VulnScan-OpenVAS Adapter
Do 05 November 2015 by Christoph Bleß en de Tags Vulnerabiliy Scanner / OpenVAS / Java / VulnScan-APIVulnScan-OpenVAS
VulnScan-OpenVAS is a Java library, which implements the VulnScan-API to provide a common and simple way to use some features of OpenVAS in a Java-Application. The sources are available in my account on bitbucket.org. The necesary dependencies are also available in my bitbucket account. The dependencies are the VulnScan-API und the wrapped OpenVASClient. This library and the adapter for Nessus were developed during an academic studies project.
Usage
The first example shows how to create the client and authenticate to the server. The constructor takes three parameters. The first one is the host of the OpenVAS server, the second one is the port the server is listen to. The last parameter is the trustAll flag. This flag is used to set a TrustManager which accepts all SSL certificates. You can set this flag to true if your server runs with a self signed certificate. Otherwise you should set it to false.
try {
// create the Client
AbstractClient client = new OpenVASClient("127.0.0.1", 9390, true);
// authenticate
client.login("testuser", "testuser");
// now you can do some magic stuff with the client ...
} catch(SessionException ex){
// login wasn't successful
} catch (ClientException ex) {
// any other error during the communication with the Server
}
After you are authenticated you can execute other methods. The next example shows the usage of getScans(), getScanDetails(id), getScanStatus(id).
try {
// create client and authenticate
// get all availabe scans
for (Scan s : client.getScans()){
// Do something with the scan
System.out.println(s);
}
// Scan{id=c966cbad-cfc4-4629-a34b-567fda665e26, name=UNI-LAB, status=Done}
// Scan{id=095dd09f-a958-4630-9df3-5172ebb36ae2, name=Windows 7 Scan, status=Stopped}
// ...
// you can also get the details of a scan, which contains the targets
ScanDetails scanDetails = client.getScanDetails("095dd09f-a958-4630-9df3-5172ebb36ae2");
System.out.println(scanDetails);
// ScanDetails{id=c966cbad-cfc4-4629-a34b-567fda665e26, name=UNI-LAB, status=Done, targets=UNI-LAB}
String status = client.getScanStatus("095dd09f-a958-4630-9df3-5172ebb36ae2");
System.out.println(status);
// Done
} catch(SessionException ex){
// login wasn't successful
} catch (ClientException ex) {
// any other error during the communication with the Server
}
It is possible to start, stop, pause or resume existing scans. The following example shows the usage of the launch method, which is used to start a scan.
try {
// create client and authenticate ...
// Start scan with id 095dd09f-a958-4630-9df3-5172ebb36ae2
SString id = client.launch("095dd09f-a958-4630-9df3-5172ebb36ae2");
// we can use the method *getScanStatus* to check the current state of the scan.
while(!"Done".equals(client.getScanStatus(id))){
try {
Thread.sleep(5000);
} catch (InterruptedException ex) {
// Handle Exception
}
}
System.out.println("Scan completed");
} catch(SessionException ex){
// login wasn't successful
} catch (ClientException ex) {
// any other error during the communication with the Server
}
If the scan is completed you can get a list of vulnerabilities which were found during the execution of the scan. To request this list you have to use the method getResults which requires the scan id as parameter.
try {
// create client and authenticate ...
// get a list of vulnerabilities found by the scan
List<Vulnerability> vulns = client.getResults("095dd09f-a958-4630-9df3-5172ebb36ae2");
for (Vulnerability v : vulns){
System.out.println(v);
}
// ...
// Vulnerability{id=4b519e0e-3d75-4a6b-ade7-a73c88757e34, name=/doc directory browsable ?, severity=5.0, pluginId=1.3.6.1.4.1.25623.1.0.10056}
// Vulnerability{id=4eba09e2-a65f-49d3-9742-3257a1c631de, name=Anonymous FTP Checking, severity=0.0, pluginId=1.3.6.1.4.1.25623.1.0.900600}
// Vulnerability{id=bec429e9-62d7-4c51-ad07-487cb0dcdcb2, name=Apache 'mod_deflate' Denial Of Service Vulnerability - July09, severity=7.1, pluginId=1.3.6.1.4.1.25623.1.0.800837}
// Vulnerability{id=3f800da3-030f-4326-be38-e02d6561bc73, name=Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux), severity=7.5, pluginId=1.3.6.1.4.1.25623.1.0.900842}
// ...
} catch(SessionException ex){
// login wasn't successful
} catch (ClientException ex) {
// any other error during the communication with the Server
}
If the scan contains more than one target host you can use the method getResultByHost to get a list of vulnerabilities for each host. The result of this method is a map with the host as key an a list of vulnerabilities as value.
try {
// create client and authenticate ...
// get a list of vulnerabilities sorted by hosts
Map<String, List<Vulnerability>> resultsByHost = client.getResultsByHost("095dd09f-a958-4630-9df3-5172ebb36ae2");
for (String host : resultsByHost.keySet()){
List<Vulnerability> hostVulns = resultsByHost.get(host);
for (Vulnerability v : hostVulns){
System.out.println("Host: " + host + " => " + v);
}
}
// Host: 192.168.56.101 => Vulnerability{id=107bd163-27c7-4cd5-b90f-5eaf43167213, name=vsftpd Compromised Source Packages Backdoor Vulnerability, severity=7.5, pluginId=1.3.6.1.4.1.25623.1.0.103185}
// Host: 192.168.56.101 => Vulnerability{id=72433449-cc58-4a36-9bec-5d2fe3a252e5, name=vsftpd Compromised Source Packages Backdoor Vulnerability, severity=7.5, pluginId=1.3.6.1.4.1.25623.1.0.103185}
// Host: 192.168.56.101 => Vulnerability{id=d19d393a-22fd-4b03-a4ef-7e9df984cdc5, name=wapiti (NASL wrapper), severity=0.0, pluginId=1.3.6.1.4.1.25623.1.0.80110}
} catch(SessionException ex){
// login wasn't successful
} catch (ClientException ex) {
// any other error during the communication with the Server
}
To get more detailed about a vulnerability you can get information about the plugin which found it. To get the information about a plugin you have to use the method getPlugin which needs an id of the plugin.
try {
// ...
// Abrufen der Informationen zu einem Plugin
Plugin plugin = client.getPlugin("1.3.6.1.4.1.25623.1.0.80110");
System.out.println(plugin);
// Plugin{id=1.3.6.1.4.1.25623.1.0.80110, name=wapiti (NASL wrapper), family=Web application abuses, cvss=null, description=NOSUMMARY, references=[]}
} catch(SessionException ex){
// fehlerhafter Login
} catch (ClientException ex) {
// Anderer Fehler bei der Kommunikation mit dem Server
}