A tool to convert OpenVAS XML into reports.

Project description

OpenVAS Reporting:

A tool to convert OpenVAS XML into reports.

Report example screenshot

Read the full documentation at https://openvas-reporting.stijncrevits.be

I forked OpenVAS2Report since it didn't manage to convert all reports I threw at it and because I wanted to learn how to use Python for working with XML and creating Excel files.
Also, OpenVAS mixes their own threat levels with the CVSS scoring, the latter of which I prefer to use in my reports.

Looking for a fix and providing an actual fix through a pull request would have been too much work, so I chose to fork the repo and try my own thing.
I reorganised some of the files, removed some functionality and added some extra, and rewrote some functions.

At this moment in time, the script only output .xlsx documents in one format, this may (not) change in the future.

Requirements

Python version 3
XlsxWriter

Installation

# install requirements
apt(-get) install python3 python3-pip # Debian, Ubuntu
yum -y install python3 python3-pip    # CentOS
dnf install python3 python3-pip       # Fedora
pip3 install -r requirements.txt
# clone repo
git clone git@github.com:TheGroundZero/openvas_to_report.git

Usage

python3 -m openvasreporting -i [OpenVAS xml file(s)] -o [Report output file.xlsx] [-l [minimal threat level (n, l, m, h, c)]]

Create Excel report from 1 OpenVAS XML report using default settings

python3 -m openvasreporting -i openvasreport.xml -o excelreport.xlsx

Create Excel report from multiple OpenVAS reports using default settings

# wildcard select
python3 -m openvasreporting -i *.xml -o excelreport.xlsx
# selective
python3 -m openvasreporting -i openvasreport1.xml -i openvasreport2.xml -o excelreport.xlsx

Create Excel report from multiple OpenVAS reports, reporting only threat level high and up

python3 -m openvasreporting -i *.xml -o excelreport.xlsx -l h

Result

The final report will then look something like this:

Report example screenshot - Summary Report example screenshot - ToC Report example screenshot - Vuln desc

Worksheets are sorted according to CVSS score and are colored according to the vulnerability level.

Ideas

Some of the ideas I still have for future functionality:

list vulnerabilities per host
make pip installer
filter by host (scope/exclude) as in OpenVAS2Report
export to other formats (CSV, Word, PDF)
select threat levels individually (e.g. none and low; but not med, high and crit)

Project details

Release history Release notifications | RSS feed

1.5.2

Nov 26, 2021

1.5.1

Nov 25, 2021

1.5.post3

Dec 2, 2021

1.4.3

Apr 8, 2019

1.4.2

Nov 5, 2018

1.4.1

Oct 10, 2018

1.4.0

Sep 27, 2018

1.3.1

Sep 27, 2018

1.3.0

Sep 20, 2018

1.2.3

Sep 20, 2018

1.2.2

Sep 13, 2018

1.2.1

Sep 13, 2018

1.2.0

Sep 10, 2018

This version

1.1.0a0 pre-release

Aug 31, 2018

1.0.1a0 pre-release

Aug 31, 2018

1.0.0

Aug 31, 2018

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

OpenVAS Reporting-1.1.0a0.tar.gz (1.5 MB view hashes)

Uploaded Sep 10, 2018 source

Built Distribution

OpenVAS_Reporting-1.1.0a0-py3-none-any.whl (6.1 kB view hashes)

Uploaded Aug 31, 2018 py3

Hashes for OpenVAS Reporting-1.1.0a0.tar.gz

Hashes for OpenVAS Reporting-1.1.0a0.tar.gz
Algorithm	Hash digest
SHA256	`5bb6c61c878987697c4c4bb7b1da21c215517f1895d8a4e48717cde2bd7df13a`
MD5	`47ce0c6c2a8489a2ed6eaef3dc15d408`
BLAKE2b-256	`9fcc9210131950430dc76c238c1ba7ee8d6f6b6962db60e3b5144af5593f271f`

Hashes for OpenVAS_Reporting-1.1.0a0-py3-none-any.whl

Hashes for OpenVAS_Reporting-1.1.0a0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`3f03d5e0c723d889f2d2b8cd202f79ce1f1be38325f5b61230ae011b3455cd91`
MD5	`300964747fbd6b4946cb64e5e5719cc0`
BLAKE2b-256	`ccc77b26d7de0912951d75de99747e289769e47b74a10d30f1d273668991fff6`