What is Threat Modeling
👨🔧 OpenVulnScan Admin Guide
Installation
1. Clone the Repository
| git clone https://github.com/sudo-secxyz/OpenVulnScan.git cd OpenVulnScan |
2. Environment Setup
-
-
Create a
.envfile based on.env.example -
Configure:
-
Database URI
-
Email service (for alerts)
-
OAuth credentials
-
Redis (for task queue)
-
-
3. Launch the App
| docker-compose up --build |
The app runs at http://localhost:8000.
Managing Users
Most User management can be handled in the User Management UI in the profile drop-down
-
Users are stored in the
userstable. -
Admins can change roles via the admin panel or directly in the DB.
-
You can disable accounts by setting
is_activeto false.
Managing Agents
| curl -O "http://localhost:8000/agent/download?openvulnscan_api=http://localhost:8000/agent/report" |
openvulnscan_api=change to the ip address of scanner if not localhost
| mv download agent.py python3 agent.py |
-
Agents register using a shared secret or API key.
-
Agent data is stored in the
agentsandagent_packagestables. -
You can revoke agents in the dashboard or via API.
Security Configuration
-
Use HTTPS in production with a reverse proxy (e.g., Nginx).
-
JWT secrets and session signing keys should be strong and stored securely.
-
Enable login rate limiting via middleware settings.
Scheduled Tasks
-
Background scans (e.g., scheduled CVE checks) are managed via FastAPI background tasks or Celery if configured.
-
You can configure scan intervals in the UI.
CVE Enrichment
-
CVE data is pulled from NVD or a local mirror (if set).
-
To refresh data:
| python scripts/update_cve.py |
API Access
-
API keys can be issued to users for external integration.
-
All routes are protected with OAuth2 or token-based auth.
-
Documentation available at
/docs.
Forwarding Syslogs
- simple raw syslog forwarding availible via the settings menu
