GMP with PHP

Dear,

I think it’s more a PHP issue than a GMP issue, but maybe someone can help me.

I want to control GMP/OpenVAS using my existing PHP application. I’ve created a python script to run > a GMP command:

    def main(gmp, args):
    print('Start...')
    gmp.resume_task("0e1dd0c7-3081-4638-902b-6381b3d1079d")
    print('Done.')


if __name__ == '__gmp__':
    main(gmp, args)

When I run this using this command in the shell, it works fine:
gvm-script --gmp-username admin --gmp-password PASSWORD ssh --hostname 192.168.6.133 resumescan.gmp.py

But since I want to control it using PHP, I tought I can use shell_exec. But it doesn’t output anything.

<?php $output = shell_exec('sudo gvm-script --gmp-username admin --gmp-password PASSWORD ssh --hostname 192.168.6.133 resumescan.gmp.py'); echo "
$output

"; ?>

When I am running shell_exec with an ls command, it works fine.

Maybe it has something to do with permissions. So I’ve tried multiple thing to change the permissions, without susces.

Give full sudo permissions to www-data, with sudo visudo:
www-data ALL=NOPASSWD: ALL

Some extra info:

  • I am using the latest version of GMP (confirmed that with another issue yesterday).
  • I am using Ubuntu subsystem on Windows.
  • On Ubuntu subsystem runs the gvm-tools and apache+php.
  • I’ve never did Python before and I am kind of noob into OpenVAS.

Who has som info to get it working? Maybe am I doing some complete retard things?

Thanks

That combination is a security nightmare ! I hope you never every wanna plan this to get online ? I suggest you speak direct GMP via your server ith a socket-connection without any shell_exec and other high risk constructs.

https://www.php.net/manual/en/ref.sockets.php

Before you shoot your self into the foot, i will closing this topic here right now.

2 Likes