2012-01-09: Project renaming to INOVASC, version up to 1.2.4
- Re-coding to support OpenVAS instead of Nessus. Implementation of the OpenVAS scanner protocl OTP 1.0, dropping support for Nessus NTP 1.2. Renaming the software from NessusWC (Nessus Web Client) to INOVASC (Independent OpenVAS Client).
- Implemented scan credentials for executing checks directly on the remote system. Currently, SSH and SMB with username/password is possible.
- Web-layout re-design for a more modern look and feel. Adding a scan summary to the scan report.
- Implementation of a decent protocol and plugin debugging.
2008-03-20: Version number bumped to v1.2.2 for minor bugfix:
- Implemented correct error handling when the nessus server plugin list exhausts the max number of plugins defined in NessusWC. I also raised the default value from 20000 to 40000.
2007-09-18: Version number bumped to v1.2.1 for minor changes:
- The results file has been updated to highlight the Nessus Risk factor rating. The risk rating is now set in bold font, whith the risk result colored according to criticality.
- verified functionality with latest Nessus version 2.2.10.
- fixed wrong page count for scanresults.cgi. When the number of certs is divisible through the max. entries per page without remainder, meaning that all pages are filled to the max, a extra empty page was generated.
- fixed the display bug that occured when NessusWC is used with Nessus user and password where the password contains HTML reserved characters. cgic's cgiHtmlEscape prevents it. Thanks go to Marcelo for reporting.
2005-07-15: Version number bumped to v1.2 with new functionality:
- Introduction of scan templates. Scan templates allow to define a scan configuration (the list of enabled plugins) under a template name. Scans now can be easier standardized and repeated (i.e. to check for compliance). The template file format is identical to the NessusWX windows client program. Session configuration files exported from NessusWX can be copied into the templates directory and used without changes. The following example templates are included:
- Sans Top-20
- Database Systems
- E-Mail Services
- Web Services
- Network Equipment
- Unix Systems
- Windows Systems
- General Services
Scan templates can also be generated from within NessusWC by selecting appropriate plugin families.
- Verifying scheduled Scans with a scan template, example: Run a scan each saturday for host 192.168.11.110 with template "Windows Systems" (is template-003.rc) add to the crontab of the webserver user (wwwrun) a line like:
47 7 * * 6 wget http://localhost/nessuswc/cgi-bin/"scanprocess.cgi?nessusd-ip=127.0.0.1&nessusd-port=1241&nessusd-encr=SSLv3&nessusd-user=fm&nessusd-pass=test&nessusd-cert=none&t-ip=192.168.11.110&t-mask=255.255.255.255&template=template-003.rc" > /dev/null 2>&1
- updated the help with details about scan templates and scheduled scans
- The biggest update is the implementation of a real-time scan progress window in scanprocess.cgi. The window opens as a popup on request through the "Show Scan Process Details" button. It shows the current scan process while constantly refreshing itself until the scan is done.
- I re-wrote scanresult.cgi to display scan results sorted by scan time. Latest scans now appear first by default and it can be switched to show oldest first. Eventually, alternate sorting by IP could be implemented, also.
A Sanity check is now implemented to correctly error on nonexisting page numbers for the cgi call (i.e. more then really exist or negative numbers).
- Generated and added the scan duration time to the scan result output page (see bottom).
- Selecting the Port Scanner family resulted in firing up all 8 port scanners that clogged up the whole scan. Until the implementaton of single plugin configuration, a workaround is a hardcoded to select of only these plugins: the NMAP portscan/RPC scan (ID 14259), the Ping plugin (ID 10180) and the tcp connect() scan (ID 10335). The workaround can be disabled by removing the definition of PORTSCAN_WORKAROUND in nessuswc.h.
- Fixed the column display error in scanconfig.cgi that occurs when the number of plugin families is uneven. (With the latest nessus plugin update on the server, the new total is 5833 plugins in 37 families).
- Set cgi calling method to "POST" were appropriate. This prevents displaying the CGI calling data in the URL.
- Updated help.txt and README for common compile errors and were to configure default nessus login settings
- cleaned out the doc/ directory, removing nessus client dump files and general C-programming literature
- Initial release on freshmeat.net