English | Deutsch
Home »

OpenVAS Change Request #28: OpenVAS Management Protocol (OMP)

Status: Voted +8. Released with openvas-manager 1.0.0.

For the final specification of OMP please refer to this page: Protocol Documentation.

Purpose

To introduce a new protocol for the communication between OpenVAS client and server applications that finally does drop the design flaws of NTP/OTP.

To allow for consistent, privilege-separating server-side management of user data like tasks, reports etc.

To allow for easy HTTP/XML-based implementations.

References

(none)

Rationale

The OpenVAS server and client use the OpenVAS Transfer Protocol (OTP) for communication. OTP is a descendant of the Nessus Transfer Protocol (NTP). OTP cleaned up unused, dangerous and inconsistent elements from NTP and introduced some small helpful extra-features, but it still inherited various design weaknesses of NTP such as broken escaping, newlines etc. OMP aims to implement existing functionality in a clean and modern manner and to be open for future improvements.

The design goals for this new protocol should be:

This change request proposes an XML based approach to satisfy the goals described above. A first draft of the proposed protocol is available in the section "Design and Implementation" of this Change Request.

Effects

Client and server elements need to be provided with the ability to communicate via OMP. On the OpenVAS-Client-side this can be done by offering OMP as an alternative protocol and thus OpenVAS-Client will remain compatible with OTP servers.

It will be possible to develop "light" clients without local storage because OMP offers to store user data.

The server side will need a comprehensive re-design to allow for the features of OMP, namely the user data. For transistion phase it is fairly simple to translate OMP into OTP which essentially means that it is possible to leave openvasd untouched and place a OMP layer between clients and openvasd. Consequently, OTP will always be available as a fall back and thus users are not confronted with a mandatory change of concept, they can decide on their own.

Design and Implementation

The main implementation strategy is to implement a new layer between openvasd and the clients as "openvas-manager" which uses OMP to communicate with the clients, stores user data and communicates via OTP with openvasd. based on this, OpenVAS-Client can be provided with OMP abilities additional to OTP. Eventually openvasd can be drastically minimized to do the core job only and thus allow for privilege separation.

Protocol Design

The OpenVAS Management Protocol is intended for use between OpenVAS clients and an OpenVAS manager component.

The current specification proposes an XML based approach. This is intended to allow for easy integration into other XML capable protocols and communication methods, e.g. Web Services/SOAP, XmlHttpRequest, REST or other methods of invoking remote functionality.

One design consideration is to keep the actual syntax adaptable for different communication technologies. The present specification assumes a simple XML-based communication protocol. Possible alternatives are implementations of the OMP functionality using the very same keywords e.g. based on HTTP GET/POST technology. Thus, any implementation of OMP should keep the actual communication technology separate from the implementation of the semantic functionality.

Human-readable strings are encoded as UTF-8.

Files or other binary data is expected to be Base64 encoded.

The OMP communication between a client and the manager takes a simple command response form. The client sends a command, a single XML element, to the manager. The manager responds with a single XML element.

There is a predefined set of OMP commands, each of which is described below.

For a client, using OMP centers around creating and manipulating resources. The key resource is the task. A task defines a network vulnerability scan. The scan can be performed by running the task, for example with the start_task command. A task is created with the create_task command by combining at least two of the other resources: a config and a target.

Numerical response codes

The OpenVAS manager uses numerical response codes to indicate whether a command issued by the client could be executed successfully. The response codes are very similar to the response codes used by HTTP as specified in RFC 2616; a response code in the 2xx range indicates that the command has been successfully received, understood, and accepted. A response code in the 4xx range indicates that the command issued could not be executed due to error made by the client. A response in the 5xx range indicates that an error occurred in the manager during the processing of this command.
Responses are expected to include helpful information whenever possible, like the ID of the resulting report when a task is started.
Implementations which transfer OMP using a response-code aware protocol (e.g. HTTP) might want to consider including this status code in the message generated by this protocol.

Unique ID scheme

The protocol uses random UUIDs as described in RFC 4122.

Authentication

The client is expected to execute an authentication command at the beginning of each connection. The only commands that can precede authentication are get_version and commands. The authenticate command looks like the following:

<authentication>
  <credentials>
    <username>FooBar</username>
    <password>276LkeFHJWnCaD6ynSlP6mnf9</password>
  </credentials>
</authentication>
In future version of the protocol, other types of credentials are to be expected. If the credentials supplied by the client are not sufficient, the manager must reply with:
<authentication_response status="400" status_text="Authentication failed" />

Summary of Protocol Primitives / Commands

authenticate Authenticate with the manager.
commands Execute a list of OMP commands.
create_agent Create an agent.
create_config Create a scan configuration.
create_escalator Create an escalator.
create_lsc_credential Create a local security check credential.
create_note Create a note.
create_override Create an override.
create_schedule Create a schedule.
create_target Create a target.
create_task Create a new task.
delete_agent Delete an agent.
delete_config Delete a config.
delete_escalator Delete an escalator.
delete_lsc_credential Delete a local security check credential.
delete_note Delete a note.
delete_override Delete an override.
delete_report Delete an existing report.
delete_schedule Delete a schedule.
delete_target Delete a target.
delete_task Delete an existing task.
get_agents Get all agents.
get_configs Get all configs.
get_dependencies Get dependencies for all available NVTs.
get_escalators Get all escalators.
get_lsc_credentials Get all local security check credentials.
get_notes Get all notes.
get_nvts Get all available NVTs.
get_nvt_families Get a list of all NVT families.
get_nvt_feed_checksum Get checksum for entire NVT collection.
get_overrides Get all overrides.
get_preferences Get preferences for all available NVTs.
get_reports Get all reports.
get_results Get results.
get_schedules Get all schedules.
get_system_reports Get all system reports.
get_target_locators Get configured target locators.
get_targets Get all targets.
get_tasks Get task status information.
get_version Get the OpenVAS Manager Protocol version.
help Get the help text.
modify_config Update an existing config.
modify_note Modify an existing note.
modify_override Modify an existing override.
modify_report Modify an existing report.
modify_task Update an existing task.
pause_task Pause a running task.
resume_or_start_task Resume task if stopped, else start task.
resume_paused_task Resume a paused task.
resume_stopped_task Resume a stopped task.
start_task Manually start an existing task.
stop_task Stop a running task.
test_escalator Run an escalator.

Details of Protocol Primitives / Commands

authenticate

The client uses the authenticate command to authenticate with the manager.

Command elements:

Example:

C:

<authenticate>
  <credentials>
    <username>sally</username>
    <password>secret</password>
  </credentials>
</authenticate>

M:

<authenticate_response status="200" status_text="OK" />

M:

<authenticate_response status="400" status_text="Authenticate failed" />

M:

<authenticate_response status="500" status_text="Internal error" />

commands

The client uses the commands command to run a list of commands. The elements are executed as OMP commands in the given sequence. The reply contains the result of each command, in the same order as the given commands.

Command elements:

Example:

C:

<commands>
  <create_task>
    <rcfile>asdf3235saf3kjBVF...</rcfile>
    <name>Scan Webserver</name>
    <comment>Hourly scan of the webserver</comment>
  </create_task>
</commands>

M:

<commands_response status="200" status_text="OK">
  <create_task_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />
</commands_response>

create_agent

The client uses the create_agent command to create a new agent. This command must include an installer for the agent and an human-readable identifier assigned by the user. The command may include a comment, an install HOWTO and a user HOWTO. The installer may include a signature.

If there was no error with the command sent by the client, the manager will assign a unique ID to the agent and include this ID in its reply to the client.

Command elements:

Example:

C:

<create_agent>
  <installer>
    asdf3235saf3kjBVF...
    <signature>iEYEABECAAYFA...</signature>
  </installer>
  <name>SLAD</name>
</create_agent>

M:

<create_agent_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_agent_response status="4xx" />

M:

<create_agent_response status="500" status_text="Internal error" />

create_config

The client uses the create_config command to create a new config. This command can be called in three ways:

If there was no error with the command sent by the client, the manager will assign a unique ID to the config and include this ID in its reply to the client.

Command elements:

Examples:

C:

<create_config>
  <copy>daba56c8-73ec-11df-a475-002264764cea</copy>
  <name>Full</name>
</create_config>

M:

<create_config_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_config_response status="4xx" />

M:

<create_config_response status="500" status_text="Internal error" />

C:

<create_config>
  <rcfile>asdf3235saf3kjBVF...</rcfile>
  <name>Full</name>
</create_config>

M:

<create_config_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

C:

<create_config>
  <get_configs_response>
    <config id="daba56c8-73ec-11df-a475-002264764cea">
      <name>Full and fast</name>
      ...
    </config>
  </get_configs_response>
</create_config>

M:

<create_config_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

create_escalator

The client uses the create_escalator command to create a new escalator. This command must include a human-readable identifier assigned by the user, an escalation condition, an escalation event and an escalation method. The command may include a comment.

If there was no error with the command sent by the client, the manager will assign a unique ID to the escalator and include this ID in its reply to the client.

Command elements:

Example:

C:

<create_escalator>
  <name>emergency</name>
  <condition>
    Threat level at least
    <data>
      <name>level</name>
      High
    </data>
  </condition>
  <event>
    Task run status changed
    <data>
      <name>status</name>
      Done
    </data>
  </event>
  <method>
    Email
    <data>
      <name>to_address</name>
      sally@example.org
    </data>
    <data>
      <name>from_address</name>
      bob@example.org
    </data>
  </method>
</create_escalator>

M:

<create_escalator_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_escalator_response status="4xx" />

M:

<create_escalator_response status="500" status_text="Internal error" />

create_lsc_credential

The client uses the create_lsc_credential command to create a new LSC credential. This command must include a human-readable identifier assigned by the user, and a login name. The command may include a comment and a password.

If the command includes a password, then the manager creates a password only credential, otherwise the manager creates a key-based credential.

If there was no error with the command sent by the client, the manager will assign a unique ID to the credential and include this ID in its reply to the client.

Command elements:

Example:

C:

<create_lsc_credential>
  <name>cluster sally</name>
  <login>sally</login>
  <password>secret</password>
  <comment>Sally's login to the cluster.</comment>
</create_lsc_credential>

M:

<create_lsc_credential_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_lsc_credential_response status="4xx" />

M:

<create_lsc_credential_response status="500" status_text="Internal error" />

create_note

The client uses the create_note command to create a new note. This command must include a human-readable text and an NVT. The command may include a comment, a host list, a threat, a port, a task and a result.

If there was no error with the command sent by the client, the manager will assign a unique ID to the note and include this ID in its reply to the client.

Command elements:

Example:

C:

<create_note>
  <text>This issue should be resolved after the upgrade.</text>
  <nvt>1.3.6.1.4.1.25623.1.0.10330</nvt>
  <result>254cd3ef-bbe1-4d58-859d-21b8d0c046c6</result>
</create_note>

M:

<create_note_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_note_response status="4xx" />

M:

<create_note_response status="500" status_text="Internal error" />

create_override

The client uses the create_override command to create a new override. This command must include a human-readable text, a new threat and an NVT. The command may include a comment, a host list, a threat, a port, a task and a result.

If there was no error with the command sent by the client, the manager will assign a unique ID to the override and include this ID in its reply to the client.

Command elements:

Example:

C:

<create_override>
  <text>This is actually of little concern.</text>
  <nvt>1.3.6.1.4.1.25623.1.0.10330</nvt>
  <new_threat>Low</new_threat>
  <result>254cd3ef-bbe1-4d58-859d-21b8d0c046c6</result>
</create_override>

M:

<create_override_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_override_response status="4xx" />

M:

<create_override_response status="500" status_text="Internal error" />

create_schedule

The client uses the create_schedule command to create a new schedule. This command must include a human-readable identifier assigned by the user, a first time, a period and a duration. The command may include a comment.

If there was no error with the command sent by the client, the manager will assign a unique ID to the schedule and include this ID in its reply to the client.

Command elements:

Example:

C:

<create_schedule>
  <name>Every night</name>
  <first_time>
    <day_of_month>1</day_of_month>
    <hour>0</hour>
    <minute>0</minute>
    <month>1</month>
    <year>2011</year>
  </first_time>
  <duration>
    3
    <unit>hour</unit>
  </duration>
  <period>
    1
    <unit>day</unit>
  </period>
</create_schedule>

M:

<create_schedule_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_schedule_response status="4xx" />

M:

<create_schedule_response status="500" status_text="Internal error" />

create_target

The client uses the create_target command to create a new target. This command must include a human-readable identifier assigned by the user and a list of hosts. If the list of hosts is empty, the command must also include a target locator. The command may always include a comment and an LSC credential.

If there was no error with the command sent by the client, the manager will assign a unique ID to the target and include this ID in its reply to the client.

Command elements:

Example:

C:

<create_target>
  <name>All GNU/Linux machines</name>
  <hosts>192.168.1.0/24</hosts>
</create_target>

M:

<create_target_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_target_response status="4xx" />

M:

<create_target_response status="500" status_text="Internal error" />

create_task

The client uses the create_task command to create a new task. This command must always include an human-readable identifier assigned by the user. The command must also include either a config and target or a file specifying the task. The command may always include a comment. If the command includes a config and target, it may also include an escalator and schedule.

The file version of the command is special support for OpenVAS-Client, and may be removed in upcoming versions.

If there was no error with the command sent by the client, the manager will assign a unique ID to the task and include this ID in its reply to the client.

Command elements:

Examples:

C:

<create_task>
  <name>Scan Webserver</name>
  <comment>Hourly scan of the webserver</comment>
  <config id="daba56c8-73ec-11df-a475-002264764cea"/>
  <target id="b493b7a8-7489-11df-a3ec-002264764cea"/>
</create_task>

M:

<create_task_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_task_response status="4xx" />

M:

<create_task_response status="500" status_text="Internal error" />

C:

<create_task>
  <rcfile>asdf3235saf3kjBVF...</rcfile>
  <name>Scan Webserver</name>
  <comment>Hourly scan of the webserver</comment>
</create_task>

M:

<create_task_response status="201" status_text="OK, resource created" id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

M:

<create_task_response status="4xx" />

M:

<create_task_response status="500" status_text="Internal error" />

delete_agent

The client uses the delete_agent command to delete an existing agent. This command must include the ID of an existing agent.

If there was no error with the command sent by the client, the manager will delete the agent and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_agent agent_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_agent_response status="200" status_text="OK" />

M:

<delete_agent_response status="4xx" />

M:

<delete_agent_response status="500" status_text="Internal error" />

delete_config

The client uses the delete_config command to delete an existing config. This command must include the ID of an existing config.

If there was no error with the command sent by the client, the manager will delete the config and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_config config_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_config_response status="200" status_text="OK" />

M:

<delete_config_response status="4xx" />

M:

<delete_config_response status="500" status_text="Internal error" />

delete_escalator

The client uses the delete_escalator command to delete an existing escalator. This command must include the ID of an existing escalator.

If there was no error with the command sent by the client, the manager will delete the escalator and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_escalator escalator_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_escalator_response status="200" status_text="OK" />

M:

<delete_escalator_response status="4xx" />

M:

<delete_escalator_response status="500" status_text="Internal error" />

delete_lsc_credential

The client uses the delete_lsc_credential command to delete an existing LSC credential. This command must include the ID of an existing LSC credential.

If there was no error with the command sent by the client, the manager will delete the LSC credential and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_lsc_credential lsc_credential_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_lsc_credential_response status="200" status_text="OK" />

M:

<delete_lsc_credential_response status="4xx" />

M:

<delete_lsc_credential_response status="500" status_text="Internal error" />

delete_note

The client uses the delete_note command to delete an existing note. This command must include the ID of an existing note.

If there was no error with the command sent by the client, the manager will delete the note and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_note note_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_note_response status="200" status_text="OK" />

M:

<delete_note_response status="4xx" />

M:

<delete_note_response status="500" status_text="Internal error" />

delete_override

The client uses the delete_override command to delete an existing override. This command must include the ID of an existing override.

If there was no error with the command sent by the client, the manager will delete the override and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_override override_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_override_response status="200" status_text="OK" />

M:

<delete_override_response status="4xx" />

M:

<delete_override_response status="500" status_text="Internal error" />

delete_report

The client uses the delete_report command to delete an existing report. This command must include the ID of an existing report.

If there was no error with the command sent by the client, the manager will delete the report and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_report report_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_report_response status="200" status_text="OK" />

M:

<delete_report_response status="4xx" />

M:

<delete_report_response status="500" status_text="Internal error" />

delete_schedule

The client uses the delete_schedule command to delete an existing schedule. This command must include the ID of an existing schedule.

If there was no error with the command sent by the client, the manager will delete the schedule and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_schedule schedule_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_schedule_response status="200" status_text="OK" />

M:

<delete_schedule_response status="4xx" />

M:

<delete_schedule_response status="500" status_text="Internal error" />

delete_target

The client uses the delete_target command to delete an existing target. This command must include the ID of an existing target.

If there was no error with the command sent by the client, the manager will delete the target and will reply with a response code indicating success.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_target target_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" />

M:

<delete_target_response status="200" status_text="OK" />

M:

<delete_target_response status="4xx" />

M:

<delete_target_response status="500" status_text="Internal error" />

delete_task

The client uses the delete_task command to delete an existing task. This command must include the ID of an existing task.

If there was no error with the command sent by the client, the manager will delete the task and all relevant objects (reports etc.) and will reply with a response code indicating success and the ID of the task that was deleted.

Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the manager.

Command attributes:

Command elements:

Example:

C:

<delete_task task_id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6" />

< b>M:

<delete_task_response status="200" status_text="OK" />

M:

<delete_task_response status="4xx" />

M:

<delete_task_response status="500" status_text="Internal error" />

get_agents

The client uses the get_agents command to get agent information. This command may include the ID of an existing agent, a format, a sort order and a sort field.

If there was no error with the command sent by the client, the manager will reply with a list of agents to the client.

Command attributes:

Examples:

C:

<get_agents />

M:

<get_agents_response status="200" status_text="OK">
  <agent id="c33864a9-d3fd-44b3-8717-972bfb01dfcf">
    <name>Custom Scan Agent</name>
    <comment>Custom agent for use on the Web servers.</comment>
    <in_use>1</in_use>
    <installer><trust>yes</trust></installer>
  </agent>
  ...
</get_agents_response>

C:

<get_agents agent_id="c33864a9-d3fd-44b3-8717-972bfb01dfcf" format="installer"/>

M:

<get_agents_response status="200" status_text="OK">
  <agent id="c33864a9-d3fd-44b3-8717-972bfb01dfcf">
    <name>Custom Scan Agent</name>
    <comment>Custom agent for use on the Web servers.</comment>
    <in_use>1</in_use>
    <package format="installer">
      <filename>agent.deb</filename>
      CgoKCgoKCgoKCgoKCSAgI...
    </package>
  </agent>
</get_agents_response>

get_configs

The client uses the get_configs command to get config information. This command may include the ID of an existing config, a families flag, an export flag, a preferences flag, a sort order and a sort field.

If there was no error with the command sent by the client, the manager will reply with a list of configs to the client.

Command attributes:

Examples:

C:

<get_configs />

M:

<get_configs_response status="200" status_text="OK">
  <config id="daba56c8-73ec-11df-a475-002264764cea">
    <name>Full and fast</name>
    <comment>All NVT's; optimized by using previously collected information.</comment>
    <family_count>
      4
      <growing>1</growing>
    </family_count>
    <nvt_count>
      12
      <growing>1</growing>
    </nvt_count>
    <in_use>1</in_use>
    <tasks>
      <task id="13bb418a-4220-4575-b35b-ec398bff7417">
        <name>Web Servers</name>
      </task>
      ...
    </tasks>
  </config>
  ...
</get_configs_response>

C:

<get_configs config_id="daba56c8-73ec-11df-a475-002264764cea" preferences="1" families="1" />

M:

<get_configs_response status="200" status_text="OK">
  <config id="daba56c8-73ec-11df-a475-002264764cea">
    <name>Full and fast</name>
    <comment>All NVT's; optimized by using previously collected information.</comment>
    <family_count>
      4
      <growing>1</growing>
    </family_count>
    <nvt_count>
      12
      <growing>1</growing>
    </nvt_count>
    <in_use>1</in_use>
    <tasks>
      <task id="13bb418a-4220-4575-b35b-ec398bff7417">
        <name>Web Servers</name>
      </task>
      ...
    </tasks>
    <families>
      <family>
        <name>Credentials</name>
        <nvt_count>8</nvt_count>
        <max_nvt_count>8</max_nvt_count>
        <growing>1</growing>
      </family>
      ...
    </families>
    <preferences>
      <preference>
        <nvt oid="1.3.6.1.4.1.25623.1.0.10330">
          <name>Services</name>
        </nvt>
        <name>Network connection timeout :</name>
        <type>entry</type>
        <value>5</value>
      </preference>
      ...
    </preferences>
  </config>
  ...
</get_configs_response>

get_dependencies

The client uses the get_dependencies command to request the dependencies for one or all NVTs available through this manager. This command may include an NVT OID.

If the manager possesses such a collection, it will reply with a response code indicating success, and the dependencies. If the manager cannot access a list of available NVTs at present, it will reply with the 503 response.

Command attributes:

Example:

C:

<get_dependencies/>

M:

<get_dependencies_response status="200" status_text="OK">
  <nvt oid="1.3.6.1.4.1.25623.1.0.114664">
    <name>Dependency Test</name>
    <requires>
      <nvt oid="1.3.6.1.4.1.25623.1.0.114663">
        <name>File Upload Test</name>
      </nvt>
    </requires>
  </nvt>
  ...
</get_dependencies_response>

C:

<get_dependencies nvt_oid="1.3.6.1.4.1.25623.1.0.114664" />

M:

<get_dependencies_response status="200" status_text="OK">
  <nvt oid="1.3.6.1.4.1.25623.1.0.114664">
    <name>Dependency Test</name>
    <requires>
      <nvt oid="1.3.6.1.4.1.25623.1.0.114663">
        <name>File Upload Test</name>
      </nvt>
    </requires>
  </nvt>
</get_dependencies_response>

get_escalators

The client uses the get_escalators command to get escalator information. This command may include the ID of an existing escalator, a sort order and a sort field.

If there was no error with the command sent by the client, the manager will reply with a list of escalators to the client.

Command attributes:

Examples:

C:

<get_escalators />

M:

<get_escalators_response status="200" status_text="OK">
  <escalator id="6181e65d-8ba0-4937-9c44-8f2b10b0def7">
    <name>Team alert</name>
    <comment></comment>
    <in_use>1</in_use>
    <condition>
      Threat level at least
      <data>
        <name>level</name>
        High
      </data>
    </condition>
    <event>
      Task run status changed
      <data>
        <name>status</name>
        Done
      </data>
    </event>
    <method>
      Email
      <data>
        <name>to_address</name>
        team@example.org
      </data>
      <data>
        <name>from_address</name>
        admin@example.org
      </data>
      <data>
        <name>notice</name>
        0
      </data>
    </method>
  </escalator>
  ...
</get_escalators_response>

get_lsc_credentials

The client uses the get_lsc_credentials command to get LSC credential information. This command may include the ID of an existing LSC credential, a format, a sort order and a sort field.

If there was no error with the command sent by the client, the manager will reply with a list of LSC credentials to the client.

Command attributes:

Examples:

C:

<get_lsc_credentials />

M:

<get_lsc_credentials_response status="200" status_text="OK">
  <lsc_credential id="c33864a9-d3fd-44b3-8717-972bfb01dfcf">
    <name>sally</name>
    <login>sally</login>
    <comment></comment>
    <in_use>0</in_use>
    <type>gen</type>
    <targets></targets>
  </lsc_credential>
  <lsc_credential id="8e305b0b-260d-450d-91a8-dadf0b144e15">
    <name>bob</name>
    <login>bob</login>
    <comment>Bob on the web server.</comment>
    <in_use>1</in_use>
    <type>pass</type>
    <targets>
      <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9">
        <name>Web server</name>
      </target>
    </targets>
  </lsc_credential>
  ...
</get_lsc_credentials_response>

C:

<get_lsc_credentials lsc_credential_id="8e305b0b-260d-450d-91a8-dadf0b144e15" format="key"/>

M:

<get_lsc_credentials_response status="200" status_text="OK">
  <lsc_credential id="8e305b0b-260d-450d-91a8-dadf0b144e15">
    <name>bob</name>
    <login>bob</login>
    <comment>Bob on the web server.</comment>
    <in_use>1</in_use>
    <type>pass</type>
    <targets>
      <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9">
        <name>Web server</name>
      </target>
    </targets>
    <public_key>
      ssh-rsa AAAAB3...Z64IcQ== Key generated by OpenVAS Manager
    </public_key>
  </lsc_credential>
</get_lsc_credentials_response>

C:

<get_lsc_credentials lsc_credential_id="8e305b0b-260d-450d-91a8-dadf0b144e15" format="deb"/>

M:

<get_lsc_credentials_response status="200" status_text="OK">
  <lsc_credential id="8e305b0b-260d-450d-91a8-dadf0b144e15">
    <name>bob</name>
    <login>bob</login>
    <comment>Bob on the web server.</comment>
    <in_use>1</in_use>
    <type>pass</type>
    <targets>
      <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9">
        <name>Web server</name>
      </target>
    </targets>
    <package format="deb">ITxhcmNoPgpk...DmvF0AKAAACg==</package>
  </lsc_credential>
</get_lsc_credentials_response>

get_notes

The client uses the get_notes command to get note information. This command may include the ID of an existing note, a details flag, a result flag, an NVT, a task, a sort order and a sort field.

If there was no error with the command sent by the client, the manager will reply with a list of notes to the client.

Command attributes:

Examples:

C:

<get_notes />

M:

<get_notes_response status="200" status_text="OK">
  <note id="b76b81a7-9df8-42df-afff-baa9d4620128">
    <nvt oid="1.3.6.1.4.1.25623.1.0.75">
      <name>Test NVT: long lines</name>
    </nvt>
    <text excerpt="0">This is the full text of the note.</text>
    <orphan>1</orphan>
  </note>
  ...
</get_notes_response>

C:

<get_notes note_id="7f618bbb-4664-419e-9bbf-367d93954cb0" details="1" result="1"/>

M:

<get_notes_response status="200" status_text="OK">
  <note id="7f618bbb-4664-419e-9bbf-367d93954cb0">
    <nvt oid="1.3.6.1.4.1.25623.1.0.77">
      <name>Test NVT: control chars in report result</name>
    </nvt>
    <creation_time>Sun Jun 27 08:49:46 2010</creation_time>
    <modification_time>Sun Jun 27 08:49:46 2010</modification_time>
    <text>note fixed to result</text>
    <hosts>127.0.0.1</hosts>
    <port>general/tcp</port>
    <threat>Medium</threat>
    <task id="40b236a9-2b0f-4813-b8c7-bc2b98d9d7e4">
      <name>test</name>
    </task>
    <orphan>0</orphan>
    <result id="0c95e6b3-1100-4dfd-88f1-4bed1fad29de">
      <subnet>127.0.0.1</subnet>
      <host>127.0.0.1</host>
      <port>general/tcp</port>
      <nvt oid="1.3.6.1.4.1.25623.1.0.77">
        <name>Test NVT: control chars in report result</name>
        <cvss_base></cvss_base>
        <risk_factor></risk_factor>
      </nvt>
      <threat>Medium</threat>
      <description>Warning with control char between fullstops: . .</description>
    </result>
  </note>
  ...
</get_notes_response>

get_nvts

The client uses the get_nvts command to request NVT information. This command may include one of an NVT OID and a family name. This command may always include a details flag, a config, a sort order and a sort field. If the command includes a details flag, it may also include timeout, preference_count and preferences flags. The timeout and preferences flags require a config.

The NVT OID, family name and config attributes limit the listing to a single NVT or all NVTs in a particular family and/or config. With the preferences flag the manager includes in the listing, the values of each listed NVT's preferences for the given config. The timeout flag does the same for the special timeout preference.

If the manager possesses an NVT collection, it will reply with a response code indicating success, and the NVT information. If the manager cannot access a list of available NVTs at present, it will reply with the 503 response.

Command attributes:

Command elements:

Example:

C:

<get_nvts details="1" timeout="1" preference_count="1" preferences="1"/>

M:

<get_nvts_response status="200" status_text="OK">
  <nvt oid="1.3.6.1.4.1.25623.1.7.13005">
    <name>Services</name>
    <category>Services</category>
    <copyright>GNU GPL v2</copyright>
    <description>This script attepts to detects with service is running on which port.</description>
    <summary>Find what is listening on which port</summary>
    <family>Service detection</family>
    <version>$Revision: 1852 $</version>
    <cvss_base></cvss_base>
    <risk_factor>None</risk_factor>
    <cve_id>NOCVE</cve_id>
    <bugtraq_id>NOBID</bugtraq_id>
    <xrefs>NOXREF</xrefs>
    <fingerprints>NOSIGNKEYS</fingerprints>
    <tags>NOTAG</tags>
    <preference_count>-1</preference_count>
    <timeout></timeout>
    <checksum>
      <algorithm>md5</algorithm>
      2397586ea5cd3a69f953836f7be9ef7b
    </checksum>
    <preferences>
      <timeout></timeout>
      <preference>
        <nvt oid="1.3.6.1.4.1.25623.1.0.10330">
          <name>Services</name>
        </nvt>
        <name>Network connection timeout :</name>
        <type>entry</type>
        <value>5</value>
      </preference>
      ...
    </preferences>
  </nvt>
  <nvt oid="1.3.6.1.4.1.25623.1.7.13006">
    <name>FooBar 21</name>
    <category>Services</category>
    <copyright>GNU GPL v2</copyright>
    <description>This script detects whether the FooBar 2.1 XSS vulnerability is present.</description>
    ...
  </nvt>
  ...
</get_nvts_response>

C:

<get_nvts nvt_oid="1.3.6.1.4.1.25623.1.0.10330" />

M:

<get_nvts_response status="200" status_text="OK">
  <nvt oid="1.3.6.1.4.1.25623.1.0.10330">
    <name>Services</name>
    <checksum>
      <algorithm>md5</algorithm>
      2397586ea5cd3a69f953836f7be9ef7b
    </checksum>
  </nvt>
</get_nvts_response>

get_nvt_families

The client uses the get_nvt_families command to get NVT family information. This command may include a sort order.

If there was no error with the command sent by the client, the manager will reply with a list of families to the client.

Command attributes:

Examples:

C:

<get_nvt_families />

M:

<get_nvt_families_response status="200" status_text="OK">
  <families>
    <family>
      <name>Credentials</name>
      <max_nvt_count>8</max_nvt_count>
    </family>
    <family>
      <name>Port scanners</name>
      <max_nvt_count>12</max_nvt_count>
    </family>
    ...
  </families>
</get_nvt_families_response>

get_nvt_feed_checksum

The client uses the get_nvt_feed_checksum command to request a checksum for the complete NVT collection available through this manager. The client may specify an algorithm to be used for computing this checksum.

If the specified algorithm is not implemented in the manager, then the manager will reply with a response code in the 4xx range.

If the client does not specify a checksum algorithm, the manager is expected to use the MD5 algorithm for computing the checksum.

If the manager possesses such a collection, it will reply with a response code indicating success, and the checksum over all NVT files. If the manager cannot access a list of available NVTs at present, it will reply with the 503 response.

Command attributes:

Command elements:

Example:

C:

<get_nvt_feed_checksum algorithm="md5" />

M:

<get_nvt_feed_checksum_response status="200" status_text="OK">
  <checksum algorithm="md5">931db829a06b9a440a2ecaeb68c03715</checksum>
</get_nvt_feed_checksum_response>

get_overrides

The client uses the get_overrides command to get override information. This command may include the ID of an existing override, a details flag, a result flag, an NVT, a task, a sort order and a sort field.

If there was no error with the command sent by the client, the manager will reply with a list of overrides to the client.

Command attributes:

Command elements:

Examples:

C:

<get_overrides />

M:

<get_overrides_response status="200" status_text="OK">
  <override id="b76b81a7-9df8-42df-afff-baa9d4620128">
    <nvt oid="1.3.6.1.4.1.25623.1.0.75">
      <name>Test NVT: long lines</name>
    </nvt>
    <text excerpt="0">This is the full text of the override.</text>
    <threat>High</threat>
    <new_threat>Log</new_threat>
    <orphan>1</orphan>
  </override>
  ...
</get_overrides_response>

C:

<get_overrides override_id="7f618bbb-4664-419e-9bbf-367d93954cb0" details="1"/>

M:

<get_overrides_response status="200" status_text="OK">
  <override id="7f618bbb-4664-419e-9bbf-367d93954cb0">
    <nvt oid="1.3.6.1.4.1.25623.1.0.77">
      <name>Test NVT: control chars in report result</name>
    </nvt>
    <creation_time>Sun Jun 27 08:49:46 2010</creation_time>
    <modification_time>Sun Jun 27 08:49:46 2010</modification_time>
    <text>override fixed to result</text>
    <hosts>127.0.0.1</hosts>
    <port>general/tcp</port>
    <threat>Medium</threat>
    <new_threat>Low</new_threat>
    <task id="40b236a9-2b0f-4813-b8c7-bc2b98d9d7e4">
      <name>test</name>
    </task>
    <orphan>0</orphan>
    <result id="0c95e6b3-1100-4dfd-88f1-4bed1fad29de" />
  </override>
  ...
</get_overrides_response>

get_preferences

The client uses the get_preferences command to request NVT preferences. This command may include an NVT OID, a config ID and a preference name.

If the manager possesses such a collection, it will reply with a response code indicating success, and the NVT preferences. If the manager cannot access a list of available NVTs at present, it will reply with the 503 response.

Command attributes:

Command elements:

Example:

C:

<get_preferences/>

M:

<get_preferences_response status="200" status_text="OK">
  <preference>
    <name>Services[entry]:Network connection timeout :</name>
    <value>5</value>
  </preference>
  ...
</get_preferences_response>

C:

<get_preferences nvt_oid="1.3.6.1.4.1.25623.1.0.10330" />

M:

<get_preferences_response status="200" status_text="OK">
  <preference>
    <name>Services[entry]:Network connection timeout :</name>
    <value>5</value>
  </preference>
  ...
</get_preferences_response>

C:

<get_preferences config_id="daba56c8-73ec-11df-a475-002264764cea"/>

M:

<get_preferences_response status="200" status_text="OK">
  <preference>
    <nvt oid="1.3.6.1.4.1.25623.1.0.10330">
      <name>Services</name>
    </nvt>
    <name>Network connection timeout :</name>
    <type>entry</type>
    <value>5</value>
  </preference>
  ...
</get_preferences_response>

C:

<get_preferences config_id="daba56c8-73ec-11df-a475-002264764cea" nvt_oid="1.3.6.1.4.1.25623.1.0.10330" />

M:

<get_preferences_response status="200" status_text="OK">
  <preference>
    <nvt oid="1.3.6.1.4.1.25623.1.0.10330">
      <name>Services</name>
    </nvt>
    <name>Network connection timeout :</name>
    <type>entry</type>
    <value>5</value>
  </preference>
  ...
</get_preferences_response>

get_reports

The client uses the get_reports command to request reports. This command may include a report ID, format, first result number, maximum result count, sort order, sort field, level contraint, search phrase, minimum CVSS base constraint, notes flag, note details flag, overrides flag, override details flag and result hosts only flag.

If there was no error with the command sent by the client, the manager will reply with a response code indicating success and the report. If the report format is a binary format, the report will be in Base64 encoding.

Command attributes:

Command elements:

Example:

C:

<get_reports report_id="267a3405-e84a-47da-97b2-5fa0d2e8995e" format="PDF"/>

M:

<get_reports_response status="200" status_text="OK">
  <report id="f0fdf522-276d-4893-9274-fb8699dc2270">hsisn3qaVFhkjFRG4...</report>
</get_reports_response>

C:

<get_reports report_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>

M:

<get_reports_response status="200" status_text="OK">
  <report id="f0fdf522-276d-4893-9274-fb8699dc2270">
    <sort>
      <field>
        type
        <order>descending</order>
      </field>
    </sort>
    <filters>
      hmlgd
      <phrase></phrase>
      <notes>0</notes>
      <overrides>0</overrides>
      <apply_overrides>0</apply_overrides>
      <result_hosts_only>1</result_hosts_only>
      <min_cvss_base></min_cvss_base>
      <filter>High</filter>
      <filter>Medium</filter>
      <filter>Low</filter>
      <filter>Log</filter>
      <filter>Debug</filter>
    </filters>
    <scan_run_status>Done</scan_run_status>
    <result_count>
      10
      <filtered>10</filtered>
      <debug>0</debug>
      <hole>0</hole>
      <info>7</info>
      <log>0</log>
      <warning>3</warning>
    </result_count>
    <task id="13bb418a-4220-4575-b35b-ec398bff7417">
      <name>dik mm</name>
    </task>
    <ports start="1" max="-1">
      <port>
        general/tcp
        <host>127.0.1.1</host>
        <threat>Medium</threat>
      </port>
      ...
    </ports>
    <results start="1" max="-1">
      <result id="634f7a2e-8ca1-43b7-b6d7-0d4841449508">
        <subnet>127.0.1.1</subnet>
        <host>127.0.1.1</host>
        <port>general/tcp</port>
        <nvt oid="1.3.6.1.4.1.25623.1.0.74">
          <name>Test NVT: fields with ISO-8859-1 chars ()</name>
          <cvss_base>5.0</cvss_base>
          <risk_factor>Medium</risk_factor>
        </nvt>
        <threat>Medium</threat>
        <description>Test with  umlaut Warning Port 0.</description>
      </result>
      ...
    </results>
    <scan_start>Mon Feb  1 19:11:21 2010</scan_start>
    <host_start>Mon Feb  1 19:11:21 2010<host>127.0.1.1</host></host_start>
    <host_end>Mon Feb  1 19:11:52 2010<host>127.0.1.1</host></host_end>
    <scan_end>Mon Feb  1 19:11:52 2010</scan_end>
  </report>
</get_reports_response>

get_results

The client uses the get_results command to get result information. This command may include the ID of an existing result, a task ID, a notes flag, a notes_details flag, an overrides flag, an overrides_details flag and an apply_overrides flag.

If the request includes a notes flag, an overrides flag or an apply_overrides flag and any of these is true, then the request must also include a task ID.

If there was no error with the command sent by the client, the manager will reply with a list of results to the client.

Command attributes:

Examples:

C:

<get_results />

M:

<get_results_response status="200" status_text="OK">
  <results>
    <result id="634f7a2e-8ca1-43b7-b6d7-0d4841449508">
      <subnet>127.0.1.1</subnet>
      <host>127.0.1.1</host>
      <port>general/tcp</port>
      <nvt oid="1.3.6.1.4.1.25623.1.0.74">
        <name>Test NVT: fields with ISO-8859-1 chars</name>
        <cvss_base>5.0</cvss_base>
        <risk_factor>Medium</risk_factor>
      </nvt>
      <threat>Medium</threat>
      <description>Test with umlaut.</description>
    </result>
    ...
  </results>
</get_results_response>

C:

<get_results result_id="cac9e7c8-c726-49fd-a710-5f99079ab93e"
             task_id="40b236a9-2b0f-4813-b8c7-bc2b98d9d7e4"
             notes="1"
             overrides="1" />

M:

<get_results_response status="200" status_text="OK">
  <results>
    <result id="cac9e7c8-c726-49fd-a710-5f99079ab93e">
      <subnet>127.0.0.1</subnet>
      <host>127.0.0.1</host>
      <port>general/tcp</port>
      <nvt oid="1.3.6.1.4.1.25623.1.0.75">
        <name>Test NVT: long lines</name>
        <cvss_base>9</cvss_base>
        <risk_factor>High</risk_factor>
      </nvt>
      <threat>High</threat>
      <description>Test with very long warning.</description>
      <original_threat>Medium</original_threat>
      <notes></notes>
      <overrides>
        <override id="b0832812-75f1-45eb-b676-99c6e6bf2b24">
          <nvt oid="1.3.6.1.4.1.25623.1.0.75">
            <name>Test NVT: long lines</name>
          </nvt>
          <text excerpt="0">Test override</text>
          <new_threat>High</new_threat>
          <orphan>0</orphan>
        </override>
      </overrides>
    </result>
  </results>
</get_results_response>

get_schedules

The client uses the get_schedules command to get schedule information. This command may include the ID of an existing schedule, a details flag, a sort order and a sort field.

If there was no error with the command sent by the client, the manager will reply with a list of schedules to the client.

Command attributes:

Examples:

C:

<get_schedules />

M:

<get_schedules_response status="200" status_text="OK">
  <schedule id="c33864a9-d3fd-44b3-8717-972bfb01dfcf">
    <name>Overnight</name>
  </schedule>
  ...
</get_schedules_response>

C:

<get_schedules schedule_id="c33864a9-d3fd-44b3-8717-972bfb01dfcf" details="1"/>

M:

<get_schedules_response status="200" status_text="OK">
  <schedule id="c33864a9-d3fd-44b3-8717-972bfb01dfcf">
    <name>Overnight</name>
    <comment>3 hours, starting at 12h00.</comment>
    <first_time>Tue Jun 29 00:00:00 2010</first_time>
    <next_time>Tue Jun 29 00:00:00 2010</next_time>
    <period>86400</period>
    <period_months>0</period_months>
    <duration>10800</duration>
    <in_use>1</in_use>
    <tasks>
      <task id="d4daf4c4-25c7-40ac-87d3-38e489f34330">
        <name>kk</name>
      </task>
    </tasks>
  </schedule>
</get_schedules_response>

get_system_reports

The client uses the get_system_reports command to get system reports. This command may include a name, a duration and a brief flag.

If there was no error with the command sent by the client, the manager will reply with the system reports to the client.

Command attributes:

Examples:

C:

<get_system_reports brief="1" />

M:

<get_system_reports_response status="200" status_text="OK">
  <system_report>
    <name>proc</name>
    <title>Processes</title>
  </system_report>
  <system_report>
    <name>load</name>
    <title>System Load</title>
  </system_report>
  <system_report>
    <name>cpu_0</name>
    <title>CPU Usage: CPU 0</title>
  </system_report>
</get_system_reports_response>

C:

<get_system_reports name="proc" />

M:

<get_system_reports_response status="200" status_text="OK">
  <system_report>
    <name>proc</name>
    <title>Processes</title>
    <report format="png" duration="86400">
      iVBORw0KGgoAAAANSUhEUgAAArkAAAEMCAYAAADAsa7vAAAABmJLR0QA/wD/AP+gvaeTAAAAB3RJ
      TUUH2gYbDCUmRM0cqQAAIABJREFUeJzsnXl4FFW+/t9mGRFpAiRsIZCEsIhJQAZRBAxpAoERh6DX
      ...
      JYQQol9Xr16Fg4PDhHdwpVeap0+frtMpegkhRF3UySWEkEksMDBQL/uloQiEEENHb1cghBBCCCFT
      DnVyCSGEEELIlEOdXEIIIYQQMuVwbt++PSoWi3Hv3j19l4UQQgghhBCtMKIOLiGEEEIImWr+B9Md
      9A602bEdAAAAAElFTkSuQmCC
    </report>
  </system_report>
</get_system_reports_response>

get_target_locators

The client uses the get_target_locators command to get target locator information.

If there was no error with the command sent by the client, the manager will reply with a list of target locators to the client.

Command elements:

Examples:

C:

<get_target_locators />

M:

<get_target_locators_response status="200" status_text="OK">
  <target_locator>
    <name>ldap</name>
  </target_locator>
  ...
</get_target_locators_response>

get_targets

The client uses the get_targets command to get target information. This command may include the ID of an existing target, a tasks flag, a sort order and a sort field.

If there was no error with the command sent by the client, the manager will reply with a list of targets to the client.

Command attributes:

Examples:

C:

<get_targets />

M:

<get_targets_response status="200" status_text="OK">
  <target id="b493b7a8-7489-11df-a3ec-002264764cea">
    <name>Localhost</name>
    <hosts>localhost</hosts>
    <max_hosts>1</max_hosts>
    <comment></comment>
    <in_use>7</in_use>
    <lsc_credential id="">
      <name></name>
    </lsc_credential>
  </target>
  ...
</get_targets_response>

C:

<get_targets target_id="c33864a9-d3fd-44b3-8717-972bfb01dfcf" tasks="1" />

M:

<get_targets_response status="200" status_text="OK">
  <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9">
    <name>dik</name>
    <hosts>dik.example.org</hosts>
    <max_hosts>1</max_hosts>
    <comment>dik mm</comment>
    <in_use>4</in_use>
    <lsc_credential id="58ff2793-2dc7-43fe-85f9-20bfac5a87e4">
      <name>mm</name>
    </lsc_credential>
    <tasks>
      <task id="13bb418a-4220-4575-b35b-ec398bff7417">
        <name>dik mm</name>
      </task>
      ...
    </tasks>
  </target>
</get_targets_response>

get_tasks

The client uses the get_tasks command to request task information. This command may include a task ID, details flag, apply overrides flag, sort order and sort field,

If the command includes the details flag each task will include details of all reports on the task.

As a convenience for clients the response includes a task count and the values of the sort order, sort field and apply overrides flag that the manager applied when selecting the tasks.

Command attributes:

Command elements:

Example:

C:

<get_tasks />

M:

<get_tasks_response status="200" status_text="OK">
  <task_count>2</task_count>
  <sort>
    <field>
      ROWID
      <order>ascending</order>
    </field>
  </sort>
  <apply_overrides>0</apply_overrides>
  <task id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6">
    <name>Scan Webserver</name>
    <comment>Scan of the web server.</name>
    <status>Done</status>
    <progress>-1</progress>
    <config id="daba56c8-73ec-11df-a475-002264764cea">
      <name>Full and fast</name>
    </config>
    <escalator id="">
      <name></name>
    </escalator>
    <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9">
      <name>dik</name>
    </target>
    <schedule id="">
      <name></name>
      <next_time>over</next_time>
    </schedule>
    <result_count>
      <debug>0</debug>
      <log>0</log>
      <info>14</info>
      <warning>0</warning>
      <hole>6</hole>
    </result_count>
    <report_count>
      2
      <finished>2</finished>
    </report_count>
    <trend></trend>
    <first_report>
      <report id="f0fdf522-276d-4893-9274-fb8699dc2270">
        <timestamp>Mon Feb  1 19:11:20 2010</timestamp>
        <result_count>
          <debug>0</debug>
          <hole>0</hole>
          <info>7</info>
          <log>0</log>
          <warning>3</warning>
        </result_count>
      </report>
    </first_report>
    <last_report>
      <report id="f0fdf522-276d-4893-9274-fb8699dc2270">
        <timestamp>Mon Feb  1 19:11:20 2010</timestamp>
        <result_count>
          <debug>0</debug>
          <hole>0</hole>
          <info>7</info>
          <log>0</log>
          <warning>3</warning>
        </result_count>
      </report>
    </last_report>
  </task>
  <task id="f14747d3-a4d7-4e79-99bb-a0a1276cb78c">
    <name>Scan Mailserver</name>
    ...
  </task>
</get_tasks_response>

C:

<get_tasks task_id="f14747d3-a4d7-4e79-99bb-a0a1276cb78c" details="1" />

M:

<get_tasks_response status="200" status_text="OK">
  <task_count>1</task_count>
  <sort>
    <field>
      ROWID
      <order>ascending</order>
    </field>
  </sort>
  <apply_overrides>0</apply_overrides>
  <task id="13bb418a-4220-4575-b35b-ec398bff7417">
    <name>Scan Mailserver</name>
    <comment>Scan of the web server.</name>
    <status>Done</status>
    <progress>-1</progress>
    <config id="daba56c8-73ec-11df-a475-002264764cea">
      <name>Full and fast</name>
    </config>
    <escalator id="">
      <name></name>
    </escalator>
    <target id="1f28d970-17ef-4c69-ba8a-13827059f2b9">
      <name>dik</name>
    </target>
    <schedule id="">
      <name></name>
      <next_time>over</next_time>
    </schedule>
    <result_count>
      <debug>0</debug>
      <log>0</log>
      <info>14</info>
      <warning>0</warning>
      <hole>6</hole>
    </result_count>
    <report_count>
      2
      <finished>2</finished>
    </report_count>
    <trend></trend>
    <first_report>
      <report id="f0fdf522-276d-4893-9274-fb8699dc2270">
        <timestamp>Mon Feb  1 19:11:20 2010</timestamp>
        <result_count>
          <debug>0</debug>
          <hole>0</hole>
          <info>7</info>
          <log>0</log>
          <warning>3</warning>
        </result_count>
      </report>
    </first_report>
    <last_report>
      <report id="2688e6c7-db29-4505-80f1-0fd4a09e1011">
        <timestamp>Mon Feb  1 19:11:20 2010</timestamp>
        <result_count>
          <debug>0</debug>
          <hole>0</hole>
          <info>7</info>
          <log>0</log>
          <warning>3</warning>
        </result_count>
      </report>
    </last_report>
    <reports>
      <report id="f0fdf522-276d-4893-9274-fb8699dc2270">
        <timestamp>Mon Feb  1 18:51:38 2010</timestamp>
        <scan_run_status>Done</scan_run_status>
        <result_count>
          <debug>0</debug>
          <hole>0</hole>
          <info>7</info>
          <log>0</log>
          <warning>3</warning>
        </result_count>
      </report>
      <report id="2688e6c7-db29-4505-80f1-0fd4a09e1011">
        <timestamp>Mon Feb  1 19:11:20 2010</timestamp>
        <scan_run_status>Done</scan_run_status>
        <result_count>
          <debug>0</debug>
          <hole>0</hole>
          <info>7</info>
          <log>0</log>
          <warning>3</warning>
        </result_count>
      </report>
    </reports>
  </task>
</get_tasks_response>

get_version

The client uses the get_version command to request the protocol version which may be used when communicating with this manager. The manager will reply with a response code indicating success and the version.

The client is advised to use this command before using any other command.

Command elements:

Example:

C:

<get_version/>

M:

<get_version_response status="200" status_text="OK">
  <version>1.5</version>
</get_version_response>

help

The help command requests a human-readable description of the available OMP commands. The manager will reply with a response code indicating success and a textual description of all commands.

Command elements:

Example:

C:

<help/>

M:

<help_response status="200" status_text="OK">
    AUTHENTICATE           Authenticate with the manager.
    COMMANDS               Run a list of commands.
    CREATE_AGENT           Create an agent.
    CREATE_CONFIG          Create a config.
    CREATE_ESCALATOR       Create an escalator.
    CREATE_LSC_CREDENTIAL  Create a local security check credential.
    CREATE_NOTE            Create a note.
    CREATE_OVERRIDE        Create an override.
    CREATE_SCHEDULE        Create a schedule.
    CREATE_TARGET          Create a target.
    CREATE_TASK            Create a task.
    DELETE_AGENT           Delete an agent.
    DELETE_CONFIG          Delete a config.
    DELETE_ESCALATOR       Delete an escalator.
    DELETE_LSC_CREDENTIAL  Delete a local security check credential.
    DELETE_NOTE            Delete a note.
    DELETE_OVERRIDE        Delete an override.
    DELETE_REPORT          Delete a report.
    DELETE_SCHEDULE        Delete a schedule.
    DELETE_TARGET          Delete a target.
    DELETE_TASK            Delete a task.
    GET_AGENTS             Get all agents.
    GET_CONFIGS            Get all configs.
    GET_DEPENDENCIES       Get dependencies for all available NVTs.
    GET_ESCALATORS         Get all escalators.
    GET_LSC_CREDENTIALS    Get all local security check credentials.
    GET_NOTES              Get all notes.
    GET_NVTS               Get one or all available NVTs.
    GET_NVT_FAMILIES       Get a list of all NVT families.
    GET_NVT_FEED_CHECKSUM  Get checksum for entire NVT collection.
    GET_OVERRIDES          Get all overrides.
    GET_PREFERENCES        Get preferences for all available NVTs.
    GET_REPORTS            Get all reports.
    GET_RESULTS            Get results.
    GET_SCHEDULES          Get all schedules.
    GET_SYSTEM_REPORTS     Get all system reports.
    GET_TARGET_LOCATORS    Get configured target locators.
    GET_TARGETS            Get all targets.
    GET_TASKS              Get all tasks.
    GET_VERSION            Get the OpenVAS Manager Protocol version.
    HELP                   Get this help text.
    MODIFY_CONFIG          Update an existing config.
    MODIFY_NOTE            Modify an existing note.
    MODIFY_OVERRIDE        Modify an existing override.
    MODIFY_REPORT          Modify an existing report.
    MODIFY_TASK            Update an existing task.
    PAUSE_TASK             Pause a running task.
    RESUME_OR_START_TASK   Resume task if stopped, else start task.
    RESUME_PAUSED_TASK     Resume a paused task.
    RESUME_STOPPED_TASK    Resume a stopped task.
    START_TASK             Manually start an existing task.
    STOP_TASK              Stop a running task.
    TEST_ESCALATOR         Run an escalator.
</help_response>

modify_config

The client uses the modify_config command to change an existing config. This command must include the ID of an existing config and either a preference, an NVT selection or a family selection.

The first option, a preference, must include a name. If the preference includes an NVT, then the preference is an NVT preference, otherwise the preference is a Scanner preference. If the preference includes a value then the manager updates the value of the preference, otherwise the manager removes the preference.

The second option, a family selection, lets the client modify the NVTs selected by the config at a family level. The idea is that the client modifies the entire family selection at once, so a client will often need to include many families in a family selection.

The family_selection may include a growing element to indicate whether new families should be added to the selection. It may also include any number of family elements.

A family element must always include a name and may include a growing element and an all element. The all element indicates whether all NVTs in the family should be selected. The growing element indicates whether new NVTs in the family should be added to the selection as they arrive. Leaving a family out of the family_selection is equivalent to including the family with all 0 and growing 0.

The effect of the all 0 and growing 0 case is subtle: if all NVTs were selected then all are removed (effectively removing the family from the config). However if some NVTs were selected then they remain selected. As a result the client must include in the family_selection all families that must have all NVTs selected.

The third option, an NVT selection, must include a family and may include any number of NVTs. The manager updates the given family in the config to include only the given NVTs.

If there was no error with the command sent by the client, the manager will apply the changes to the config and will reply with a response code indicating success.

Command attributes:

Command elements:

Examples:

C:

<modify_config config_id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6">
  <preference>
    <nvt oid="1.3.6.1.4.1.25623.1.0.14259"/>
    <name>Nmap (NASL wrapper)[checkbox]:UDP port scan</name>
    <value>eWVz</value>
  </preference>
</modify_config>

M:

<modify_config_response status="200" status_text="OK" />

M:

<modify_config_response status="4xx" />

M:

<modify_config_response status="500" status_text="Internal error" />

C:

<modify_config config_id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6">
  <family_selection>
    <!-- Set the config to add any new families that arrive. -->
    <growing>1</growing>
    <!-- Keep the single family that has all NVTs selected -->
    <family>
      <name>Debian Local Security Checks</name>
      <all>1</all>
      <growing>1</growing>
    </family>
  </family_selection>
</modify_config>

M:

<modify_config_response status="200" status_text="OK" />

M:

<modify_config_response status="4xx" />

M:

<modify_config_response status="500" status_text="Internal error" />

C:

<modify_config config_id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6">
  <family_selection>
    <!-- Keep the single family that has all NVTs selected -->
    <family>
      <name>Debian Local Security Checks</name>
      <all>1</all>
      <growing>1</growing>
    </family>
    <!-- Switch a family to receive any new NVTs that arrive. -->
    <family>
      <name>General</name>
      <growing>1</growing>
    </family>
  </family_selection>
</modify_config>

M:

<modify_config_response status="200" status_text="OK" />

M:

<modify_config_response status="4xx" />

M:

<modify_config_response status="500" status_text="Internal error" />

C:

<modify_config config_id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6">
  <nvt_selection>
    <family>Debian Local Security Checks</family>
    <nvt oid="1.3.6.1.4.1.25623.1.0.53797"/>
    <nvt oid="1.3.6.1.4.1.25623.1.0.63272"/>
    <nvt oid="1.3.6.1.4.1.25623.1.0.55615"/>
    <nvt oid="1.3.6.1.4.1.25623.1.0.53546"/>
  </nvt_selection>
</modify_config>

M:

<modify_config_response status="200" status_text="OK" />

M:

<modify_config_response status="4xx" />

M:

<modify_config_response status="500" status_text="Internal error" />

modify_note

The client uses the modify_note command to change an existing note. This command must include the ID of an existing note and the note text. This command may include a host list, port, threat, task and result.

If an optional element is left out, the existing value will be cleared, generalising that constraint.

If there was no error with the command sent by the client, the manager will apply the changes to the note and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<modify_note note_id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6">
  <text>This issue should be resolved after the upgrade.</text>
  <result id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6"/>
</modify_note>

M:

<modify_note_response status="200" status_text="OK" />

M:

<modify_note_response status="4xx" />

M:

<modify_note_response status="500" status_text="Internal error" />

modify_override

The client uses the modify_override command to change an existing override. This command must include the ID of an existing override and the override text. This command may include a host list, port, new threat, threat, task and result.

If an optional element is left out, the existing value will be cleared, generalising that constraint.

If there was no error with the command sent by the client, the manager will apply the changes to the override and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<modify_override override_id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6">
  <text>This issue is less important in our setup.</text>
  <new_threat>Low</new_threat>
</modify_override>

M:

<modify_override_response status="200" status_text="OK" />

M:

<modify_override_response status="4xx" />

M:

<modify_override_response status="500" status_text="Internal error" />

modify_report

The client uses the modify_report command to modify an existing report. This command must include the ID of an existing report and a comment.

If there was no error with the command sent by the client, the manager will add the comment to the report and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<modify_report report_id="65defe9b-bb28-4e85-9ed7-3f2a57ac8263">
  <comment>This is the report where vulnerability XYZ was found on our Webserver.</comment>
</modify_report>

M:

<modify_report_response status="200" status_text="OK" />

modify_task

The client uses the modify_task command to change an existing task. This command must include the ID of an existing task and must either include a name, a comment, an escalator, a schedule, an rcfile or a file.

If there was no error with the command sent by the client, the manager will apply the changes to the task and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<modify_task task_id="254cd3ef-bbe1-4d58-859d-21b8d0c046c6">
  <comment>Monthly scan of the webserver</comment>
</modify_task>

M:

<modify_task_response status="200" status_text="OK" />

M:

<modify_task_response status="4xx" />

M:

<modify_task_response status="500" status_text="Internal error" />

pause_task

The client uses the pause_task command to manually pause an existing task. This command must include the ID of an existing task.

If there was no error with the command sent by the client, the manager will pause the task and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<pause_task task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

M:

<pause_task_response status="201" status_text="OK, resource created" task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

M:

<pause_task_response status="4xx" task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

M:

<pause_task_response status="500" status_text="Internal error" task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

resume_or_start_task

The client uses the resume_or_start_task command to manually start an existing task, ensuring that the task will resume from its previous position if the task is in the Stopped state. This command must include the ID of an existing task.

If there was no error with the command sent by the client, the manager will resume or start the task and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<resume_or_start_task task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

M:

<resume_or_start_task_response status="200" status_text="OK" />

M:

<resume_or_start_task_response status="4xx" />

M:

<resume_or_start_task_response status="500" status_text="Internal error" />

resume_paused_task

The client uses the resume_paused_task command to manually resume a paused task. This command must include the ID of an existing task.

If there was no error with the command sent by the client and if the task is currently paused, the manager will resume the task and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<resume_paused_task task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

M:

<resume_paused_task_response status="200" status_text="OK" />

M:

<resume_paused_task_response status="4xx" />

M:

<resume_paused_task_response status="500" status_text="Internal error" />

resume_stopped_task

The client uses the resume_stopped_task command to manually resume a stopped task. This command must include the ID of an existing task.

If there was no error with the command sent by the client and if the task is currently stopped, the manager will resume the task and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<resume_stopped_task task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

M:

<resume_stopped_task_response status="200" status_text="OK" />

M:

<resume_stopped_task_response status="4xx" />

M:

<resume_stopped_task_response status="500" status_text="Internal error" />

start_task

The client uses the start_task command to manually start an existing task. This command must include the ID of an existing task.

If there was no error with the command sent by the client, the manager will start the task and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<start_task task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

M:

<start_task_response status="200" status_text="OK" />

M:

<start_task_response status="4xx" />

M:

<start_task_response status="500" status_text="Internal error" />

stop_task

The client uses the stop_task command to manually stop a running task. This command must include the ID of an existing task.

If there was no error with the command sent by the client, the manager will stop the task and will reply with a response code.

Command attributes:

Command elements:

Example:

C:

<stop_task task_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" /<

M:

<stop_task_response status="201" status_text="OK" status_text="OK" />

M:

<stop_task_response status="4xx" />

M:

<stop_task_response status="500" status_text="Internal error" />

test_escalator

The client uses the test_escalator command to invoke a test run of an escalator.

If there was no error with the command sent by the client, the manager will run the escalator and will reply with a response code indicating success.

Command attributes:

Command elements:

Example:

C:

<test_escalator escalator_id="825a5d10-24b2-4473-a4e0-55f8cfd4bf23" />

M:

<test_escalator_response status="200" status_text="OK" />

M:

<test_escalator_response status="4xx" />

M:

<test_escalator_response status="500" status_text="Internal error" />

History