Vuls

Vuls

  • Docs
  • Community
  • Blog
  • Languages iconEnglish
    • 日本語
  • GitHub
  • vulsdoc

›Installation

Introduction

  • Abstract
  • Main Features
  • Supported OS

Architecture

  • Remote, Local, One-liner scan
  • Remote Scan Mode
  • One-liner scan mode
  • Local Scan Mode
  • architecture
  • Fast Scan
  • Fast-Root Scan
  • Deep Scan

Installation

  • Easiest way to setup Vuls - Vulsctl
  • Install Manually on CentOS
  • Install with Docker
  • Install with Package
  • Install with Ansible
  • Install with awless

Tutorial

  • Tutorial
  • Local Scan Mode
  • Remote Scan Mode
  • Scan using Docker
  • Scan Docker Image
  • Scan non-OS packages
  • Scan WordPress

Usage

  • Automatic Discovery
  • Settings
  • configtest
  • Scan
  • Report
  • TUI
  • Server

Vulsrepo

  • VulsRepo

Misc

  • Cron
  • Update Vuls to the latest version
  • go-cve-dictionary
  • goval-dictionary
  • gost
  • go-exploitdb
  • Releted Projects
  • Tips
  • Contribute
Edit

Install Manually on CentOS

Install requirements

Vuls requires the following packages.

  • SQLite3, MySQL, PostgreSQL, Redis
  • git
  • gcc
  • GNU Make
  • go v1.13 or later (The latest version is recommended)
    • https://golang.org/doc/install
$ ssh [email protected]  -i ~/.ssh/private.pem
$ sudo yum -y install sqlite git gcc make wget
$ wget https://dl.google.com/go/go$LATEST-VERSION.linux-amd64.tar.gz
$ sudo tar -C /usr/local -xzf go$LATEST-VERSIONlinux-amd64.tar.gz
$ mkdir $HOME/go

Add these lines into /etc/profile.d/goenv.sh

export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Set the OS environment variable to current shell

$ source /etc/profile.d/goenv.sh

Deploy go-cve-dictionary

go-cve-dictionary

$ sudo mkdir /var/log/vuls
$ sudo chown centos /var/log/vuls
$ sudo chmod 700 /var/log/vuls
$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/go-cve-dictionary.git
$ cd go-cve-dictionary
$ make install

The binary was built under $GOPATH/bin

Then Fetch vulnerability data from NVD.
It takes about 10 minutes (on AWS).

$ cd $HOME
$ for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done
... snip ...
$ ls -alh cve.sqlite3
-rw-r--r--. 1 centos centos  51M Aug  6 08:10 cve.sqlite3
-rw-r--r--. 1 centos centos  32K Aug  6 08:10 cve.sqlite3-shm
-rw-r--r--. 1 centos centos 5.1M Aug  6 08:10 cve.sqlite3-wal

If you want results in Japanese, you also need to fetch the JVN data. It takes about 10 minutes (on AWS).

$ cd $HOME
$ for i in `seq 1998 $(date +"%Y")`; do go-cve-dictionary fetchjvn -years $i; done
... snip ...
$ ls -alh cve.sqlite3
-rw-r--r--. 1 centos centos  51M Aug  6 08:10 cve.sqlite3
-rw-r--r--. 1 centos centos  32K Aug  6 08:10 cve.sqlite3-shm
-rw-r--r--. 1 centos centos 5.1M Aug  6 08:10 cve.sqlite3-wal

Deploy goval-dictionary

goval-dictionary

$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/goval-dictionary.git
$ cd goval-dictionary
$ make install
$ ln -s $GOPATH/src/github.com/kotakanbe/goval-dictionary/oval.sqlite3 $HOME/oval.sqlite3

The binary was built under $GOPATH/bin

Then fetch OVAL data of Red Hat since the server to be scanned is CentOS. README

$ goval-dictionary fetch-redhat 7

If you want to scan other than CentOS 7, fetch OVAL data according to the OS type and version of scan target server in advance.

  • Alpine
  • Red Hat, CentOS
  • Debian
  • Ubuntu
  • Oracle Linux
  • SUSE

Deploy gost

gost (go-security-tracker)

version Vuls 0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors using new datasource named gost.

$ sudo mkdir /var/log/gost
$ sudo chown centos /var/log/gost
$ sudo chmod 700 /var/log/gost
$
$ mkdir -p $GOPATH/src/github.com/knqyf263
$ cd $GOPATH/src/github.com/knqyf263
$ git clone https://github.com/knqyf263/gost.git
$ cd gost
$ make install
$ ln -s $GOPATH/src/github.com/knqyf263/gost/gost.sqlite3 $HOME/gost.sqlite3

The binary was built under $GOPATH/bin

Then fetch security tracker for RedHat since the server to be scanned is CentOS. README

$ gost fetch redhat

To fetch Debian security tracker, See gost README

Deploy go-exploitdb

go-exploitdb

New version Vuls 0.6.0 now possible to display exploit codes have been published at Exploit DB.com. If you don't need to know about exploit code for detected CVEs, skip this section.

$ sudo mkdir /var/log/go-exploitdb
$ sudo chown centos /var/log/go-exploitdb
$ sudo chmod 700 /var/log/go-exploitdb
$
$ mkdir -p $GOPATH/src/github.com/mozqnet
$ cd $GOPATH/src/github.com/mozqnet
$ git clone https://github.com/mozqnet/go-exploitdb.git
$ cd go-exploitdb
$ make install
$ ln -s $GOPATH/src/github.com/mozqnet/go-exploitdb/go-exploitdb.sqlite3 $HOME/go-exploitdb.sqlite3

The binary was built under $GOPATH/bin

Then fetch exploit-db information. README

$ go-exploitdb fetch

Fetch with --deep option, Many exploits information will be obtained. But fetch time is too long...

Deploy Vuls

$ mkdir -p $GOPATH/src/github.com/future-architect
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install

If you have previously installed vuls and want to update, please do the following

$ rm -rf $GOPATH/pkg/linux_amd64/github.com/future-architect/vuls/
$ rm -rf $GOPATH/src/github.com/future-architect/vuls/
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install

The binary was built under $GOPATH/bin

← Install wth vulsctl on CentOSInstall with Docker →
Vuls
Docs
IntroductionArchitectureTutorial
Community
Join SlackSlackTwitter(English)Twitter(Japanese)
More
BlogGitHub
Copyright © 2019 kotakanbe