Export all scan results (from a single report or multiple) when then are more than 1000 results

GVM versions

gsad: 21.4.4
gvmd: 21.4.5
openvas-scanner: 21.4.4
gvm-libs: 21.4.4

Environment

Operating system: Linux
Kernel: 5.16.0-amd64
Installation method / source: debian package

The problem

I’d like to know how to get ALL the results from the already-complete scan with more than 1000 results in xml format.
At this point any way will do - using GSA, or the python-gvm.

I understand that 1000 is a hard-limit for any entities, but getting scan results is a pretty common task,
so WTF - why is there no sane documentation on how to accomplish this?! Moreover - GSA doesn’t notify in any way that not all the results have been included. This is outrageous.

Things tried so far

  • ignore_pagination=1 levels=hmlg min_qod=0 filter
  • using first=1000 to get the rest of the results in filter
  • rows=-1 filter

@Yurii does --max-rows 0 fix the issue? or --max-rows 3000 or similar?

sounds like hard coded value and cannot find it from sourcecodes

Eero

@Eero
Could you please specify the script/tool that is supposed to take the key (–max-rows)?

@Yurii sounds like value is hardcoded into sourcecode. so, it means that you can only get 1000 results for one host. that is “enought for most of people”…

Eero

@Eero For one host - sure. My problem is that I cannot get more than 1000 results from the scan, which was performed on more than 300 hosts. Whatever I’ve tried the export yields 1000 results, which is about 60% of all results, available in the report.

@Yurii that is feature, not a bug :slight_smile:

Eero

@Yurii maybe it’s possible to modify source to skip this hardcoded max value. this means recompiling some parts of software.

Eero

Hi,

to get more then 1000 results you need to request a report with setting ignore_pagination to 1. For example : <get_reports report_id="..." ignore_pagination="1" details="1" filter="levels=hmlg min_qod=0" />. It’s not possible to request more then 1000 items with <get_results/>.

1 Like

@bricks This sounds like great news. Could you please be more specific:

  • is the example you’ve provided meant to be used as a reference for raw api request?
  • can the same be done in gvm-python - I’ve tried get_reports(), but it doesn’t return the expected ‘report/results’ tag
  • can the same be done in gsa gui?

To allow more then 1000 items, you can run

gvmd --modify-setting 76374a7a-0569-11e6-b6da-28d24461215b --value 10000 as your user that is run gvmd like gvm

ref: https://github.com/greenbone/gvmd/blob/7862bd54a0c7524524e6460dad70f155dd30510d/src/manage_sql.h#L113

but this will affect also some other things and makes it slower.

@bricks example was for the gvm-cli raw xml request.

get_report() should return what you try with get_reports()?

yes, you can export the xml.

1 Like

Yes

Yes of course. See the get_report API docs.

gmp.get_report(report_id, filter_string="...", ignore_pagination=True, details=True)

The UI is doing exactly this. You can take a look at the network requests in your browser’s console.

1 Like

@Dexus @bricks
Thank you. Got it - gvm-cli xml req works nicely.