The first step to protect system from malicious attacker is to analyze vulnerabilities of system. Network-based vulnerability assessment scanner is mainly used to analyze vulnerabilities of system. Because Network-based vulnerability assessment scanner can get only limited information of target system, it can't analyze all vulnerabilities in target system. To get all information of target system, vulnerability assessment scanner should be host-based. Although host-based vulnerability assessment scanner can analyze all vulnerabilities of target system, its implementation is remarkably dependent upon type and version of OS. so, host-based vulnerability assessment scanner has been hardly developed. In addition, it can't manage vulnerabilities of many systems. In paper, I implemented ISMAEL system, which can manage many host-based assessment agents. Host-based vulnerability assessment agent was developed to need no modification, even no compilation when it is ported in other OS, for it is developed in Java and OS-dependent module is eliminated from it. OS-dependent module is provided in library(.class file in Java). When manager asks host-based vulnerability assessment agent to analyze vulnerabilities of systems, host-based vulnerability assessment scanner will generate, compile, and execute Java codes, which will reference OS-dependent library, and be able to check if vulnerability exists.