Skip to main content

Quick Start Guide

This guide will walk you through creating your first project, running a vulnerability scan, and generating a comprehensive security report using Simple Vulnerability Manager.
Prerequisites: Make sure you have installed SVM and at least one scanning tool (OpenVAS, Nmap, or Nessus recommended).

Your First Security Assessment

1

Launch SVM

Start the Simple Vulnerability Manager application.Windows: Launch from Start Menu or run svm.exeLinux: Execute from installation directoryYou’ll see the main SVM interface with access to:
  • Project management
  • Vulnerability database
  • Scanning tools
  • Reporting features
2

Create a New Project

Projects in SVM organize your security assessments per client or target.
  1. Click “New Project” or navigate to the Projects section
  2. Enter project details:
    • Project Name: e.g., “Acme Corp Security Assessment”
    • Client Name: Organization being assessed
    • Description: Brief overview of the assessment scope
    • Target IP/Domain: The system you’re testing
  3. Click “Create” to initialize the project
All scan results, screenshots, and notes will be associated with this project for organized reporting.
3

Configure Your Target

Specify what you want to scan:Target Types:
  • Single IP: 192.168.1.100
  • Multiple IPs: 192.168.1.100,192.168.1.101
  • IP Range: 192.168.1.1-192.168.1.254
  • Domain: example.com
  • URL: https://example.com
Add the target to your project and select the assessment type:
  • Web Application Security
  • Infrastructure/Service Scanning
  • Mobile Application Security
4

Select a Scanning Tool

Choose the appropriate scanner for your assessment:

For Infrastructure Scanning

Best for: Comprehensive vulnerability assessment
  1. Select “OpenVAS Scan” from the tools menu
  2. Configure scan parameters:
    • Server: OpenVAS server IP (default: 127.0.0.1)
    • Port: OpenVAS port (default: 9390)
    • Username: admin
    • Password: OpenVAS (default, change if modified)
    • Scan Config: Choose from:
      • Full and fast
      • Full and deep
      • System Discovery
    • Report Format: HTML, PDF, or XML
  3. Click “Start Scan”
OpenVAS scans can take 30 minutes to several hours depending on the target size and scan configuration.

For Web Application Scanning

Burp Suite

Manual and automated web app testing with proxy capabilities

Arachni

Automated web application security scanner

Acunetix

Commercial web vulnerability scanner

Netsparker

Automated web application security scanner

For Mobile Security

MobSF

Static and dynamic analysis for Android/iOS apps

QARK

Quick Android Review Kit for APK analysis
5

Monitor Scan Progress

SVM displays real-time scan progress:
  • Scanning Status: Active, Queued, or Completed
  • Progress Indicator: Percentage complete (for supported tools)
  • Time Elapsed: Duration of current scan
  • Vulnerabilities Found: Live count during scan
Do not close SVM while a scan is in progress. You can minimize it and continue working.
Typical Scan Durations:
  • Nmap: 5-30 minutes
  • OpenVAS (Full & Fast): 30-90 minutes
  • OpenVAS (Full & Deep): 2-6 hours
  • Web scanners: 15 minutes to 2 hours
6

Review Scan Results

Once the scan completes, SVM automatically processes the results:
  1. View Summary: See vulnerability count by severity
    • Critical
    • High
    • Medium
    • Low
    • Informational
  2. Browse Vulnerabilities: Click on any finding to see:
    • Detailed description
    • Affected systems/services
    • CVSS score
    • CVE references
    • Exploit availability
  3. Add Evidence: For each vulnerability:
    • Add custom notes and observations
    • Upload screenshots
    • Mark false positives
    • Assign remediation priority
7

Enhance with Vulnerability Database

SVM’s built-in database provides comprehensive vulnerability information:
  1. Navigate to Vulnerability Database
  2. Browse categories:
    • Web Scanners: XSS, SQLi, CSRF, authentication issues
    • Service Scanners: Misconfigurations, missing patches, weak protocols
    • Static Scanners: Code quality and security issues
    • Mobile: Android/iOS specific vulnerabilities
  3. For detected vulnerabilities, add from database:
    • Click “Add to Project”
    • Review the pre-filled information:
      • What creates the problem
      • System impact
      • Remediation steps
    • Customize for your specific finding
The vulnerability database is continuously updated with the latest security research and remediation guidance.
8

Generate Professional Report

Create a comprehensive security assessment report:
  1. Select “Generate Report” from the project menu
  2. Choose report format:
    • HTML: Interactive web-based report
    • PDF: Professional document for distribution
    • Word: Customizable template (uses Template_SVM.dotx)
    • XML: For integration with other tools
  3. Configure report options:
    • Include executive summary
    • Add technical details
    • Attach screenshots and evidence
    • Filter by severity level
    • Include remediation timeline
  4. Click “Generate”
Example OpenVAS Report Process:
# Report is automatically generated after scan completion
# Saved to: [Project Documentation]/OpenvasReport - [Timestamp].html
Example Nmap Report Process:
# XML output is transformed to HTML using XSLT
# Saved to: [Project Documentation]/NmapReport - [Timestamp].html
9

Review and Deliver

Your report is now ready:
  1. Preview: SVM automatically opens the report for review
  2. Validate: Ensure all findings are accurate and properly documented
  3. Export: Save to your preferred location
  4. Share: Deliver to your client or security team
Reports include:
  • Executive summary with risk overview
  • Detailed findings with evidence
  • Remediation recommendations
  • Technical appendices
  • Scan metadata and methodology

Example Workflow: OpenVAS Infrastructure Scan

Here’s a complete example of scanning a server with OpenVAS: 
# The scan process (handled automatically by SVM)
# 1. Create target in OpenVAS
omp --host=127.0.0.1 --port=9390 --username=admin --password=OpenVAS \
  --xml="<create_target><name>WebServer-2024</name><hosts>192.168.1.100</hosts></create_target>"

# 2. Create scan task
omp --xml="<create_task><name>WebServer-2024</name><config id='[scan-config-id]'></config></create_task>"

# 3. Start scan
omp --xml="<start_task task_id='[task-id]'></start_task>"

# 4. Monitor progress
# SVM polls every 60 seconds until status = "Done"

# 5. Generate report
omp --xml="<get_reports report_id='[report-id]' format_id='[html-format]'/>"

# 6. Decode and save
# Report saved to: /tmp/OpenvasReport - [Timestamp].html
SVM automates this entire process. The commands above show what happens behind the scenes.

Example Workflow: Nmap Network Discovery

# Quick network scan with service detection
nmap -Pn -O --system-dns -vv -sS -sC -sV \
  -oA "NetworkDiscovery" \
  -pT:1-65535,U:53,161,500 \
  192.168.1.0/24

# Output files:
# - NetworkDiscovery.xml (machine readable)
# - NetworkDiscovery.html (transformed by SVM)
# - NetworkDiscovery.nmap (human readable text)

Best Practices

Authorization

Always obtain written permission before scanning any system you don’t own. Unauthorized scanning may be illegal.

Scope Definition

Clearly define the assessment scope in your project. Document:
  • Target systems
  • Allowed testing methods
  • Excluded systems
  • Testing timeframes

Evidence Collection

Take screenshots and detailed notes for every finding. This evidence:
  • Validates vulnerabilities
  • Helps in remediation
  • Protects against disputes

Safe Scanning

Be cautious with aggressive scans:
  • Start with passive reconnaissance
  • Use “Full and Fast” before “Full and Deep”
  • Schedule intensive scans during maintenance windows
  • Monitor target systems for issues

Next Steps

Advanced Features

Explore SVM’s advanced capabilities:
  • Custom vulnerability templates
  • Multi-target scanning
  • Scan scheduling
  • Template customization

Tool Integration

Learn how to integrate additional tools:
  • Custom scanner scripts
  • API integrations
  • Remote scanning setup

FAQ & Wiki

Browse common questions and solutions in the community wiki

Join the Community

Connect with other SVM users and stay updated on new features

Troubleshooting Common Issues

Possible causes:
  • Tool not properly installed or configured
  • Incorrect credentials (OpenVAS, Nessus)
  • Target not reachable
  • Firewall blocking scanner
Solutions:
  1. Verify tool installation: Check the tool appears in SVM’s available scanners
  2. Test connectivity: Ping the target and ensure ports are accessible
  3. Check credentials: Verify OpenVAS/Nessus login works manually
  4. Review firewall rules: Ensure scanning traffic is permitted
Error: Scan status shows “Internal Error”Solutions:
# Restart OpenVAS services
sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo service greenbone-security-assistant restart

# Verify OpenVAS is running
sudo systemctl status openvas-scanner
sudo systemctl status openvas-manager
Possible causes:
  • Scan did not complete successfully
  • Report format not supported by scanner
  • Insufficient disk space
Solutions:
  1. Verify scan reached “Done” status
  2. Check SVM logs for error messages
  3. Ensure output directory is writable
  4. Try alternative report format
This might be normal, but verify:
  • Target is responding to probes
  • Scan configuration is appropriate (not too conservative)
  • Firewall isn’t blocking scan traffic
  • Target is actually vulnerable (test with known-vulnerable systems)
Run a basic connectivity test:
nmap -Pn -p 80,443,22,21,3306 [target-ip]

Support

Need help? Here are your resources:
You’re now ready to perform comprehensive security assessments with Simple Vulnerability Manager. Happy scanning!