-
Notifications
You must be signed in to change notification settings - Fork 90
/
cfg-gen-for-certs.gmp.py
102 lines (75 loc) · 2.84 KB
/
cfg-gen-for-certs.gmp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# SPDX-FileCopyrightText: 2017-2021 Greenbone AG
#
# SPDX-License-Identifier: GPL-3.0-or-later
import sys
from argparse import Namespace
from gvm.errors import GvmError
from gvm.protocols.gmp import Gmp
def check_args(args):
len_args = len(args.script) - 1
if len_args != 1:
message = """
This script creates a new scan config with nvts from a given CERT-Bund!
It needs one parameter after the script name.
1. <cert> -- Name or ID of the CERT-Bund
Example:
$ gvm-script --gmp-username name --gmp-password pass \
ssh --hostname <gsm> scripts/cfg-gen-for-certs.gmp.py CB-K16/0943
"""
print(message)
sys.exit()
def create_scan_config(gmp, cert_bund_name):
cert_bund_details = gmp.get_info(
info_id=cert_bund_name, info_type=gmp.types.InfoType.CERT_BUND_ADV
)
list_cves = cert_bund_details.xpath(
"info/cert_bund_adv/raw_data/Advisory/CVEList/CVE/text()"
)
nvt_dict = dict()
counter = 0
for cve in list_cves:
# Get all nvts of this cve
cve_info = gmp.get_info(info_id=cve, info_type=gmp.types.InfoType.CVE)
nvts = cve_info.xpath("info/cve/nvts/nvt")
for nvt in nvts:
counter += 1
oid = nvt.xpath("@oid")[0]
# We need the nvt family to modify scan config
nvt_data = gmp.get_scan_config_nvt(oid)
family = nvt_data.xpath("nvt/family/text()")[0]
# Create key value map
if family in nvt_dict and oid not in nvt_dict[family]:
nvt_dict[family].append(oid)
else:
nvt_dict[family] = [oid]
# Create new config
copy_id = "085569ce-73ed-11df-83c3-002264764cea"
config_name = f"scanconfig_for_{cert_bund_name}"
config_id = ""
try:
res = gmp.create_scan_config(copy_id, config_name)
config_id = res.xpath("@id")[0]
# Modify the config with the nvts oid
for family, nvt_oid in nvt_dict.items():
try:
gmp.modify_scan_config_set_nvt_selection(
config_id=config_id, nvt_oids=nvt_oid, family=family
)
except GvmError as gvmerr:
print(f"{gvmerr=}")
# This nvts must be present to work
family = "Port scanners"
nvts = ["1.3.6.1.4.1.25623.1.0.14259", "1.3.6.1.4.1.25623.1.0.100315"]
gmp.modify_scan_config_set_nvt_selection(
config_id=config_id, nvt_oids=nvts, family=family
)
except GvmError:
print("Config exist")
def main(gmp: Gmp, args: Namespace) -> None:
# pylint: disable=undefined-variable
check_args(args)
cert_bund_name = args.script[1]
print(f"Creating scan config for {cert_bund_name}")
create_scan_config(gmp, cert_bund_name)
if __name__ == "__gmp__":
main(gmp, args)