#!/bin/bash###trap ctrl_c INT# --- CONFIGURATION ---USER=<USERNAME>PAS

1. #!/bin/bash
2. #
3. #
4. #
5.  
6. trap ctrl_c INT
7.  
8. # --- CONFIGURATION ---
9.  
10. USER=<USERNAME>
11. PASS=<PASSWORD>
12. HOST=127.0.0.1
13. PORT=9390
14.  
15. # Must be one of the below defined targets
16. SCAN_PROFILE="Full and fast ultimate"
17.  
18. FORMAT="PDF"
19.  
20. # A valid "alive_test" parameter
21. # Defines how it is determined if the targets are alive
22. # Currently, valid values are the following:
23. # Scan Config Default
24. # ICMP, TCP-ACK Service & ARP Ping
25. # TCP-ACK Service & ARP Ping
26. # ICMP & ARP Ping
27. # ICMP & TCP-ACK Service Ping
28. # ARP Ping
29. # TCP-ACK Service Ping
30. # TCP-SYN Service Ping
31. # ICMP Ping
32. # Consider Alive
33. ALIVE_TEST='ICMP, TCP-ACK Service & ARP Ping'
34.  
35. # --- END OF CONFIGURATION ---
36.  
37. targets=(
38. "Discovery"
39. "empty"
40. "Full and fast"
41. "Full and fast ultimate"
42. "Full and very deep"
43. "Full and very deep ultimate"
44. "Host Discovery"
45. "System Discovery"
46. )
47.  
48. formats=(
49. "ARF"
50. "CPE"
51. "HTML"
52. "ITG"
53. "NBE"
54. "PDF"
55. "TXT"
56. "XML"
57. )
58.  
59. function usage {
60. echo
61. echo -ne "Usage: openvas-automate.sh <host>"
62. echo
63. echo -ne "\n host\t- IP address or domain name of the host target."
64. echo
65. echo
66. }
67.  
68. function omp_cmd {
69. cmd="omp -u $USER -w $PASS -h $HOST -p $PORT $@"
70. #>&2 echo "DBG: OMP cmd: \"$cmd\""
71. $cmd 2>&1
72. }
73.  
74. function omp_cmd_xml {
75. omp_cmd "--xml='$@'"
76. }
77.  
78. function end {
79. echo "[>] Performing cleanup"
80.  
81. omp_cmd -D $task_id
82. omp_cmd -X '<delete_target target_id="'$target_id'"/>'
83. exit 1
84. }
85.  
86. function ctrl_c() {
87. echo "[?] CTRL-C trapped."
88. end
89. }
90.  
91.  
92. found=0
93.  
94. for i in "${targets[@]}"
95. do
96. if [ "$i" == "$SCAN_PROFILE" ]; then
97. found=1
98. break
99. fi
100. done
101.  
102. scan_profile_id=$(omp_cmd -g | grep "$SCAN_PROFILE" | cut -d' ' -f1)
103. if [ $found -eq 0 ] || [ -z $scan_profile_id ]; then
104. echo "[!] You've selected unknown SCAN_PROFILE. Please change it in script's settings."
105. exit 1
106. fi
107.  
108. found=0
109.  
110. for i in "${formats[@]}"
111. do
112. if [ "$i" == "$FORMAT" ]; then
113. found=1
114. break
115. fi
116. done
117.  
118. format_id=$(omp_cmd -F | grep "$FORMAT" | cut -d' ' -f1)
119.  
120. if [ $found -eq 0 ] || [ -z $format_id ]; then
121. echo "[!] You've selected unknown FORMAT. Please change it in script's settings."
122. exit 1
123. fi
124.  
125. if [ -z "$1" ]; then
126. usage
127. exit 1
128. fi
129.  
130. TARGET="$1"
131. host "$TARGET" 2>&1 > /dev/null
132.  
133. if [ $? -ne 0 ]; then
134. echo "[!] Specified target host seems to be unavailable!"
135. read -p "Are you sure you want to continue [Y/n]? " -n 1 -r
136. echo
137. if [[ $REPLY =~ ^[Yy]$ ]]
138. then
139. echo > /dev/null
140. else
141. exit 1
142. fi
143. fi
144.  
145. echo "[+] Tasked: '$SCAN_PROFILE' scan against '$TARGET' "
146.  
147. target_id=$(omp_cmd -T | grep "$TARGET" | cut -d' ' -f1)
148.  
149. out=""
150. if [ -z "$target_id" ]; then
151.  
152. echo "[>] Creating a target..."
153. out=$(omp -u $USER -w $PASS -h $HOST -p $PORT --xml=\
154. "<create_target>\
155. <name>${TARGET}</name><hosts>$TARGET</hosts>\
156. <alive_tests>$ALIVE_TEST</alive_tests>\
157. </create_target>")
158. target_id=$(echo "$out" | pcregrep -o1 'id="([^"]+)"')
159.  
160. else
161. echo "[>] Reusing target..."
162. fi
163.  
164. if [ -z "$target_id" ]; then
165. echo "[!] Something went wrong, couldn't acquire target's ID! Output:"
166. echo $out
167. exit 1
168. else
169. echo "[+] Target's id: $target_id"
170. fi
171.  
172. echo "[>] Creating a task..."
173. task_id=$(omp_cmd -C -n "$TARGET" --target=$target_id --config=$scan_profile_id)
174.  
175. if [ $? -ne 0 ]; then
176. echo "[!] Could not create a task."
177. end
178. fi
179.  
180. echo "[+] Task created successfully. ID = '$task_id'"
181.  
182. echo "[>] Starting the task..."
183. report_id=$(omp_cmd -S $task_id)
184.  
185. if [ $? -ne 0 ]; then
186. echo "[!] Could not start a task."
187. end
188. fi
189.  
190. echo "[+] Task started. Report id: $report_id"
191. echo "[.] Awaiting for it to finish..."
192.  
193. while true; do
194. RET=$(omp_cmd -G)
195. if [ $? -ne 0 ]; then
196. echo '[!] Querying jobs failed.';
197. end
198. fi
199.  
200. RET=$(echo -n "$RET" | grep -m1 "$task_id" | tr '\n' ' ')
201. out=$(echo "$RET" | tr '\n' ' ')
202. echo -ne "$out\r"
203. if [ `echo "$RET" | grep -m1 -i "fail"` ]; then
204. echo '[!] Failed getting running jobs list'
205. end
206. fi
207. echo "$RET" | grep -m1 -i -E "done|Stopped" && break
208. sleep 1
209. done
210.  
211. echo "[+] Job done, generating report..."
212.  
213. FILENAME=${TARGET// /_}
214. FILENAME="openvas_${FILENAME//[^a-zA-Z0-9_\.\-]/}_$(date +%s)"
215.  
216. out=$(omp_cmd --get-report $report_id --format $format_id > $FILENAME.$FORMAT )
217.  
218. if [ $? -ne 0 ]; then
219. echo '[!] Failed getting report.';
220. echo "[!] Output: $out"
221. #end
222. fi
223.  
224. echo "[+] Scanning done."
225. #end