Login: Support | Partner    
 
Home » Technology » Tool Architecture 

Tool Architecture

Greenbone uses, extends and improves the Open Vulnerability Assessment System (OpenVAS) as a base technology of the Greenbone Security Solutions.

Interfaces to Greenbone Security Solutions

Three interfaces to the Greenbone Security Solutions are available.

  • Web interface (Vulnerability Management Made Easy): The Greenbone Security Assistant is a web client. It works without any active content and therefore works flawless even in environments with restrictive web content filters. It impressively demonstrates how to offer a comfortable user interface and full feature set even without active content.

  • Desktop Interface (Vulnerability Management Control Center): The Greenbone Security Desktop offers the full integration of an application running on your PC. It is available for Windows, Mac OS X and Linux operating systems. Apart from a fast user interface it offers to organize your threat management control center.

  • CLI interface (Vulnerability Management Batch Process Integration): For automating batch processes a command line tool is available for Windows, Mac OS X and various Linux/Unix versions. It is possible to build your own complete remote control system with the CLI tool.

Component Architecture

The internal architecture follows the approach of task-oriented components. In other words, instead of an all-in-one-tool, each task is designed as a service. For example, the OpenVAS Manager is a client of the OpenVAS Scanner service. At the same time the OpenVAS Manager is a service for the Greenbone Security Desktop or the Greenbone Security Assistant.

  • Small, focussed components can be implemented and operated transparently and securely. Each components uses only the system privileges that it needs to operate properly.
  • Each of the service components offers a well-defined communication protocol.

OpenVAS Scanner

The Scanner very efficiently executes the actual Network Vulnerability Tests (NVTs) which are updated daily via the Feed. This core of the scan engine is controlled by the OpenVAS Manager.

OpenVAS Manager

The Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management system. It controls one or more Scanners as well as other Managers when in master-slave mode. Furthermore, the Manager controls the internal central SQL database where all scan results and configurations are stored.

Various client tools can use the Manager via the XML based stateless OpenVAS Management Protocol (OMP). All intelligence such as sorting or filtering is done by the Manager. This way it is ensured that the user gets a consistent view of the results, no matter which client tool is used.

The OpenVAS Manager was designed and implemented by the Greenbone development team, who continue to improve it.

Greenbone Security Assistant (GSA)

The Greenbone Security Assistant is a lean web service designed with security in mind. It implements the full functionality offered by OpenVAS Manager.

The GSA works stateless, which means it works without Cookies, JavaScript or other active content. Authentication happens via HTTP BasicAuth.

Design and implementation of Greenbone Security Assistant comes from the Greenbone development team.

Greenbone Security Desktop (GSD)

The Greenbone Security Desktop (GSD) is standard application running on Windows, Mac OS X and Linux systems. It uses the Nokia Qt framework to integrate into the desktop environment.

The Greenbone Security Desktop was designed and implemented by the Greenbone development team, who continue to improve it.

OpenVAS CLI

This module primarily contains the command line tool "omp". It allows a user to build batch processes to control the OpenVAS Manger. See also OMP remote controlled.

The "omp" command line tool was designed and implemented by the Greenbone development team, who continue to improve it.

OpenVAS Administrator

The most important task of the OpenVAS Administrator is the management of users and the Feed. This service uses a communication protocol that is similar to OMP, called OpenVAS Administration Protocol (OAP). The functionality of OAP is only accessible to users that have the role "Admin".

The OpenVAS Administrator was designed and implemented by the Greenbone development team, who continue to improve it.

OpenVAS Libraries

The modules described above share a common basis that is aggregated in the OpenVAS Libraries.