Changelog

b20d2b2 fix(scan): skip wordpress scan for preudo servers (#1142)
2b918c7 fix(scan): config dump nocolor in debug mode. (#1141)
1100c13 feat(config): Default values for WordPress scanning to be set in config.toml (#1140)
88899f0 refactor: around CheckHTTPHealth (#1139)
59dc005 fix(model): omit changelog from json if empty (#1137)
986fb30 fix(scan): add --nogpgcheck to dnf mod list to avoid Error: Cache-only enabled but no cache for *** (#1136)
d6435d2 fix(xml): remove -format-xml #1068 (#1134)
affb456 fix(email.go):Fix runtime error(invalid memory address) (#1133)
705ed0a fix(discover): change config.toml template (#1132)

Changelog

dfffe5b fix(config): err occurs when host not set in local-scan-mode (#1129)
fca102e fix dnf prompt and ssh user (#1126)
554b634 chore: go mod update (#1127)
aa954dc fix(scan): kindness msg when no-cache err on dnf mod list (#1128)

Changelog

b5506a1 chore: go mod update (#1125)

New Features

• feat(scan): support dnf modules (#1114)

  vuls now supports the dnf module, which has been supported since RHEL8.

The schema of goval-dictionary has been changed.
Please upgrade goval-dictionary to 0.3.0 or later and re-fetch to a new database.
(No automatic migration, so use a new database.)
If vuls and goval-dictionary are old, false positives will occur on RHEL8.

• feat(report): display EOL information to scan summary (#1120)

  The expired date of standard support and extended support is now displayed.
  If the standard support expires within 3 months, a warning will be displayed.
  The expired date is defined here
  If you find any mistakes or additional information, please let me know.

• Improve implementation around config (#1122)

  Some flags of subcommands have been removed and the structure of config.toml has been changed.
  See pull request for details

Changelog

0b55f94 Improve implementation around config (#1122)
a67052f fix(scan): err detecting EOL for alpine Linux (#1124)
6eff6a9 feat(report): display EOL information to scan summary (#1120)
69d32d4 feat(report): add a err code to wpscan.com API error (#1119)
d7a613b chore: go mod update (#1118)
669c019 fix(cvecontent) Fixed not to split empty string (#1117)
fcc4901 fix(scan): Failed to parse CentOS Stream (#1098)
4359503 fix(redhat): possibility of false positives on RHEL (#1115)
b13f93a feat(scan): support dnf modules (#1114)
8405e0f refactor(gost): Duplicate code into function (#1110)
aceb3f1 fix(scan): add an error case for rpm -qa (#1109)
a206675 fix(wordpress): remove cache because not permitted. (#1107)
f4253d7 fix(wordpress): wpscan.com unmarshal error (#1106)
aaea15e refactor(report): remove Integration.apply (#1105)

Changelog

83d1f80 chore(report): remove stride and hipchat support (#1104)
a33cff8 fix(reprot): use SQLite3 in current dir if not specified (#1103)
8679759 chore: fix typo (#1102)
53deaee refactor(config): remove DependencyCheckXMLPath in config.toml (#1100)
5a14a58 refactor(nvdxml): Remove codes related to NVD xml(deprecated) (#1099)

New Feature

Vuls v0.14.0 displays additional information in the NVD data feed such as exploits, mitigations, primary source URLs, and patch URLs is now displayed in the report.

This P/R change the structure of the model.

Add ScanResult>VulnInfos>CveContents>References>Tags
https://github.com/future-architect/vuls/pull/1097/files#diff-e5bdb7104bbea1fa7f04ecaf8fc7a56f09715b3b9993112dea6b878c24def200R329

Add Mitigations struct
https://github.com/future-architect/vuls/pull/1097/files#diff-25e484c3ec31cd05d7ce8ab0ab61b6eea8b82ecd47f9cf62e7448e56fb8d6e4dR784

Add ScanResult>VulnInfos>Mitigations
https://github.com/future-architect/vuls/pull/1097/files#diff-25e484c3ec31cd05d7ce8ab0ab61b6eea8b82ecd47f9cf62e7448e56fb8d6e4dR154

Remove ScanResult>VulnInfos>CveContents>Mitigation
https://github.com/future-architect/vuls/pull/1097/files#diff-e5bdb7104bbea1fa7f04ecaf8fc7a56f09715b3b9993112dea6b878c24def200L187

Changelog

fb1fbf8 feat(report): Add NVD as a source for mitigations, primarySrc URL and Patch URL (#1097)
cfbf779 feat(exploit): add exploit link in NVD as a source (#1096)
d576b6c refactor(report): around FillCveInfo (#1095)
514eb71 fix(server): make config loading same as scan (#1091)
43ed904 fix(deps): update dependencies (#1094)

Changelog

0a440ca fix(saas): add saas subcmd (#1093)

Changelog

eff1dbf feat(scanner): vuls-scanner binary on release archive (#1092)
9a32a94 refactor: fix build warnings (#1090)
2534098 fix(report): wpvulndb poor versioning(#1088) (#1089)

Changelog

9497365 update pkg (#1087)
101c44c Change .goreleaser to build binaries for arm, 386, amd64 at release. (#1082)
ffd745c fix a compile error #1083 (#1084)
5fea4ea feat(nocgo): enable to build with CGO_ENABLED=0 (#1080)

Changelog

1f61004 feat(scan): IgnoredJSONKyes to clear values in result json #1071 (#1078)
3f8de02 fix(portscan): to keep backward compatibility before v0.13.0 (#1076)

Changelog

d02535d fix(debian): false negative of kernel cves with rdb backend (#1075)
75fceff refactor(report): format-csv (#1072)
ebd3834 add(report) -format-csv option (#1034)

Changelog

93059b7 feat(report): IgnoredJSONKyes to clear values in result json (#1071)

Changelog

2fc3462 fix(libscan): Fix false detection of a vulnerability in the library (#1070)

Changelog

f78dab5 fix(fast-root): affectedProcs, ports bug (#1067)

Changelog

edb324c fix(portscan): ignore loopback address on remote scan (#1062)

New features

experimental: add smart(fast, minimum ports, silently) TCP port scanner #1060

Now Vuls can do port scanning to make related vulnerabilities more noticeable.
The current implementation is native go (net.DialTimeout) without using Nmap etc. (We are considering more practical scans in the future)
Since the vuls know the vulnerable process and listening ports, it requires only the minimum required port scan, so Vuls can scan very lightly without a network noise.

Changelog

83bcca6 experimental: add smart(fast, minimum ports, silently) TCP port scanner (#1060)
a124518 fix: hard-coded version #1057 (#1059)
94bf630 Expand negative grep match for any error for lib scans. (#1056)
31bb33f ignore apk warning (#1052)
4b680b9 fix(scan-freebsd): also get installed with pkg info #1042 (#1051)

Changelog

8a8ab8c feat(libscan): enable to scan vulns of libs with pseudo #1035 (#1050)
8146f5f update readme (#1049)

Changelog

425c585 Support for smtp LOGIN authentication (#1048)

Changelog

4f1578b [WIP]fix(scan): collect a running version of kernel-devel (#1044)

New features

New Raspberry Pi OS(Raspbian) Scanning Method

​
Raspberry Pi previously supported only scan using changelog, but this release uses Debian's OVAL DB and Debian Security Tracker for common parts with Debian. The changelog is still used for the part that is deeply related to Raspberry Pi.
Refer to the table below for each scan mode.
​

For more Details, see the Document: fast scan, fast-root scan

example detect CVEs

Detection using Debian OVAL DB

​

Detection using Debian Security Tracker

​

Requirements

Raspbian OVAL scan requires goval-dictionary update(need ver>=0.2.9).

Changelog

7969b34 Raspberry Pi OS(Raspbian) scanning using OVAL DB (#1019)
58cf1f4 refactor(typo): fix typos (#1041)
a5b87af delete unnecessary images (#1036)