Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
GPL-3.0 License
Bot releases are visible (Hide)
Published by kotakanbe over 5 years ago
56d7d43 feat(report): GitHub security alerts integration (#775)
89d58d1 bump up version
d6b6969 update README
e7bf6fa feat(README): contiruters shield (#778)
6e51970 fix(discovery): show the template of GitHub Security Alerts integration
to discovery subcommand
56d7d43 feat(report): GitHub security alerts integration (#775)
256c99f Delete tab from output in case of No CVE-IDs (#768)
9c0bc3b modify build time (#766)
9b8a323 fix(report): detect 0 vulns for Amazon, FreeBSD, Raspbian (#765)
Published by kotakanbe almost 6 years ago
3178c1e Merge branch 'master' of https://github.com/future-architect/vuls
321d68e Bump up version
3d8753c Add Telegram support (#762)
967c569 add ScannedIPv4Addrs and ScannedIPv6Addrs (#764)
7c4831d add build time (#763)
4b49e11 add(report) -format-list option to -to-email (#761)
d84a6a8 fix(oracle): vuls report returns different result each time in the case of Oracle Linux (#759)
63b7f4a delete paperr (#758)
ca21602 Remove ThreadTimeStamp from message struct (#756)
7842594 fix(scan): OS detection ssh timeout in first run #699 (#753)
7db0561 fix(report): overdetection for Red Hat/CentOS with redis backend (#748)
a5a800f add alert data to result json (#747)
9147ec1 Beautify alert (#746)
b326058 fix(gost) update pkg to incorporate the latest gost (#745)
7d31328 export exploit func (#744)
6e82981 feat(report): Display CERT information to reports (#741)
9d7b115 add JPCERT and USCERT alert dictionary (#740)
8eae500 fix(report): return both scores of gost and oval (#739)
31bd6c0 feat(scan): get repository name of updatable pkgs for debian/ubuntu (#738)
Published by kotakanbe almost 6 years ago
7585f9d fix(report): fix cvedb-url, add -cvedb-type=http (#734)
76037cd fix new cve contents (#735)
98c5421 fix exploit db (#733)
e63fc7e fix(report): nil pointer in deep scan mode #728 (#732)
6ed9cf3 add scan mode (#731)
Published by kotakanbe almost 6 years ago
9865eab Display exploit codes information for each detected CVE-IDs (#729)
678e72a fix(gost): a bug of parseCwe (#726)
ec41899 check cve_contents init (#725)
b2d913c Bump Go versions and use '.x' to always get latest patch versions (#724)
bc86c24 update pkg (#723)
87a77dd update pkgs (#720)
e8188f3 add ms gost (#718)
50506be [WIP] feat(report): show repository of affected pkgs (#713)
4ded028 config: remove commented-out code from tomlloader (#714)
6da8b3c commands: simplify s[:]
to s (#715)
d5c92cb report: simplify x = x <op> y
to x <op>= y
(#716)
ed5f98d change syslog pkg (#717)
f854b8f fix(report): fix an error while loading cveDict.type in config.toml (#711)
de7a615 remove table.SetHeaderColor codes (#709)
6090a34 fix(cpe): update deps to avoid parsing err of cpeNames (#708)
f566745 fix(config): a DB URL error 'does not validate as url' #705 (#706)
153234b update readme
ac510d2 fix(scan): fix err msg when unable to connect via SSH (#702)
Published by kotakanbe about 6 years ago
https://vuls.io/docs/en/usage-scan-non-os-packages.html
Before v0.5.0, Vuls can detect only by exact match of CPE.
After v0.5.0, Vuls supports NVD JSON Feed
NVD JSON Feed has detailed affected version information.
"cpe" : [ {
"vulnerable" : true,
"cpe22Uri" : "cpe:/a:ibm:security_guardium",
"cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "8.2"
}, {
Using this information, Vuls can detect vulnerabilities of non-OS-packages more cleverly than before, because vuls compares versions of specified CPEs in config.toml and the version in the feed.
related ( #599 )
Support knqyf263/gost (go-security-tracker)
New version Vuls 0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors
using new datasource named gost.
before
One Line Summary
================
c74 Total: 38 (High:12 Medium:18 Low:7 ?:1) 36/36 Fixed 708 installed, 288 updatable
after (with gost)
One Line Summary
================
c74 Total: 459 (High:48 Medium:326 Low:84 ?:1) 36/457 Fixed 708 installed, 288 updatable
before
One Line Summary
================
deb8 Total: 105 (High:22 Medium:39 Low:9 ?:35) 55/103 Fixed 513 installed, 43 updatable
after (with gost)
One Line Summary
================
deb8 Total: 524 (High:56 Medium:148 Low:21 ?:299) 53/522 Fixed 512 installed, 43 updatable
Vuls can scan vulnerabilities with one-liner like below.
$ curl -X POST -H "Content-Type: text/plain" \
-H "X-Vuls-OS-Family: centos" \
-H "X-Vuls-OS-Release: 6.9" \
-H "X-Vuls-Kernel-Release: 2.6.32-696.30.1.el6.x86_64" \
--data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" \
http://localhost:5515/vuls
For detials, see the Doc
#510 #669
[servers]
[servers.localhost]
host = "192.168.100.111" # or "127.0.0.1"
port = "22"
scanMode = ["fast"]
[servers]
[servers.localhost]
host = "192.168.100.111" # or "127.0.0.1"
port = "22"
scanMode = ["fast", "offline"]
[servers]
[servers.localhost]
host = "192.168.100.111" # or "127.0.0.1"
port = "22"
scanMode = ["fast-root"]
[servers]
[servers.localhost]
host = "192.168.100.111" # or "127.0.0.1"
port = "22"
scanMode = ["fast-root", "offline"]
[servers]
[servers.localhost]
host = "192.168.100.111" # or "127.0.0.1"
port = "22"
scanMode = ["deep"]
The following items were added
https://vuls.io/docs/en/usage-report.html#example-send-scan-results-to-stride
https://github.com/future-architect/vuls/pull/624
https://github.com/future-architect/vuls/pull/634
https://vuls.io/docs/en/usage-report.html#example-send-scan-results-to-chatwork
https://github.com/kotakanbe/go-cve-dictionary/issues/80
Model has changed.
https://github.com/future-architect/vuls/tree/master/models
$ ./vuls discover 127.0.0.1/32
# Create config.toml using below and then ./vuls -config=/path/to/config.toml
[cveDict]
type = "sqlite3"
path = "/path/to/cve.sqlite3"
#url = ""
[ovalDict]
type = "sqlite3"
path = "/path/to/oval.sqlite3"
#url = ""
[gost]
type = "sqlite3"
path = "/path/to/gost.sqlite3"
#url = ""
# https://vuls.io/docs/en/usage-settings.html#slack-section
#[slack]
#hookURL = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
##legacyToken = "xoxp-11111111111-222222222222-3333333333"
#channel = "#channel-name"
##channel = "${servername}"
#iconEmoji = ":ghost:"
#authUser = "username"
#notifyUsers = ["@username"]
# https://vuls.io/docs/en/usage-settings.html#email-section
#[email]
#smtpAddr = "smtp.example.com"
#smtpPort = "587"
#user = "username"
#password = "password"
#from = "[email protected]"
#to = ["[email protected]"]
#cc = ["[email protected]"]
#subjectPrefix = "[vuls]"
# https://vuls.io/docs/en/usage-settings.html#http-section
#[http]
#url = "http://localhost:11234"
# https://vuls.io/docs/en/usage-settings.html#syslog-section
#[syslog]
#protocol = "tcp"
#host = "localhost"
#port = "514"
#tag = "vuls"
#facility = "local0"
#severity = "alert"
#verbose = false
# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
#[aws]
#profile = "default"
#region = "ap-northeast-1"
#s3Bucket = "vuls"
#s3ResultsDir = "/path/to/result"
#s3ServerSideEncryption = "AES256"
# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
#[azure]
#accountName = "default"
#accountKey = "xxxxxxxxxxxxxx"
#containerName = "vuls"
# https://vuls.io/docs/en/usage-settings.html#stride-section
#[stride]
#hookURL = "xxxxxxxxxxxxxxx"
#authToken = "xxxxxxxxxxxxxx"
# https://vuls.io/docs/en/usage-settings.html#hipchat-section
#[hipchat]
#room = "vuls"
#authToken = "xxxxxxxxxxxxxx"
# https://vuls.io/docs/en/usage-settings.html#chatwork-section
#[chatwork]
#room = "xxxxxxxxxxx"
#apiToken = "xxxxxxxxxxxxxxxxxx"
# https://vuls.io/docs/en/usage-settings.html#default-section
[default]
#port = "22"
#user = "username"
#keyPath = "/home/username/.ssh/id_rsa"
#scanMode = ["fast", "fast-root", "deep", "offline"]
#cpeNames = [
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
#]
#owaspDCXMLPath = "/tmp/dependency-check-report.xml"
#ignoreCves = ["CVE-2014-6271"]
#containerType = "docker" #or "lxd" or "lxc" default: docker
#containersIncluded = ["${running}"]
#containersExcluded = ["container_name_a"]
# https://vuls.io/docs/en/usage-settings.html#servers-section
[servers]
[servers.127-0-0-1]
host = "127.0.0.1"
#port = "22"
#user = "root"
#keyPath = "/home/username/.ssh/id_rsa"
#scanMode = ["fast", "fast-root", "deep", "offline"]
#type = "pseudo"
#memo = "DB Server"
#cpeNames = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
#owaspDCXMLPath = "/path/to/dependency-check-report.xml"
#ignoreCves = ["CVE-2014-0160"]
#containerType = "docker" #or "lxd" or "lxc" default: docker
#containersIncluded = ["${running}"]
#containersExcluded = ["container_name_a"]
#[servers.127-0-0-1.containers.container_name_a]
#cpeNames = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
#owaspDCXMLPath = "/path/to/dependency-check-report.xml"
#ignoreCves = ["CVE-2014-0160"]
#[servers.127-0-0-1.optional]
#key = "value1"
#668
To detect the vulnerability of Ruby on Rails v4.2.1 on specific container, cpeNames needs to be set in the servers>containers section.
The following is an example of running Ruby on Rails v4.2.1 on dockerA.
[servers]
[servers.172-31-4-82]
host = "172.31.4.82"
user = "ec2-user"
keyPath = "/home/username/.ssh/id_rsa"
containerType = "docker"
containersIncluded = ["${running}"]
[servers.172-31-4-82.containers.dockerA]
cpeNames = [
"cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
]
#667
The following is an example of how to specify a XML of OWASP DC to the specific container.
[servers]
[servers.172-31-4-82]
host = "172.31.4.82"
user = "ec2-user"
keyPath = "/home/username/.ssh/id_rsa"
containerType = "docker"
containersIncluded = ["${running}"]
[servers.172-31-4-82.containers.dockerA]
owaspDCXMLPath = "/tmp/dependency-check-report.xml"
#666
[servers]
[servers.172-31-4-82]
host = "172.31.4.82"
user = "ec2-user"
keyPath = "/home/username/.ssh/id_rsa"
containerType = "docker"
containersIncluded = ["${running}"]
[servers.172-31-4-82.containers.dockerA]
ignoreCves = ["CVE-2016-6314"]
#665
Format
[servers.192-168-11-6]
host = "192.168.11.6"
ignorePkgsRegexp = ["^kernel.*"]
containersIncluded = ["${running}"]
ContainersExcluded= ["container_name_a"]
[servers.192-168-11-6.containers.container_name_a]
ignorePkgsRegexp = ["^vim.*"]
before
[servers.172-31-4-82]
host = "172.31.4.82"
optional = [
["key", "value"],
["key2", "value2"],
]
after
[servers.172-31-4-82]
host = "172.31.4.82"
[servers.172-31-4-82.Optional]
key = "value"
key2 = "value2"
Issues yum ps
to detect processed affected by next software update on RedHat, CentOS, Amazon , Oracle.
AffectedProcs key under Packages will be added by this P/R.
{
"Packages" : {
"wpa_supplicant": {
...,
"AffectedProcs": [
{
"PID": "638",
"ProcName": "wpa_supplicant",
}
]
},
},
}
When Servername was changed, Vulsrepo etc could not look back in the past. So, I added a unique UUID that will not be changed. If you report with this flag on, Vuls generates UUIDs automatically.
This Auto-generated UUID will be added to the config.toml automatically and result JSON.
The previous config.toml will be renamed to config.toml.bak.
When reporting with the -uuid flag on, config.toml is automatically recreated as described above. So I added the memo field because the TOML comment disappears. For memo about the server, please use this field, not TOML comment.
44fa2c5 v0.5.0 (no backwards compatibility) (#478)
d785fc2 Lint (#700)
ea800e0 fix(report): generate report even if some scan-err-jsons are included #685 (#686)
fe582ac Change GitHub templates
330edb3 change copyright (#677)
212fec7 Remove old Dockerfile (#684)
24d7021 Refactor Dockerfile (#683)
e3a01ff fix(report): database is locked with SQLite3 backend #681 (#682)
81f2ba8 fix(report): record not found on reporting with OVAL #679 (#680)
9e9370b refactor(suse): add testcase for detectSUSE (#675)
ced6114 pull request to add SLES variant OS SLES_SAP support (#672)
3144faa feat(syslog): add all CVSS scores/vectors (#664)
8960c67 fix(report): use CVSS score not calculated from severity preferentially (#663)
f8ca924 Add title to syslog (#662)
399a087 feat(scan): add -ssh-config option #417 (#660)
92f36ca Add missing ca-certificates, needed for slack webhook (#657)
3dcc582 Move to alpine based docker images (#643)
0977996 Fix(reporting): NotFixedYet of SourcePackage in OVAL match on Debian and Ubuntu (#656)
9cc7877 fix(configtest): Only warning when reboot-notifier is not installed on Debian (#654)
f653ca9 Don't check reboot-notifier package for debian containers (#642)
6f9fd91 Send logs via syslog when no CVE-IDs found (#646)
cb1aec4 Add scanned_at into syslog report (#641)
7cebaf8 Use servername for SSH ControlPath filename (#640)
241c943 fix(tui): show CVSS severity on TUI for Ubuntu (#638)
d5d88d8 Refactor stride (#637)
cf9d260 Update README.md (#631)
308a93d misspell (#632)
d6a7e65 [refactor]make fmt
e0a5c5d refactoring : hipchat (#635)
314f775 Chatwork support (#634)
7a16441 Stride support (#624)
5076326 Fix Amazon Linux 2 scanning (#630)
ce56261 fix(redhat): fix detection method of changelog scan (#628)
baa0e89 fix: a bug of diff logic when multiple oval defs found for a certain CVE-ID and same updated_at (#627)
1d49c0e fix(scan): fix RHEL 5 (#626)
08755e4 fix(fmt): fix gofmt warn (#625)
bb12d9d Add diff to TUI (#620)
fd1429f Fix diff logic (#619)
d3c421a inform new release on diff option (#614)
0c919da fix: change ControlPath to .vuls of SSH option (#618)
9afbf12 feat: Add -vvv option to scan cmd (#617)
50b105c fix: SSH session multiplexing (#616)
028508c fix link nvd on hipchat (#613)
f0137a3 feat: Display pkg information to slack notification #611 (#612)
e6d3a17 fix: validation for reporting (#610)
86ba551 fix: remove a validation of hipchat (#609)
26418be hipchat support (#593)
092a19b fix: bug of report -diff option (#607)
6d33985 fix: support CentOS cloud image (#606)
b08969a Support a reporting via Syslog (#604)
Published by kotakanbe almost 7 years ago
$ rm -rf $GOPATH/pkg/linux_amd64/github.com/kotakanbe/goval-dictionary/
$ rm -rf $GOPATH/src/github.com/kotakanbe/goval-dictionary/
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/goval-dictionary.git
$ cd goval-dictionary
$ make install
$ goval-dictionary -v
goval-dictionary dca4f21
$ rm -rf $GOPATH/pkg/linux_amd64/github.com/future-architect/vuls/
$ rm -rf $GOPATH/src/github.com/future-architect/vuls/
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install
$ vuls -v
vuls v0.4.2 e788e6a
e788e6a Support Alpine Linux #194 (#545)
d00e912 Replace strings.HasPrefix with strings.Index for SuSE scanner (#546)
8ebb663 Fix yum changelog option (#543)
445ffc4 Update README.md (#542)
6af49f4 Fix false positive: ignore oval info when kernel major version is different. (#541)
1de9e8c Fix: Misdetection of OvalMatch for CentOS and Scientific in oval/util.go (#536)
59b0812 Fix: "Reboot Required" detection process in scan/redhat.go (#534)
719785c Remove README.fr.md because unable to maintenance..
8e5f627 README Typo Update (#538)
5ced3c7 Insert sudo
only at the beginning of command in deep scan #495 (#539)
c002f01 Fix config.toml validation (#537)
00c690f Add pseudo server type for non-ssh scanning (only cpe scan) #512 (#531)
ab68ad5 README Update (#530)
5c84ebe Update README
eb2acaf send slack msg by api (#525)
84d0655 fix typo Privious -> Previous (#523)
e137ebb Fix package query fails on debian based container (#519) (#522)
10d690d fix typo from "enviroment" to "environment" (#518)
14611d2 Fix typo in config/jsonloader.go (#517)
0665bfe Modified Spell Miss of "README.md". (#516)
Automated with GoReleaser
Built with go version go1.8 linux/amd64
Published by kotakanbe about 7 years ago
473096d Fix .goreleaser.yml
0eae26e Merge branch 'master' of https://github.com/future-architect/vuls
a32845f Fix a bug of making channels when fill oval information via HTTP (#514)
15a0f7e Merge branch 'master' of https://github.com/future-architect/vuls
5a0a6ab Fix OVAL detection on Debian and Ubuntu (#509)
032b8d9 Merge branch 'master' of https://github.com/future-architect/vuls
5798e3a Add filter options to tui subcommand (#508)
8e15b9c Add filter options to tui subcommand (#508)
7a1f132 Add -ignore-unfixed option to report subcommand #485 (#507)
a8483b2 Add goreleaser to distribute binaries (#460)
83bbbd0 Add goreportcard to README
132432d Support SUSE Enterprise Linux (#487)
e5eb8e4 Debian: Use --showformat flag to get status of packages and ignore n(not-inst… (#484)
1095ebe fix vulsrepo dockerfile (#496)
1541a60 Update README.ja.md (#498)
03a141c Fix typos (#499)
5f2183f Check repoquery with sudo nopasswd in deep scan mode on RedHat (#492)
820831f Fix sort order of servers on TUI (#481)
6d2d767 Fix a arg of report subcommand (#479)
e0c3a72 Fix ping option of discover subcommand #471 (#472)
ec92f77 add windows type (#470)
0ba490c Merge pull request #469 from usiusi360/use_vulsrepo-server
cfd668e use_vulsrepo-server
Automated with GoReleaser
Built with go version go1.8 linux/amd64
Published by kotakanbe about 7 years ago
We are pleased to announce the new Version, v0.4.0.
This version is not backward compatible.
But many new functions have been added.
This mode scans
Scan Method
Report
https://github.com/future-architect/vuls#deep-scan
This mode may consume resources on the server to be scanned and some commands may need root privilege. However, deep scan mode is more accurate vulnerability detection and more detailed information than fast scan mode.
Scan Method
Report
Vuls warns when the scan target server was updated the kernel etc. but not restarting it.
The structure of the model has changed.
This version is not backward compatible.
yum changelog
in yum-utils instead of yum update --changelog
in yum-plugin-changelog to fetch changelogs without root privilege.
Published by kotakanbe over 7 years ago
Published by kotakanbe almost 8 years ago
see https://github.com/future-architect/vuls/blob/master/CHANGELOG.md
The main pull request is below
https://github.com/future-architect/vuls/pull/270
Published by kotakanbe about 8 years ago
Caution
To upgrade to this release, you have to use a new SQLite3 data file because ERD is changed.
https://github.com/future-architect/vuls/pull/67
For details, see https://github.com/future-architect/vuls/blob/master/CHANGELOG.md