NamicSoft Portal Manual

NamicSoft Portal Manual

You are here:
< Back

This is the manual for NamicSoft Portal. Please note that this manual is not valid for NamicSoft Scan Report Assistant. In this manual “NamicSoft” and “NamicSoft Portal” is synonymous.

Please note that NamicSoft Portal is currently in beta. It is not yet recommended for use in production environments.

Tech stack

NamicSoft Portal is written in ASP.NET Core and currently running on .NET 6. Data is stored in an SQLite database which is shipped with NamicSoft, so no database installation is required. The built-in ASP.NET Core webserver Kestrel is used as a webserver.

Technical requirements

NamicSoft Portal can run on all platforms where .NET 6 is available, including Windows, Linux and MacOS. Please see Microsoft’s documentation for all supported operating systems https://github.com/dotnet/core/blob/main/release-notes/6.0/supported-os.md

To run NamicSoft your system needs to have the two folloing .NET runtimes:

.NET Desktop Runtime 6.X.Y

ASP.NET Core Runtime 6.X.Y

You can download these runtimes at this link https://dotnet.microsoft.com/en-us/download/dotnet/6.0.

Running NamicSoft Portal the first time

Running on Windows

On Windows you have two options of how to start NamicSoft.

Start PowerShell and navigate to the NamicSoft folder

PS> dotnet .\NamicSoftPortalGUI.dll

NamicSoft Portal will now run and give you information on which URL it is listening to (default https://localhost:5001)

Running on Linux (Ubuntu)

First make sure that .NET is installed. See Microsofts documentation of how to install .NET if it is not already installed.

Open and terminal and navigate to your NamicSoftPortal folder

Start NamicSoft Portal:

$ dotnet NamicSoftPortalGUI.dll

NamicSoft will now start and listen to the configured portal, see chapter “Listening port and address” for more information.

Running MacOS

Running MacOS is not yet tested. If you want to try NamicSoft on MacOS, please make sure that you have .NET 6 installed on the system. Please see https://github.com/dotnet/core/blob/main/release-notes/6.0/supported-os.md for an updated list of supported operating systems.

Update instructions

  1. IMPORTANT: Make a backup of your currently installed NamicSoft Portal, e.g. by copying the folder to another location. Please make sure to make this backup, since an incorrectly performed update can risk losing all data stored in NamicSoft.
  2. Delete all files and folders in your NamicSoft folder, except:
    Licenses/
    Uploads/
    wwwroot/
    log.log
    NamicSoftDb.db (IMPORTANT, this file contain your NamicSoft database)
  3. Download a new version of NamicSoft Portal from https://www.namicsoft.com
  4. Unzip the content to your NamicSoft Portal folder
  5. Start NamicSoft Portal

Listening port and address

When you start NamicSoft, the application will by default listen to https://localhost:5001. To change this port, change the configuration in appsettings.json. The default value:


“ListeningOptions”: {
“IpAddress”: “localhost”,
“Port”: 5001
},

Security recommendation: We do recommend only to open up NamicSoft’s listening port for internal network traffic. NamicSoft is not yet fully battle tested to be open directly for Internet traffic.

Https certificate

NamicSoft Portal will at startup generate a self-signed certificate. Since this certificate is self-signed, it is not trusted by your web browsers by default and you will therefore get a warning when trying to access NamicSoft.

We do recommend you to either add this self-signed certificate to your trusted certificates, or to install your own certificate.

Install a new certificate

The certificate used by NamicSoft is configured in appsettings.json by the following settings:


“ServerCertificatePath”: “Uploads\serverCertificate.pfx”,
“ServerCertificatePasswordPath”: “Uploads\serverCertificatePassword.txt”,

The “ServerCertificatePath” contains the path, relative to NamicSofts folder, to the certificate. The certificate is in PFX format and protected by a password.

The “ServerCertificatePasswordPath” contains the path to a textfile where the certificates PFX password i stored.

We do recommend you to keep these paths, but you can replace the files (PFX certificate, and password file) with your own.

Trust the self-signed certificate

The process of how to add the self-signed certificate to the list of trusted certificates differs defending on operating systems and web browsers. Below is a few examples of how to add the certificate to the trusted list:

Firefox

Firefox has an internal list of trusted certificates which is separate from the operating system. When accessing NamicSoft Portal through Firefox you will get a security warning where you simply can click “Accept the risk and proceed”. Firefox will now mark the certificate as a security exception, and the security warning will be hidden.

Windows and browsers using Windows trust store

  1. Download the certificate
    • Open the certificate from the URL bar
    • Click the Information tab
    • Choose save to file (DER encoded binary file)
  2. Launch MMC (mmc.exe)
  3. Choose File > Add/Remove Snap-ins
  4. Choose Certificates, then choose Add
  5. Choose My user account
  6. Navigate to Certificates-Current User –> Trusted Root Certification Authorities
  7. Right click on Trusted Root Certification Authorities (in the left pane) and choose All activities -> Import
  8. Follow the instructions
  9. Restart NamicSoft Portal

Users and roles

You are required to create a user when you first start NamicSoft. Click Register and enter the information to create your first user. The first user will automatically be assigned the user administrator role.

By default, after the first user has been created, user registration is locked any only available to users with the user administrator role. To open registration so that users can register themselves, change the setting in Admin à User Management à . Please note that this setting does not take affect if no users are registered.

Security recommendation 1: Keep the default setting so that only users with role user administrator can register new users.

Security recommendation 2: Only register trusted users to NamicSoft. All added users will have access to all information stored within NamicSoft.

Roles

User administrator: Can add, edit, and delete users and user data. E.g., register, unregister licenses and reset passwords.

Data structure

The following entity types are used in NamicSoft:

Project

Overall entity to contain all data and scans for a project. A project typically has multiple assessments connected

Assessment

An assessment is an entity used to describe an assessment, which can contain multiple scans.

Scan

One scan result from a specific tool. Each scan will typically have result consisting of multiple hosts and vulnerabilities.

Host

A host identified during a scan. A host typically has multiple vulnerabilities.

Vulnerability

Vulnerabilities identified during a scan. Each vulnerability does belong to a Host.

Input, export, and reporting

Importing data

To import data, you first need to create a project and a belonging assessment. The click Import and choose from which tool your results should be imported.

Export

You can either export data or create a report. Data exports are very straightforward where your results will be written as is to the target file (depending on which tool you have chosen).

Reporting

NamicSoft Word templates are used to create Word reports. You can use one of the builtin templates or design your own template. If can use our template design service if you need help designing a template. The NamicSoft Word templates are highly customizable and will allow you to create your own specific designs.

The create report is more powerful than data exports, but data exports are faster and allow you to export data which can be used in other tools for analysis e.g., in Excel.

NamicSoft field names

When you are running NamicSoft Portal, you can find an up-to-date list of field names used in NamicSoft at https://localhost:5001/swagger/index.html (assuming you are using the default settings). The field names available for report creation are listed under Schemas -> ReportQueryDataBaseClass.

Convert template from NamicSoft Scan Report Assistant

Go through each content control and perform the following steps

Step 1. Rename the content control if necessary, see the table below.

NamicSoft Scan Report AssistantNamicSoft Portal
SelectValueNo change
RepeatNo change
Host_tableRemoved, no longer supported. We recommend using column-based-table instead
Raw_table_columns or raw_tablecolumn-based-table
raw_table_rows or raw_table_2Removed, no longer supported. We recommend using multicell-based-table instead.
raw_table_rows_v2multicell-based-table
vulnerability_tableRemoved, no longer supported. We recommend using column-based-table instead
conditionalRemoved, no longer supported.
pie_chartPie-chart (please note, dash instead of underscore). Pie charts will now output the correct colors.
bar_chartBar-chart (please note, dash instead of underscore). Please note that due to a bug all bars will get the same colors as the first bar. You will have to change these colors manually after report generation.
templateinfoNo longer supported

Step 2. Update table name in SQL queries from “queryTable” to “%TABLENAME”

Step 3. Update SQL field names if necessary. Please see NamicSoft field names for all current field names

Step 4. Adjust Severity Numbers. In NamicSoft Portal, the severity number order is reversed from NamicSoft Scan Report Assistant

SeveritySeverity number in NamicSoft Scan Report AssistantSeverity number in NamicSoft Portal
Informational40
Low31
Medium22
High13
Critical04

License

In NamicSoft Portal licenses are per user while the NamicSoft Scan Report Assistant (predecessor to NamicSoft Portal) is licensed per computer.

A user can register their own license, or a user administrator can register licenses for other users. Please note that licenses can be moved between users, but the licenses will be quarantined for 7 days, meaning that it is not possible to re-register the license during 7 days after it has been unregistered from another user.

Users without a valid license will still have access to NamicSoft, but they are limited to handled five items (e.g., host, vulnerability, depending on where they are in the GUI).