting error-

/usr/bin/python3.7 /home/punshi/PycharmProjects/nessus_api/openvas-greenbone.py
/usr/local/lib/python3.7/dist-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  m.add_string(self.Q_C.public_numbers().encode_point())
/usr/local/lib/python3.7/dist-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.curve, Q_S_bytes
/usr/local/lib/python3.7/dist-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  hm.add_string(self.Q_C.public_numbers().encode_point())
Traceback (most recent call last):
  File "/home/punshi/PycharmProjects/nessus_api/openvas-greenbone.py", line 8, in <module>
    gmp.authenticate('admin', 'admin')
  File "/usr/local/lib/python3.7/dist-packages/gvm/protocols/gmpv7.py", line 211, in authenticate
    response = self._read()
  File "/usr/local/lib/python3.7/dist-packages/gvm/protocols/base.py", line 54, in _read
    return self._connection.read()
  File "/usr/local/lib/python3.7/dist-packages/gvm/connections.py", line 126, in read
    raise GvmError('Remote closed the connection')
gvm.errors.GvmError: Remote closed the connection

Process finished with exit code 1

I have tested SSH connection manually so the problem is either with my code or some other.

Additional Detail-

Ubuntu 16,
Greenbone Security Assistant 7.0.3 (gui)
Open Vas - 9.0.3

Answer 1

I've exactly the same problem that I solved it with TLSConnection instead of SSHConnection. Here is your code:

import gvm
from gvm.protocols.latest import Gmp
from gvm.transforms import EtreeTransform
from gvm.xml import pretty_print

connection =gvm.connections.TLSConnection(hostname='192.168.1.84')
gmp = Gmp(connection)
gmp.authenticate('admin', 'admin')

# Retrieve current GMP version
version = gmp.get_version()

# Prints the XML in beautiful form
pretty_print(version)

Answer 2

I am exploring OpenVas tool for a project requirement, openVas is currently managed by Greenbone.

Just a side note. OpenVAS is developed by Greenbone since many years now. Therefore we did rename the project to Greenbone Vulnerability Management (GVM) with version 10. Only the actual scanner component will be still named after OpenVAS. See https://community.greenbone.net/t/is-openvas-manager-and-gvmd-the-same/1777/3 for more details.

Using the SSHConnection needs some additional setup at the remote server. Using TLSConnection might be easier but needs also changes in the settings of gvmd/openvasmd because it is only listening on a unix socket by default.