Screenshots and functionality

This is the new front page. It has been completely re-written and is now Flash based.

NOTE: Because this is Flash based, do NOT use the browsers Back or Refresh buttons. It will basically restart the application. If you were logged into the app, this action will log you off. Use the buttons within the application. You can click on the Help button at any time for simple in-app help or click on simpleness at the top of any page to get a dialog box with help links on the web.

The first time you start the application (fresh install), there will be no data, so you will have to submit at least one Nessus scan or manually import a NBE file (with the importness.pl script).

Log into the application. The initial users are: nesuser, admin and sa. All of their passwords are set to "password" by default and should be changed immediately.

Once logged in, you will notice two new buttons: My Account and Nessus.

Go to My Account and change your password.

Now go to the Nessus screen to start a scan. All of the same functions as the last version are here with the addtion of the ability to now schedule scans. You will be able to disable the ability to use custom nessusrc files in the config.xml file (just set it to No).

Selecting the Schedule Run Time radio button will display a new section so that you can choose a time to run the scan. All scans are actually scheduled, but if the Run Now option is selected, it's scheduled to run within the next minute. This allows for other processes to run in the background and make it easier to report on and even kill the process if necessary. This also now allows the window to be closed after starting a scan whereas the previous version, once a scan was started, the window had to remain open.

Go to the my Jobs screen to view running, scheduled or past jobs. This is a new feature. You can view running jobs, the hosts your scanning as well as kill the process. You will also be able to do the same for scheduled jobs and even remove the job if necessary. The final section will display all past reports for viewing.

View showing info in each section.

Highlight a job and the buttons become available.

Now that there is data in the database, go back to the Main screen. You may have to click the Refresh button IN the application so that it re-reads the info from the database. Once this is done, you can select the dropdown and a quarter should be displayed. Select the quarter to display. NOTE: You do NOT have to be logged into the application to run any reports. If you need to secure the site, utilize Apache to do so. I use Apache to secure the site and allow a large number of people access and then only allow a select few to have a secondary login that allows them into the app to run scans, etc.

Once a quarter is selected, it will parse the information and fill in the table and draw a few graphs.

To view the specific details about all of the hosts, you can click on the Details button at the top or you can click on either of the rows in the table. Selecting either row will take you directly to either the Microsoft of Unix details screen. On the details page, the only thing displayed at first is the list of servers and the number of vulnerabilities they have.

Select a host and all of the info from the Nessus report will be displayed. Select a particular vulnerability detail and your notes section will become available and/or display any current information. Click on Edit Fields to edit any of the details.

The button will change to Save Changes. Click this when done editing the Notes section.

You can go to the Reports page and run a report to see the 10 ten high risk vulnerabilities for a given quarter. Currently, this is the only other report available other than whats on the Main page. I plan on adding more at some point....

Image showing top vulns for a quarter. (Only one host with high risk vulns, so not showing a lot right now.)

Back on the Nessus page, there is also a section to create custom nessusrc files. Make any choices and it will create a new nessusrc file based on the defaults you created for the application. It will store it in the users folder in the root of the app.

My logging in as the "admin", you will have access to another section of the application. The Administration page allows you to admin users, groups and the databases. This is the Users section.

Managing Groups.

Managing the databases. You can create a backup of either or both databases. You can also trim the Nessus database by selecting a quarter and it will delete all of the data related to that quarter.