OpenVAS Scan Protocol (OSP) Version 1.0 - Greenbone OS 3.1

Contents

  1. Summary of Data Types
  2. Summary of Commands
  3. Data Type Details
  4. Command Details
  5. Summary of Scanner Parameters Types

1 Summary of Data Types

integer
An integer.
string
A string.
boolean
0 or 1.
uuid
A Universally Unique Identifier (UUID).
epoch_time
A date, in unix format.

2 Summary of Commands

help
Get the help text.
get_scans
Get the stored scans.
delete_scan
Delete a finished scan.
get_version
Return various versions.
get_scanner_details
Return scanner description and parameters.
start_scan
Start a new scan.

3 Data Types Details

3.1 Data Type integer

In short: An integer.

3.2 Data Type string

In short: A string.

3.3 Data Type boolean

In short: 0 or 1.

3.4 Data Type uuid

In short: A Universally Unique Identifier (UUID).

3.5 Data Type epoch_time

In short: A date, in unix format.

4 Command Details

4.1 Command help

In short: Get the help text.

4.1.1 Structure

4.1.3 Example: Get the help text

Client
 <help format="xml"/>
    
OSPD
 <help_response status_text="OK"
                    status="200">
       <delete_scan>
         <attributes>
           <scan_id>ID of scan to delete</scan_id>
         </attributes>
         <elements/>
         <description>Delete a finished scan</description>
       </delete_scan>
       <help>
         <attributes>
           <format>Help format. Could be text or xml</format>
         </attributes>
         <elements/>
         <description>Print the commands help</description>
       </help>
       <get_version>
         <attributes/>
         <elements/>
         <description>Return various versions</description>
       </get_version>
       <get_scanner_details>
         <attributes/>
         <elements/>
         <description>Return scanner description and parameters</description>
       </get_scanner_details>
       <start_scan>
         <attributes>
           <target>Target host to scan</target>
         </attributes>
         <elements>
           <scanner_params>
             <profile>Scan profile</profile>
             <target_port>Target port</target_port>
             <use_https>Use HTTPS</use_https>
             <w3af_timeout>w3af scan timeout</w3af_timeout>
           </scanner_params>
         </elements>
         <description>Start a new scan</description>
       </start_scan>
       <get_scans>
         <attributes>
           <scan_id>ID of a specific scan to get</scan_id>
           <details>Whether to return the full scan report</details>
         </attributes>
         <elements/>
         <description>List the scans in buffer</description>
       </get_scans>
     </help_response>
    

4.2 Command get_scans

In short: Get the stored scans.

4.2.1 Structure

4.2.3 Example: Get a scan report summary

Client
 <get_scans scan_id="f14747d3-a4d7-4e79-99bb-a0a1276cb78c"
                details="1"/>
    
OSPD
 <get_scans_response status_text="OK"
                         status="200">
       <scan id="9750f1f8-07aa-49cc-9c31-2f9e469c8f65"
             target="192.168.1.252"
             end_time="1432824234"
             progress="100"
             start_time="1432824206">
         <results>
           <result host="192.168.1.252"
                   severity="2.5"
                   port="443/tcp"
                   test_id=""
                   name="Path disclosure vulnerability"
                   type="Alarm">
             The URL: "https://192.168.1.252/" has a path disclosure vulnerability which discloses "/var/www/phpinfo.php" HTTP Request Status: GET https://192.168.1.252/ HTTP/1.1 HTTP Request Headers: Host: 192.168.1.252 Accept-encoding: gzip, deflate Accept: */* User-agent: w3af.org HTTP Response Status: HTTP/1.1 200 OK
           </result>
         </results>
       </scan>
     </get_scans_response>
    

4.3 Command delete_scan

In short: Delete a finished scan.

4.3.1 Structure

4.3.3 Example: Delete a scan successfuly

Client
 <delete_scan scan_id="013587e3-b4d7-8e79-9ebb-90a2133c338c"/>
    
OSPD
 <delete_scan_response status_text="OK"
                           status="200"/>
    

4.4 Command get_version

In short: Return various versions.

4.4.1 Structure

4.4.3 Example: Get protocol, scanner and daemon versions

Client
 <get_version/>
    
OSPD
 <get_version_response status_text="OK"
                           status="200">
       <protocol>
         <version>1.0</version>
         <name>OSP</name>
       </protocol>
       <daemon>
         <version>generic version</version>
         <name>generic ospd</name>
       </daemon>
       <scanner>
         <version>1.6.0.4</version>
         <name>w3af</name>
       </scanner>
     </get_version_response>
    

4.5 Command get_scanner_details

In short: Return scanner description and parameters.

4.5.1 Structure

4.5.3 Example: Get scanner details

Client
 <get_scanner_details/>
    
OSPD
 <get_scanner_details_response status_text="OK"
                                   status="200">
       <description>...</description>
       <scanner_params>
         <scanner_param id="profile"
                        type="string">
           <name>Scan profile</name>
           <description>
             Scan profiles are predefined set of plugins and customized configurations.
           </description>
           <default>fast_scan</default>
         </scanner_param>
         <scanner_param id="target_port"
                        type="integer">
           <name>Target port</name>
           <description>Port on target host to scan</description>
           <default>80</default>
         </scanner_param>
         <scanner_param id="use_https"
                        type="boolean">
           <name>Use HTTPS</name>
           <description>Whether the target application is running over HTTPS</description>
           <default>0</default>
         </scanner_param>
         <scanner_param id="w3af_timeout"
                        type="integer">
           <name>w3af scan timeout</name>
           <description>Time to wait for the w3af scan to finish</description>
           <default>3600</default>
         </scanner_param>
       </scanner_params>
     </get_scanner_details_response>
    

4.6 Command start_scan

In short: Start a new scan.

4.6.1 Structure

4.6.3 Example: Start a new scan

Client
 <start_scan target="localhost">
       <scanner_params>
         <target_port>443</target_port>
         <use_https>1</use_https>
         <profile>fast_scan</profile>
       </scanner_params>
     </start_scan>
    
OSPD
 <start_scan_response status_text="OK"
                          status="200">
       <id>2f616d53-595f-4785-9b97-4395116ca118</id>
     </start_scan_response>
    

5 Summary of Scanner Parameters Types

integer
An integer value.
string
A string.
boolean
0 or 1.
selection
A value out of the | seperated values list.
password
A password.
file
A file's content.
ovaldef_file
An ovaldef file's content that is base64 encoded.