Hello - I usually create PDF reports when I’ve finally run a scan. However, now that I’ve upgraded to GVMd 20.08, I’ve found that the ‘PDF’ option is actually only the XML version, under a different name. (I was baffled at first, until I opened the PDF report in a text editor, which clearly showed that it was XML.) How do I get this version of Greenbone to create actual PDFs?
Operating system: Centos 8
Linux ip-172-30-0-31.ec2.internal 4.18.0-240.10.1.el8_3.x86_64 #1 SMP Mon Jan 18 17:05:51 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Installed from RPMs, pulled from the Atomic repo
Of course - in the GSA, I click on a Task, then click on the Report. Within the Report, I click on Results, and then I usually filter out ‘Low’ and ‘Informational’ level items, so that the report I produce only has High and Medium level items.
I then click on Download Filtered Report, and select ‘PDF’ as the report format. For instance, today I downloaded one which was generated as file “report-aa935547-308e-421e-b178-4d0ba41e077d.pdf”. But, when I double-click, or go to Acrobat to open the file, it tells me that it’s a corrupted file.
So, as I mentioned, I randomly opened it with vi, and saw that it was actually an XML file. There are relatively few differences between what gets saved as PDF and what gets saved as XML. I’ll provide examples in the next two posts.
So, as I say, here’s a sanitized version of the first few lines of the report saved as Anonymous XML:
admin2021-03-11T16:39:19Z<creation_time>2021-03-11T16:39:19Z</creation_time><modification_time>2021-03-11T17:18:56Z</modification_time>0<in_use>0</in_use><report_format id=“xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx”>Anonymous XML</report_format>20.08severitydescendingapply_overrides=0 levels=hm rows=1000 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1HighMediumapply_overrides=0levels=hmrows=1000min_qod=70first=1sort-reverse=severitynotes=1overrides=1<severity_class id=“xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx”>nist<full_name>NVD Vulnerability Severity Ratings</full_name><severity_range>None0.00.0</severity_range><severity_range>Low0.13.9</severity_range><severity_range>Medium4.06.9</severity_range><severity_range>High7.010.0</severity_range></severity_class><scan_run_status>Done</scan_run_status>6<closed_cves>4</closed_cves>3411<ssl_certs>8</ssl_certs>Non-Pingable Host scan0Non-pingable Targets 31002021-03-11T16:39:05Z<scan_start>2021-03-11T16:39:19Z</scan_start>Coordinated Universal Time<timezone_abbrev>UTC</timezone_abbrev>105986/tcp1,2,3,44.0Medium135/tcp2.3.4.55.0Medium135/tcp3.4.5.65.0Medium5986/tcp4.5.6.74.0Medium135/tcp5.6.7.85.0Medium5986/tcp6.7.8.94.0MediumDCE/RPC and MSRPC Services Enumeration Reportingadmin<modification_time>2021-03-11T16:46:51Z</modification_time><creation_time>2021-03-11T16:46:51Z</creation_time>7.8.9.0135/tcpnvtDCE/RPC and MSRPC Services Enumeration ReportingWindows<cvss_base>5.0</cvss_base>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:N/A:N|summary=Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.|insight=|affected=|impact=An attacker may use this fact to gain more knowledge
about the remote host.|solution=Filter incoming traffic to this ports.|vuldetect=|solution_type=MitigationFilter incoming traffic to this ports.<scan_nvt_version></scan_nvt_version>Medium5.080Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
Port: 49152/tcp
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:172.1.1.1[49152]
Port: 49153/tcp
UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1
Endpoint: ncacn_ip_tcp:172.1.1.1[49153]
And here are the first few lines of the “PDF” version:
20.08severitydescendingapply_overrides=0 levels=hm rows=1000 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1HighMediumapply_overrides=0levels=hmrows=1000min_qod=70first=1sort-reverse=severitynotes=1overrides=1<severity_class id=“xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx”>nist<full_name>NVD Vulnerability Severity Ratings</full_name><severity_range>None0.00.0</severity_range><severity_range>Low0.13.9</severity_range><severity_range>Medium4.06.9</severity_range><severity_range>High7.010.0</severity_range></severity_class><scan_run_status>Done</scan_run_status>6<closed_cves>4</closed_cves>3411<ssl_certs>8</ssl_certs>Non-Pingable Host scan0Non-pingable Targets 31002021-03-11T16:39:05Z<scan_start>2021-03-11T16:39:19Z</scan_start>Coordinated Universal Time<timezone_abbrev>UTC</timezone_abbrev>101.2.3.45986/tcp4.0Medium2.3.4.5135/tcp5.0Medium3.4.5.65986/tcp4.0Medium4.5.6.75986/tcp4.0Medium5.6.7.8135/tcp5.0Medium6.7.8.9135/tcp5.0MediumDCE/RPC and MSRPC Services Enumeration Reportingadmin<modification_time>2021-03-11T16:46:51Z</modification_time><creation_time>2021-03-11T16:46:51Z</creation_time>7.8.9.0135/tcpnvtDCE/RPC and MSRPC Services Enumeration ReportingWindows<cvss_base>5.0</cvss_base>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:N/A:N|summary=Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.|insight=|affected=|impact=An attacker may use this fact to gain more knowledge
about the remote host.|solution=Filter incoming traffic to this ports.|vuldetect=|solution_type=MitigationFilter incoming traffic to this ports.<scan_nvt_version></scan_nvt_version>Medium5.080Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
Port: 49152/tcp
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:172.1.1.1[49152]
Port: 49153/tcp
UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1
Endpoint: ncacn_ip_tcp:172.1.1.1[49153]
Annotation: NRP server endpoint
UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1