👍 Information entered in the tool is not transmitted anywhere out of the browser.
ℹ️ Download button saves the JSON document in the browser to a local file.
⚠️ Ensure local filesystem is secured.
⚠️ Avoid using the tool on a public computer (beware of browser autofill).
$ cd vulnogram $ npm install ... this should install required dependencies, (except process monitors) ...
Important: Ensure mongodb authentication is enabled. It is recommended to run mongodb bound to loopback/localhost and not expose it to network.
See config/conf-default.js comments for hints.
Copy the “default” directory as “custom” and modify relevant pug templates, schemas or routes. Files or fields from “custom” override “default”.
$ node useradd.js tester tester@example.com Tester sirt@example.com 1 Enter Password: ******************************************** Enter Password again: ******************************************** Success New user is now registered and can log in: tester
Copy the example.env
file to .env
and configure the environment variables to values you prefer. The values in .env
will automatically be loaded as environment variables when Vulnogram starts. See dotenv for more details.
$ node app.js
(set NODE_ENV=development
for local testing without HTTPS)
Use a process monitor like pm2 (preferred) or [forever] to run vulnogram as a service:
First install pm2 using instruction at pm2 documentation
$ pm2 start app.js [PM2] Spawning PM2 daemon with pm2_home=/home/vulnogram/.pm2 [PM2] PM2 Successfully daemonized [PM2] Starting /home/vulnogram/app.js in fork_mode (1 instance) [PM2] Done.
$ forever start app.js > Vulnogram@0.0.6 start /home/vulnogram/ > forever start --id 'vulnogram' --spinSleepTime 5000 --minUptime 2000 app.js info: Forever processing file: app.js info: Forever processes running data: uid command script forever pid id logfile uptime data: [0] v3wE /usr/bin/node app.js 11208 11210 vulnogram /home/vulnogram/.forever/v3wE.log 0:0:0:0.23
Web application should be now accessible at one of the following addresses, depending on configuration:
Note: NodeJS 14.0.0 or later is required to generate files (NodeJS is not needed on a web server; it is only needed to execute the node
command locally).
Install required NodeJS modules by following step 1 above.
Edit the config/conf-standalone.js
file to suit your requirements.
See step 4 above
$ make min
This creates standalone /index.html with minimized JavaScript and stylesheets can be hosted independently on websites serving static files. This does not require the backend MongoDB server or the NodeJS server application to be running.
Note: Opening the index.html as a file URL may not work since some browsers (including Chrome) will not run async requests on file:// URLs. It is recommended to serve these files from a webserver. See https://developer.mozilla.org/en-US/docs/Learn/Common_questions/set_up_a_local_testing_server for examples on how to run a simple testing webserver.
To run Vulnogram in a container alongside MongoDB, run the following command:
$ docker compose up
To modify the configuration options available, make a copy of the example.env file and make relevant modifications. Then launch Vulnogram by using the ENV_VAR_PATH
environment variable. Replace example.env
with the path to your file:
$ ENV_VAR_PATH=example.env docker compose up
To change the ports that Vulnogram or MongoDB are running on, use the MONGO_PORT
and VULNOGRAM_PORT
environment variables. When doing this, make sure to make the appropriate modifications within the environment variables file as well, so that the ports used inside the container match those being passed to docker compose:
$ cat my-env-vars.env | grep PORT MONGO_PORT=12345 VULNOGRAM_PORT=54321 $ MONGO_PORT=12345 VULNOGRAM_PORT=54321 ENV_VAR_PATH=my-env-vars.env docker compose up
This project uses or depends on software from:
Copyright (c) 2017-2022 Chandan B N.
SPDX-License-Identifier: MIT