Introduction and Design

INOVASC development goals were pure simplicity. No Java, PHP, databases or other session-enabling technology must be maintained. CGI technology allows for a rapid deployment in a multitude of environments, all it needs is a standard webserver.

The benefit is a centrally located vulnerability scan client that is accessible from anywhere with a web browser. The operation is kept so simple, even a non-IT person could start a scan.

INOVASC connects to the OpenVAS Scanner daemon openvassd using the OpenVAS Transfer protocol OTP. It downloads the scan configuration, provides a highlevel selection of security checks to execute, starts a host scan and reports the scan results in HTML format. With the trade-off for not being able to "fine-tune" the scan settings, reliable results can be obtained quickly with minimal overhead. By supporting user logins for executing local checks, INOVASC implements credential-based scans for even more useful data.

Credits and Copyrights

INOVASC has been developed for use with a Apache webserver under Linux, connecting to a OpenVAS v4.x/v5.x server and is using libraries such as:

To my best knowledge, I need to mention copyrights of the GPL, the OpenSSL team (Mark J. Cox, Ralf S. Engelschall, Ben Laurie, Dr. Stephen Henson), Thomas Boutell for the cgic library, and Renaud Deraison with the Tenable Network Security team for the Nessus server software and protocol information.

Thanks to the OpenVAS project and their supporters, we have a open, powerful, flexible platform for vulnerability assessments that can be taylored to many needs.


This software is released under the terms of the GPL license, provided as is, with no warranties whatsoever. You are free to use it, change it and do whatever you want provided you keep the original author information intact.