Adding Readmes and the setting up wireguard folders

README.md

@@ -1,3 +1,14 @@
 # NVSRCO
 
-Lightweight Vulnerability Scanner for Resourced-constrained Organizations 
+**NVSRCO** stands for **Network Vulnerability Scanner for Resource-Constrained Organizations**. This project aims to provide an affordable network security assessment tool tailored for environments with limited technical or financial resources.
+
+## Overview
+
+NVSRCO automates the discovery of network devices, scanning of ports, and identification of vulnerabilities using OpenVAS. Results are compiled into CSVs and visualized through an interactive web dashboard.
+
+## Features
+- OpenVAS integration for deep vulnerability assessments
+- Periodic scan scheduling with Python
+- Interactive Dash web UI for non-technical users
+- Docker-based OpenVAS setup for ease of deployment
+- Automated host discovery and port scanning

Scanner/README.md

@@ -0,0 +1,125 @@
+# Network Vulnerability Scanner Automation
+
+This project provides a automated system for discovering network hosts, scanning for open ports, assessing vulnerabilities using OpenVAS (GVM), and displaying results in a web dashboard. It supports manual, Docker-based, and virtual machine deployment.
+
+---
+
+## Project Structure
+
+```
+project/
+├── Host_Discovery/
+│   ├── networkdiscovery.py
+│   ├── portscanner.py
+├── Vulnerability_Scanner/
+│   ├── createTargets.py
+│   ├── taskmaker.py
+│   ├── starttask.py
+│   ├── getreports.py
+│   ├── generate_reports.py
+├── WebApp/
+│   ├── webapp.py
+├── data/                # Stores active_hosts.csv, scan results, reports
+├── scheduler.py         # Python task scheduler
+├── docker-compose.yml   # For OpenVAS container
+├── install_docker.sh    # Setup script for Docker on Ubuntu
+├── setup_manual.sh      # Installs system and Python dependencies
+```
+
+---
+
+## Setup (Manual, Ubuntu Linux)
+
+### 1. Run the Setup Script
+
+```bash
+chmod +x setup_manual.sh
+sudo ./setup_manual.sh
+```
+
+### 2. Activate the Virtual Environment
+
+```bash
+source venv/bin/activate
+```
+
+---
+
+## Setup (Docker)
+
+### 1. Install Docker
+
+```bash
+chmod +x install_docker.sh
+./install_docker.sh
+```
+
+### 2. Start OpenVAS Container
+
+```bash
+cd openvas-docker
+sudo docker compose up -d
+```
+
+### 3. Check Logs
+
+```bash
+docker compose logs -f openvas
+```
+
+You should see `GVMD is running` and `Healthchecks completed with no issues`.
+
+---
+
+## Automation (Python Scheduler)
+
+### Run the Scheduler
+
+```bash
+sudo ./venv/bin/python scheduler.py
+```
+
+This does the following:
+
+- Every hour:
+  - Runs `networkdiscovery.py`
+  - Then `portscanner.py` if hosts were found
+- Every 11 hours:
+  - Runs OpenVAS scan scripts (`createTargets.py` to `generate_reports.py`)
+
+---
+
+## Web Dashboard
+
+After scans, run:
+
+```bash
+cd WebApp
+./venv/bin/python webapp.py
+```
+
+Then go to:
+
+```
+http://localhost:8050
+```
+
+Tabs include:
+
+- Overview (timeline, port stats, IP tracking)
+- Vulnerability Analysis (interactive treemap)
+- Port Heatmap (binary heatmap)
+
+---
+
+## Requirements
+
+- Ubuntu 22.04+ or 24.04
+- Python 3.8+
+- Docker Engine & Compose
+
+---
+
+## Author
+
+Jose Emmanuel Rodriguez Rios

VPN/Wireguard client Docker/Dockerfile

@@ -0,0 +1,10 @@
+FROM ubuntu:20.04
+
+RUN apt-get update && \
+    apt-get install -y wireguard iproute2 iptables && \
+    apt-get clean
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

VPN/Wireguard client Docker/README.md

@@ -0,0 +1,52 @@
+# WireGuard VPN Client in Docker
+
+This is a side module for a broader project focused on network vulnerability scanning. It enables remote scanning by establishing a **reverse VPN tunnel** between the remote client and the central scanner.
+
+The containerized WireGuard client connects securely to the main scanner’s server, making the remote network accessible for scanning — as if the scanner were directly connected to it.
+
+---
+
+## Features
+
+- Automatically generates a WireGuard key pair (if not present)
+- Accepts configuration via Docker environment variables
+- Enables NAT and IP forwarding for reverse tunneling
+- Runs with `network_mode: host` to provide full LAN visibility
+- Lightweight and easy to deploy on Linux systems
+
+---
+
+##  Setup Instructions
+
+### 1. Configure Your `docker-compose.yml`
+
+Edit the environment section and replace placeholders with actual values:
+
+```yaml
+WG_ADDRESS: "10.0.0.2/24"
+WG_SERVER_PUBLIC_KEY: "YOUR_REAL_PUBLIC_KEY_HERE"
+WG_SERVER_ENDPOINT: "YOUR.SERVER.IP.HERE:51820"
+WG_ALLOWED_IPS: "0.0.0.0/0"
+WG_KEEPALIVE: "25"
+WG_IFACE: "enp0s3"  # Replace with your actual network interface
+```
+
+### 3. Build and Start the Container
+
+```bash
+sudo docker-compose build
+sudo docker-compose up -d
+```
+
+### 4. Check Logs
+
+```bash
+sudo docker logs wireguard-client
+```
+You should see:
+
+    The public key of the client
+
+    Confirmation of the wg0 interface being created
+
+    No config syntax errors

VPN/Wireguard client Docker/docker-compose.yml

@@ -0,0 +1,23 @@
+version: '3.8'
+
+services:
+  wireguard-client:
+    build: .
+    container_name: wireguard-client
+    privileged: true
+    cap_add:
+      - NET_ADMIN
+    environment:
+      WG_ADDRESS: "10.0.0.2/24"
+      WG_SERVER_PUBLIC_KEY: "YOUR_REAL_PUBLIC_KEY_HERE"
+      WG_SERVER_ENDPOINT: "YOUR.SERVER.IP.HERE:51820"
+      WG_ALLOWED_IPS: "0.0.0.0/0"
+      WG_KEEPALIVE: "25"
+      WG_IFACE: "enp0s3"
+    volumes:
+      - wg-keys:/etc/wireguard/keys
+    network_mode: host
+    restart: unless-stopped
+
+volumes:
+  wg-keys:

VPN/Wireguard client Docker/entrypoint.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+set -e
+
+echo "[*] Starting VPN Agent..."
+
+WG_CONF="/etc/wireguard/wg0.conf"
+WG_KEY_DIR="/etc/wireguard/keys"
+mkdir -p $WG_KEY_DIR
+
+# Generate keypair if not exist
+if [ ! -f "$WG_KEY_DIR/privatekey" ]; then
+    echo "[*] Generating WireGuard keypair..."
+    umask 077
+    wg genkey | tee "$WG_KEY_DIR/privatekey" | wg pubkey > "$WG_KEY_DIR/publickey"
+fi
+
+PRIVATE_KEY=$(cat "$WG_KEY_DIR/privatekey")
+
+cat > $WG_CONF <<EOF
+[Interface]
+PrivateKey = ${PRIVATE_KEY}
+Address = ${WG_ADDRESS}
+PostUp = iptables -t nat -A POSTROUTING -o ${WG_IFACE} -j MASQUERADE
+PostDown = iptables -t nat -D POSTROUTING -o ${WG_IFACE} -j MASQUERADE
+
+[Peer]
+PublicKey = ${WG_SERVER_PUBLIC_KEY}
+Endpoint = ${WG_SERVER_ENDPOINT}
+AllowedIPs = ${WG_ALLOWED_IPS}
+PersistentKeepalive = ${WG_KEEPALIVE}
+EOF
+
+echo "[✓] Public Key for registration:"
+cat "$WG_KEY_DIR/publickey"
+
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+wg-quick up wg0
+
+tail -f /dev/null

VPN/Wireguard setup bash scripts/README-wireguard-final.md

@@ -0,0 +1,68 @@
+# WireGuard VPN Setup Scripts
+
+These scripts automate the installation and configuration of a WireGuard-based VPN setup for a network vulnerability scanner project. They include:
+
+- A **client setup script** to establish a reverse tunnel from a remote site
+- A **server setup script** for the central scanner to receive connections
+
+---
+
+## 📡 VPN Client Setup (`setup-wireguard-client.sh`)
+
+This script installs WireGuard on a remote machine, generates keys, and sets up a reverse tunnel to the scanner server using the WireGuard protocol.
+
+### 🔧 Configuration
+
+Before running, edit the following values inside the script:
+
+- `WG_ADDRESS`: IP address of the client in the VPN (e.g., `10.0.0.2/24`)
+- `WG_SERVER_PUBLIC_KEY`: Public key of the server
+- `WG_SERVER_ENDPOINT`: IP and port of the server (e.g., `192.0.2.1:51820`)
+- `WG_ALLOWED_IPS`: Use `0.0.0.0/0` to tunnel all traffic through the VPN
+- `WG_IFACE`: Network interface used for NAT (e.g., `enp0s3`)
+
+### ▶️ Usage
+
+```bash
+chmod +x setup-wireguard-client.sh
+sudo ./setup-wireguard-client.sh
+```
+
+---
+
+## 🛡 VPN Server Setup (`setup-wireguard-server-no-postup.sh`)
+
+This script installs WireGuard on the central scanning server, generates a keypair, and configures it to accept connections from clients.
+
+### 🔧 Configuration
+
+Before running, edit the script:
+
+- `WG_ADDRESS`: Server IP in the VPN (e.g., `10.0.0.1/32`)
+- `WG_LISTEN_PORT`: Port to listen on (e.g., `123`)
+- `WG_PEER_PUBLIC_KEY`: Public key of the client
+- `WG_ALLOWED_IPS`: Must include the client's tunnel IP (e.g., `10.0.0.2/32`) and any **internal subnets** the server needs to access through the client (e.g., `192.168.0.0/24`)
+
+### ▶️ Usage
+
+```bash
+chmod +x setup-wireguard-server-no-postup.sh
+sudo ./setup-wireguard-server-no-postup.sh
+```
+
+---
+
+## Notes
+
+- Ensure the client's real internal subnets are listed in `AllowedIPs` on the server.
+- You can connect multiple clients by repeating the `[Peer]` block in the server’s config.
+- Keys are stored under `/etc/wireguard/`. Do not expose them publicly.
+- You need to exchange public keys from scanner to client and vice versa to put in the conf file
+
+### 🛠 Useful Commands
+
+```bash
+wg show                   # Show the status of WireGuard connection
+sudo wg-quick down wg0    # Bring down the VPN
+sudo wg-quick up wg0      # Bring up the VPN
+```

VPN/Wireguard setup bash scripts/README-wireguard.md

@@ -0,0 +1,68 @@
+# WireGuard VPN Setup Scripts
+
+These scripts automate the installation and configuration of a WireGuard-based VPN setup for a network vulnerability scanner project. They include:
+
+- A **client setup script** to establish a reverse tunnel from a remote site
+- A **server setup script** for the central scanner to receive connections
+
+---
+
+##  VPN Client Setup (`setup-wireguard-client.sh`)
+
+This script installs WireGuard on a remote machine, generates keys, and sets up a reverse tunnel to the scanner server using the WireGuard protocol.
+
+###  Configuration
+
+Before running, edit the following values inside the script:
+
+- `WG_ADDRESS`: IP address of the client in the VPN (e.g., `10.0.0.2/24`)
+- `WG_SERVER_PUBLIC_KEY`: Public key of the server
+- `WG_SERVER_ENDPOINT`: IP and port of the server (e.g., `192.0.2.1:51820`)
+- `WG_ALLOWED_IPS`: Use `0.0.0.0/0` to tunnel all traffic through the VPN
+- `WG_IFACE`: Network interface used for NAT (e.g., `enp0s3`)
+
+###  Usage
+
+```bash
+chmod +x setup-wireguard-client.sh
+sudo ./setup-wireguard-client.sh
+```
+
+---
+
+##  VPN Server Setup (`setup-wireguard-server-no-postup.sh`)
+
+This script installs WireGuard on the central scanning server, generates a keypair, and configures it to accept connections from clients.
+
+###  Configuration
+
+Before running, edit the script:
+
+- `WG_ADDRESS`: Server IP in the VPN (e.g., `10.0.0.1/32`)
+- `WG_LISTEN_PORT`: Port to listen on (e.g., `123`)
+- `WG_PEER_PUBLIC_KEY`: Public key of the client
+- `WG_ALLOWED_IPS`: Must include the client's tunnel IP (e.g., `10.0.0.2/32`) and any **internal subnets** the server needs to access through the client (e.g., `192.168.0.0/24`)
+
+###  Usage
+
+```bash
+chmod +x setup-wireguard-server-no-postup.sh
+sudo ./setup-wireguard-server-no-postup.sh
+```
+
+---
+
+## Notes
+
+- Ensure the client's real internal subnets are listed in `AllowedIPs` on the server.
+- You can connect multiple clients by repeating the `[Peer]` block in the server’s config.
+- Keys are stored under `/etc/wireguard/`. Do not expose them publicly.
+- You need to exchange public keys from scanner to client and vice versa to put in the conf file which in both it in /etc/wireguard/${WG_INTERFACE}.conf depending on what you put as the wg_interface.
+
+###  Useful Commands
+
+```bash
+sudo wg show                   # Show the status of WireGuard connection
+sudo wg-quick down wg0    # Bring down the VPN
+sudo wg-quick up wg0      # Bring up the VPN
+```

VPN/Wireguard setup bash scripts/setup-wireguard-client.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -e
+
+# === CONFIGURATION ===
+WG_INTERFACE="wg0"
+WG_ADDRESS="10.0.0.2/24"
+WG_PRIVATE_KEY_PATH="/etc/wireguard/privatekey"
+WG_PUBLIC_KEY_PATH="/etc/wireguard/publickey"
+WG_CONF_PATH="/etc/wireguard/${WG_INTERFACE}.conf"
+WG_SERVER_PUBLIC_KEY="YOUR_REAL_PUBLIC_KEY_HERE"
+WG_SERVER_ENDPOINT="YOUR.SERVER.IP.HERE:51820"
+WG_ALLOWED_IPS="0.0.0.0/0"
+WG_KEEPALIVE=25
+WG_IFACE="enp0s3"  # Replace with your outbound interface name
+
+# === INSTALL WIREGUARD ===
+echo " Installing WireGuard..."
+sudo apt-get update
+sudo apt-get install -y wireguard
+
+# === GENERATE KEYS ===
+echo " Generating WireGuard keys..."
+sudo mkdir -p /etc/wireguard
+sudo chmod 700 /etc/wireguard
+
+if [ ! -f "$WG_PRIVATE_KEY_PATH" ]; then
+  umask 077
+  wg genkey | sudo tee "$WG_PRIVATE_KEY_PATH" | wg pubkey | sudo tee "$WG_PUBLIC_KEY_PATH"
+else
+  echo "] Private key already exists. Skipping key generation."
+fi
+
+PRIVATE_KEY=$(sudo cat "$WG_PRIVATE_KEY_PATH")
+
+# === WRITE CONFIG FILE ===
+echo " Writing WireGuard config to $WG_CONF_PATH..."
+sudo tee "$WG_CONF_PATH" > /dev/null <<EOF
+[Interface]
+PrivateKey = ${PRIVATE_KEY}
+Address = ${WG_ADDRESS}
+PostUp = iptables -t nat -A POSTROUTING -o ${WG_IFACE} -j MASQUERADE
+PostDown = iptables -t nat -D POSTROUTING -o ${WG_IFACE} -j MASQUERADE
+
+[Peer]
+PublicKey = ${WG_SERVER_PUBLIC_KEY}
+Endpoint = ${WG_SERVER_ENDPOINT}
+AllowedIPs = ${WG_ALLOWED_IPS}
+PersistentKeepalive = ${WG_KEEPALIVE}
+EOF
+
+sudo chmod 600 "$WG_CONF_PATH"
+
+# === ENABLE IP FORWARDING ===
+echo " Enabling IP forwarding..."
+sudo sysctl -w net.ipv4.ip_forward=1
+echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf > /dev/null
+
+# === START THE TUNNEL ===
+echo " Starting WireGuard interface ${WG_INTERFACE}..."
+sudo wg-quick up "${WG_INTERFACE}"
+
+echo " WireGuard VPN client is up and connected."
+

VPN/Wireguard setup bash scripts/setup-wireguard-server.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+
+set -e
+
+# === CONFIGURATION ===
+WG_INTERFACE="wg0"
+WG_ADDRESS="10.0.0.1/32"
+WG_LISTEN_PORT="123"
+WG_PRIVATE_KEY_PATH="/etc/wireguard/privatekey"
+WG_PUBLIC_KEY_PATH="/etc/wireguard/publickey"
+WG_CONF_PATH="/etc/wireguard/${WG_INTERFACE}.conf"
+WG_PEER_PUBLIC_KEY="YOUR_CLIENT_PUBLIC_KEY_HERE"
+
+# IMPORTANT: Add all IP subnets that exist on the client-side LANs
+WG_ALLOWED_IPS="136.145.187.0/24, 10.0.0.2/32, 192.168.0.0/24"
+WG_KEEPALIVE=25
+
+# === INSTALL WIREGUARD ===
+echo " Installing WireGuard..."
+sudo apt-get update
+sudo apt-get install -y wireguard
+
+# === GENERATE SERVER KEYS ===
+echo "Generating WireGuard server keys..."
+sudo mkdir -p /etc/wireguard
+sudo chmod 700 /etc/wireguard
+
+if [ ! -f "$WG_PRIVATE_KEY_PATH" ]; then
+  umask 077
+  wg genkey | sudo tee "$WG_PRIVATE_KEY_PATH" | wg pubkey | sudo tee "$WG_PUBLIC_KEY_PATH"
+else
+  echo " Private key already exists. Skipping key generation."
+fi
+
+PRIVATE_KEY=$(sudo cat "$WG_PRIVATE_KEY_PATH")
+
+# === WRITE CONFIG ===
+echo " Writing server config to $WG_CONF_PATH..."
+sudo tee "$WG_CONF_PATH" > /dev/null <<EOF
+[Interface]
+PrivateKey = ${PRIVATE_KEY}
+Address = ${WG_ADDRESS}
+ListenPort = ${WG_LISTEN_PORT}
+
+[Peer]
+PublicKey = ${WG_PEER_PUBLIC_KEY}
+AllowedIPs = ${WG_ALLOWED_IPS}
+PersistentKeepalive = ${WG_KEEPALIVE}
+EOF
+
+sudo chmod 600 "$WG_CONF_PATH"
+
+# === ENABLE IP FORWARDING ===
+echo "Enabling IP forwarding..."
+sudo sysctl -w net.ipv4.ip_forward=1
+echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf > /dev/null
+
+# === START WIREGUARD SERVER ===
+echo "Starting WireGuard interface ${WG_INTERFACE}..."
+sudo wg-quick up "${WG_INTERFACE}"
+
+echo "WireGuard server is now running and listening on port ${WG_LISTEN_PORT}."
+echo "IMPORTANT: Make sure AllowedIPs includes all subnets from the client's local networks!"