Operating system: Linux
Installation method / source: debian package
I’d like to know how to get ALL the results from the already-complete scan with more than 1000 results in xml format.
At this point any way will do - using GSA, or the python-gvm.
I understand that 1000 is a hard-limit for any entities, but getting scan results is a pretty common task,
so WTF - why is there no sane documentation on how to accomplish this?! Moreover - GSA doesn’t notify in any way that not all the results have been included. This is outrageous.
Things tried so far
- ignore_pagination=1 levels=hmlg min_qod=0 filter
- using first=1000 to get the rest of the results in filter
- rows=-1 filter
@Yurii does --max-rows 0 fix the issue? or --max-rows 3000 or similar?
sounds like hard coded value and cannot find it from sourcecodes
Could you please specify the script/tool that is supposed to take the key (–max-rows)?
@Yurii sounds like value is hardcoded into sourcecode. so, it means that you can only get 1000 results for one host. that is “enought for most of people”…
@Eero For one host - sure. My problem is that I cannot get more than 1000 results from the scan, which was performed on more than 300 hosts. Whatever I’ve tried the export yields 1000 results, which is about 60% of all results, available in the report.
@Yurii that is feature, not a bug
@Yurii maybe it’s possible to modify source to skip this hardcoded max value. this means recompiling some parts of software.
to get more then 1000 results you need to request a report with setting
ignore_pagination to 1. For example :
<get_reports report_id="..." ignore_pagination="1" details="1" filter="levels=hmlg min_qod=0" />. It’s not possible to request more then 1000 items with
@bricks This sounds like great news. Could you please be more specific:
- is the example you’ve provided meant to be used as a reference for raw api request?
- can the same be done in gvm-python - I’ve tried get_reports(), but it doesn’t return the expected ‘report/results’ tag
- can the same be done in gsa gui?
To allow more then 1000 items, you can run
gvmd --modify-setting 76374a7a-0569-11e6-b6da-28d24461215b --value 10000 as your user that is run gvmd like
but this will affect also some other things and makes it slower.
@bricks example was for the
gvm-cli raw xml request.
get_report() should return what you try with
yes, you can export the xml.
Yes of course. See the get_report API docs.
gmp.get_report(report_id, filter_string="...", ignore_pagination=True, details=True)
The UI is doing exactly this. You can take a look at the network requests in your browser’s console.
Thank you. Got it - gvm-cli xml req works nicely.