NamicSoft Portal Manual
NamicSoft Portal Manual
This is the manual for NamicSoft Portal. Please note that this manual is not valid for NamicSoft Scan Report Assistant. In this manual “NamicSoft” and “NamicSoft Portal” is synonymous.
Please note that NamicSoft Portal is currently in beta. It is not yet recommended for use in production environments.
NamicSoft Portal is written in ASP.NET Core and currently running on .NET 6. Data is stored in an SQLite database which is shipped with NamicSoft, so no database installation is required. The built-in ASP.NET Core webserver Kestrel is used as a webserver.
NamicSoft Portal can run on all platforms where .NET 6 is available, including Windows, Linux and MacOS. Please see Microsoft’s documentation for all supported operating systems https://github.com/dotnet/core/blob/main/release-notes/6.0/supported-os.md
To run NamicSoft your system needs to have the two folloing .NET runtimes:
.NET Desktop Runtime 6.X.Y
ASP.NET Core Runtime 6.X.Y
You can download these runtimes at this link https://dotnet.microsoft.com/en-us/download/dotnet/6.0.
Running NamicSoft Portal the first time
Running on Windows
To start NamicSoft Portal on Windows you do have two options:
- Double click the executable, NamicSoftPortalGUI.exe
- Start NamicSoft Portal through PowerShell:
- Start PowerShell and navigate to the NamicSoft folder
- PS> dotnet .\NamicSoftPortalGUI.dll
NamicSoft Portal will now run and give you information on which URL it is listening to (default https://localhost:5001)
Running on Linux (Ubuntu)
First make sure that .NET is installed. See Microsofts documentation of how to install .NET if it is not already installed.
Open and terminal and navigate to your NamicSoftPortal folder
Start NamicSoft Portal:
$ dotnet NamicSoftPortalGUI.dll
NamicSoft will now start and listen to the configured portal, see chapter “Listening port and address” for more information.
Running MacOS is not yet tested. If you want to try NamicSoft on MacOS, please make sure that you have .NET 6 installed on the system. Please see https://github.com/dotnet/core/blob/main/release-notes/6.0/supported-os.md for an updated list of supported operating systems.
- IMPORTANT: Make a backup of your currently installed NamicSoft Portal, e.g. by copying the folder to another location. Please make sure to make this backup, since an incorrectly performed update can risk losing all data stored in NamicSoft.
- Delete all files and folders in your NamicSoft folder, except:
NamicSoftDb.db (IMPORTANT, this file contain your NamicSoft database)
- Download a new version of NamicSoft Portal from https://www.namicsoft.com
- Unzip the content to your NamicSoft Portal folder
- Start NamicSoft Portal
Listening port and address
When you start NamicSoft, the application will by default listen to https://localhost:5001. To change this port, change the configuration in appsettings.json. The default value:
Security recommendation: We do recommend only to open up NamicSoft’s listening port for internal network traffic. NamicSoft is not yet fully battle tested to be open directly for Internet traffic.
NamicSoft Portal will at startup generate a self-signed certificate. Since this certificate is self-signed, it is not trusted by your web browsers by default and you will therefore get a warning when trying to access NamicSoft.
We do recommend you to either add this self-signed certificate to your trusted certificates, or to install your own certificate.
Install a new certificate
The certificate used by NamicSoft is configured in appsettings.json by the following settings:
The “ServerCertificatePath” contains the path, relative to NamicSofts folder, to the certificate. The certificate is in PFX format and protected by a password.
The “ServerCertificatePasswordPath” contains the path to a textfile where the certificates PFX password i stored.
We do recommend you to keep these paths, but you can replace the files (PFX certificate, and password file) with your own.
Trust the self-signed certificate
The process of how to add the self-signed certificate to the list of trusted certificates differs defending on operating systems and web browsers. Below is a few examples of how to add the certificate to the trusted list:
Firefox has an internal list of trusted certificates which is separate from the operating system. When accessing NamicSoft Portal through Firefox you will get a security warning where you simply can click “Accept the risk and proceed”. Firefox will now mark the certificate as a security exception, and the security warning will be hidden.
Windows and browsers using Windows trust store
- Download the certificate
- Open the certificate from the URL bar
- Click the Information tab
- Choose save to file (DER encoded binary file)
- Launch MMC (mmc.exe)
- Choose File > Add/Remove Snap-ins
- Choose Certificates, then choose Add
- Choose My user account
- Navigate to Certificates-Current User –> Trusted Root Certification Authorities
- Right click on Trusted Root Certification Authorities (in the left pane) and choose All activities -> Import
- Follow the instructions
- Restart NamicSoft Portal
Users and roles
You are required to create a user when you first start NamicSoft. Click Register and enter the information to create your first user. The first user will automatically be assigned the user administrator role.
By default, after the first user has been created, user registration is locked any only available to users with the user administrator role. To open registration so that users can register themselves, change the setting in Admin à User Management à . Please note that this setting does not take affect if no users are registered.
Security recommendation 1: Keep the default setting so that only users with role user administrator can register new users.
Security recommendation 2: Only register trusted users to NamicSoft. All added users will have access to all information stored within NamicSoft.
User administrator: Can add, edit, and delete users and user data. E.g., register, unregister licenses and reset passwords.
The following entity types are used in NamicSoft:
Overall entity to contain all data and scans for a project. A project typically has multiple assessments connected
An assessment is an entity used to describe an assessment, which can contain multiple scans.
One scan result from a specific tool. Each scan will typically have result consisting of multiple hosts and vulnerabilities.
A host identified during a scan. A host typically has multiple vulnerabilities.
Vulnerabilities identified during a scan. Each vulnerability does belong to a Host.
Input, export, and reporting
To import data, you first need to create a project and a belonging assessment. The click Import and choose from which tool your results should be imported.
You can either export data or create a report. Data exports are very straightforward where your results will be written as is to the target file (depending on which tool you have chosen).
NamicSoft Word templates are used to create Word reports. You can use one of the builtin templates or design your own template. If can use our template design service if you need help designing a template. The NamicSoft Word templates are highly customizable and will allow you to create your own specific designs.
The create report is more powerful than data exports, but data exports are faster and allow you to export data which can be used in other tools for analysis e.g., in Excel.
NamicSoft field names
When you are running NamicSoft Portal, you can find an up-to-date list of field names used in NamicSoft at https://localhost:5001/swagger/index.html (assuming you are using the default settings). The field names available for report creation are listed under Schemas -> ReportQueryDataBaseClass.
Convert template from NamicSoft Scan Report Assistant
Go through each content control and perform the following steps
Step 1. Rename the content control if necessary, see the table below.
|NamicSoft Scan Report Assistant||NamicSoft Portal|
|Host_table||Removed, no longer supported. We recommend using column-based-table instead|
|Raw_table_columns or raw_table||column-based-table|
|raw_table_rows or raw_table_2||Removed, no longer supported. We recommend using multicell-based-table instead.|
|vulnerability_table||Removed, no longer supported. We recommend using column-based-table instead|
|conditional||Removed, no longer supported.|
|pie_chart||Pie-chart (please note, dash instead of underscore). Pie charts will now output the correct colors.|
|bar_chart||Bar-chart (please note, dash instead of underscore). Please note that due to a bug all bars will get the same colors as the first bar. You will have to change these colors manually after report generation.|
|templateinfo||No longer supported|
Step 2. Update table name in SQL queries from “queryTable” to “%TABLENAME”
Step 3. Update SQL field names if necessary. Please see NamicSoft field names for all current field names
Step 4. Adjust Severity Numbers. In NamicSoft Portal, the severity number order is reversed from NamicSoft Scan Report Assistant
|Severity||Severity number in NamicSoft Scan Report Assistant||Severity number in NamicSoft Portal|
In NamicSoft Portal licenses are per user while the NamicSoft Scan Report Assistant (predecessor to NamicSoft Portal) is licensed per computer.
A user can register their own license, or a user administrator can register licenses for other users. Please note that licenses can be moved between users, but the licenses will be quarantined for 7 days, meaning that it is not possible to re-register the license during 7 days after it has been unregistered from another user.
Users without a valid license will still have access to NamicSoft, but they are limited to handled five items (e.g., host, vulnerability, depending on where they are in the GUI).