A tool to convert OpenVAS XML into reports.
Read the full documentation at https://openvas-reporting.sequr.be
I forked OpenVAS2Report since it didn't manage to convert all reports I threw at it
and because I wanted to learn how to use Python for working with XML and creating Excel files.
Also, OpenVAS mixes their own threat levels with the CVSS scoring, the latter of which I prefer to use in my reports.
Looking for a fix and providing an actual fix through a pull request would have been too much work,
so I chose to fork the repo and try my own thing.
I reorganised some of the files, removed some functionality and added some extra, and rewrote some functions.
At this moment in time, the script only output .xlsx documents in one format, this may (not) change in the future.
# Install requirements apt(-get) install python3 python3-pip # Debian, Ubuntu yum -y install python3 python3-pip # CentOS dnf install python3 python3-pip # Fedora pip3 install -r requirements.txt # Clone repo git clone https://github.com/TheGroundZero/openvasreporting.git ## Install module (not required when running from repo base folder) #cd openvasreporting #pip3 install .
Alternatively, you can install the package through the Python package installer 'pip'.
This currently has some issues (see #4)
# Install pip3 apt(-get) install python3 python3-pip # Debian, Ubuntu yum -y install python3 python3-pip # CentOS dnf install python3 python3-pip # Fedora # Install the package pip3 install OpenVAS-Reporting
# When working from the Git repo python3 -m openvasreporting -i [OpenVAS xml file(s)] [-o [Output file]] [-f [Output format]] [-l [minimal threat level (n, l, m, h, c)]] [-f [docx template]] # When using the pip package openvasreporting -i [OpenVAS xml file(s)] [-o [Output file]] [-f [Output format]] [-l [minimal threat level (n, l, m, h, c)]] [-f [docx template]]
|Short param||Long param||Description||Required||Default value|
Create Excel report from 1 OpenVAS XML report using default settings
python3 -m openvasreporting -i openvasreport.xml -f xlsx
Create Excel report from multiple OpenVAS reports using default settings
# wildcard select python3 -m openvasreporting -i *.xml -f xlsx # selective python3 -m openvasreporting -i openvasreport1.xml -i openvasreport2.xml -f xlsx
Create Word report from multiple OpenVAS reports, reporting only threat level high and up, use custom template
python3 -m openvasreporting -i *.xml -o docxreport -f docx -l h -t "/home/user/myOpenvasTemplate.docx"
The final report (in Excel format) will then look something like this:
Worksheets are sorted according to CVSS score and are colored according to the vulnerability level.
Some of the ideas I still have for future functionality:
- list vulnerabilities per host
- filter by host (scope/exclude) as in OpenVAS2Report
- select threat levels individually (e.g. none and low; but not med, high and crit)
- import other formats (not only XML), e.g. CSV as suggested in this issue