Skip to main content

General Questions

Simple Vulnerability Manager is a comprehensive tool for vulnerability analysts that enables complete system weakness analysis and report generation. It includes a database of recognized vulnerabilities organized into Web Scanners, Service Scanners, Static Scanners, and Mobile categories.Each vulnerability includes:
  • Brief description of the issue
  • System impact assessment
  • Step-by-step resolution instructions
  • Project Management: Create and manage client projects with personalized comments and screenshots
  • Vulnerability Database: Comprehensive database of Web, Service, Static, and Mobile vulnerabilities
  • Report Generation: Generate technical and executive reports in Word format
  • Tool Integration: One-click execution of external scanning tools
  • Evidence Management: Add screenshots and detailed evidence for each vulnerability
  • Multi-language Support: Available in Spanish, English, and Russian (v2.1.0+)
Web Scanners:
  • Acunetix (v10.5 and v11/v12)
  • Burpsuite
  • Netsparker
  • Arachni Web Application
Service Scanners:
  • Qualys Community and Enterprise
  • Nessus
  • OpenVAS
  • Nmap
Android Tools:
  • ApkTools
  • Enjarify
  • JD-Gui
  • MobSF
  • QARK
  • AndroBugs Framework
  • Uber Apk Signer
Information Tools:
  • Recon-ng
  • EyeWitness
SVM Free:
  • Freeware license for personal use
  • Local database storage
  • All core scanning and reporting features
  • Open source scripts (.bat and .sh files)
SVM Pro:
  • Professional license required for company use
  • Client-server architecture with remote database
  • Multi-user support with synchronized data
  • Encrypted and compressed data transmission (v2.0.2+)
  • Contact: contacto@simplevulnerabilitymanager.com
Demo available: Server: svm.myddns.me | Port: 8444 | Token: svm_demo
Installation is straightforward:
  1. Download the installer from GitHub Releases
  2. Run the installer and follow the instructions
  3. No additional configuration required
  4. Start using SVM immediately
The application includes all necessary dependencies except for external scanning tools and Microsoft Office (required for report generation).

Platform Compatibility

Yes! SVM runs on Linux and MacOS using Wine.MacOS Installation (v1.1.792+):
  • Wine Stable 2.0.3 or later
  • XQuartz 2.7.11 (required by Wine 2.0.3)
Linux Compatibility:
  • Debian 9 and later (improved detection in v2.0.3)
  • Ubuntu (including Ubuntu for Windows 10)
  • Other distributions supporting Wine
Several Wine-specific bugs were fixed in version 2.1.0 and later for improved cross-platform stability.
Yes, full Unicode support was added in version 2.1.0. This enables:
  • International characters in project names
  • Unicode in vulnerability descriptions
  • Proper handling of non-ASCII characters in reports
  • Support for multiple languages (Spanish, English, Russian)

Reports and Documentation

SVM generates reports in Microsoft Word format using customizable templates:Report Types:
  • Technical Report (Informe Técnico)
  • Executive Report (Informe Ejecutivo)
  • Generic Report (Informe Genérico)
Report Features:
  • Customizable risk colors and table styles
  • Statistical charts with custom colors
  • Variable substitution (e.g., [Proyecto], [Subtitulo])
  • Evidence and screenshots included
  • Risk-based vulnerability tables
Microsoft Word is required for report generation.
Yes, reports are fully customizable (v2.0.0+):
  1. Template Editing: Double-click the template in configuration to edit it directly in Word
  2. Custom Styles: Assign different table styles from your template to each risk level
  3. Color Customization: Set custom colors for risk levels and statistical charts
  4. Variables: Use variables like [Proyecto] and [Subtitulo] in templates
  5. Title Styles: Select title styles extracted from your template
The template uses the style name Titulo_SVM for better compatibility with English and Spanish Word versions (v2.0.3+).
SVM can export vulnerability data to Excel:
  1. Use the Search feature (Buscador) to filter vulnerabilities
  2. Click the Export to Excel option
  3. Excel file includes all filtered results including Critical vulnerabilities (fixed in v2.1.0)
Microsoft Excel is required for export functionality.

Remote Scanning

SVM supports remote scanning via SSH for most Linux-based tools:Configuration Requirements:
  • Linux server with scanning tools installed
  • SSH access credentials
  • PuTTY tools (plink.exe, pscp.exe) included with SVM
Supported Remote Scans:
  • OpenVAS (Remote SSH)
  • Nessus
  • Arachni
  • Recon-ng
  • EyeWitness
  • Enjarify
  • QARK
  • ApkTools
Scripts are automatically copied to the remote server and executed via SSH.
No. Qualys External scanners cannot scan private IP addresses (RFC 1918 ranges):
  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16
For internal network scanning, you must:
  • Use Qualys Internal Appliances instead
  • Configure an internal scanner in your Qualys account
An informative message was added in v1.1.788 to alert users about this limitation.

Updates and Maintenance

Application Updates:
  • SVM automatically checks for new versions (v2.0.0+)
  • Update notifications direct you to the download page
  • Manual download from GitHub Releases
Script Updates (v2.1.0+):
  • Go to Tools → Update All Scripts
  • Updates all internal scripts and tools
  • Scripts are open source on GitHub
External Tool Updates:
  • Use Tools → Install/Update Tools (Local/Remote)
  • Downloads latest versions of integrated tools
OpenVAS:
  • Menu: Tools → OpenVAS Plugins
  • Updates vulnerability definitions
Nessus:
  • Menu: Tools → Nessus Update Plugins (v1.1.787+)
  • Updates vulnerability definitions
Plugin updates ensure you have the latest vulnerability signatures for accurate scanning.

Database and Backup

For local database installations:
  1. Go to Database → Backup
  2. Select backup location
  3. SVM creates a backup file
A Wine-specific backup error was fixed in v2.0.3, ensuring proper backup functionality on Linux/MacOS.
Yes, but with considerations:Multiple Instances (v2.1.0+):
  • Executable name (svm.exe) is associated with configuration file (svm.ini)
  • This allows running Standalone and Professional versions simultaneously
  • Each instance must have its own configuration file
Wine Compatibility:
  • Fixed error when exiting second instance (v2.0.3)
  • Properly handles multiple instances on Linux/MacOS
Ensure each instance uses a different database to avoid conflicts.

Troubleshooting Resources

Official Resources:Community:Support:
SVM includes a built-in bug/idea reporter (v2.0.0+):
  1. Go to Menu → BugIdeas
  2. Select whether reporting a bug or suggesting a feature
  3. Provide detailed description
  4. Submit to development team
You can also:

Advanced Features

Yes, SVM supports proxy configuration for tool downloads and updates:Proxy Settings:
  • Configure in Settings → Configuration
  • Supports authentication (username/password)
  • Used for downloading tools and updates
  • Applies to: Qualys, tool installations, script updates
Example: --proxy 192.168.1.1:8080 --proxy-user username:password
Yes, for certain tools:SSL/TLS Certificates:
  • Invalid certificates accepted for OpenVAS and Nessus (v1.1.789)
  • Certificate installation script included: cert_install.bat
  • Enables access to tools with self-signed certificates
This is particularly useful for internal security tools that use self-signed certificates.
Yes, for most scanning tools:OpenVAS:
  • Edit scan configs via: Tools → OpenVAS → Edit Script
  • Local and remote configurations supported
  • Custom scan profiles available
Nessus:
  • Select from available policies
  • Configure via Nessus web interface
  • SVM retrieves available policies automatically
Acunetix v11/v12:
  • Six built-in profiles available
  • Full Scan, High Risk, XSS, SQLi, Weak Passwords, Crawl Only
  • Custom headers, cookies, and authentication supported