Edit

Install Manually

Install Requirements

Linux Distributions

The following example should work on Fedora based Linux distributions, which include: CentOS, RedHat, Amazon Linux etc (tested on CentOS and Amazon Linux).

Packages

Vuls requires the following packages.

  • SQLite3, MySQL, PostgreSQL, Redis
  • git
  • gcc
  • GNU Make
  • Greater than or equal to Go v1.18 (The latest version is recommended) 
$ ssh <user>@<IP> -i ~/.ssh/private.pem
$ export latest_version=1.14.2 # Latest Go release as of writing
$ sudo yum -y install sqlite git gcc make wget
$ wget https://dl.google.com/go/go$latest_version.linux-amd64.tar.gz
$ sudo tar -C /usr/local -xzf go$latest_version.linux-amd64.tar.gz
$ mkdir $HOME/go

Add these lines into /etc/profile.d/goenv.sh (you'll need sudo access)

export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Set the OS environment variable to current shell

$ source /etc/profile.d/goenv.sh

Deploy go-cve-dictionary

go-cve-dictionary

$ sudo mkdir /var/log/vuls
$ sudo chown <user> /var/log/vuls
$ sudo chmod 700 /var/log/vuls
$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/go-cve-dictionary.git
$ cd go-cve-dictionary
$ make install

The binary was built under $GOPATH/bin

Then Fetch vulnerability data from NVD. It takes about 10 minutes (on AWS).

$ cd $HOME
$ go-cve-dictionary fetch nvd
... snip ...
$ ls -alh cve.sqlite3
-rw-r--r--. 1 centos centos  51M Aug  6 08:10 cve.sqlite3
-rw-r--r--. 1 centos centos  32K Aug  6 08:10 cve.sqlite3-shm
-rw-r--r--. 1 centos centos 5.1M Aug  6 08:10 cve.sqlite3-wal

If you want results in Japanese, you also need to fetch the JVN data. It takes about 10 minutes (on AWS).

$ cd $HOME
$ go-cve-dictionary fetch jvn
... snip ...
$ ls -alh cve.sqlite3
-rw-r--r--. 1 centos centos  51M Aug  6 08:10 cve.sqlite3
-rw-r--r--. 1 centos centos  32K Aug  6 08:10 cve.sqlite3-shm
-rw-r--r--. 1 centos centos 5.1M Aug  6 08:10 cve.sqlite3-wal

Deploy goval-dictionary

For RedHat, CentOS, AlmaLinux and Rocky Linux, you can skip this step. If you would like to scan other Linux distributions then retrieve the OVAL data according to the OS type and version of scan target server in advance.

goval-dictionary

$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/goval-dictionary.git
$ cd goval-dictionary
$ make install
$ ln -s $GOPATH/src/github.com/vulsio/goval-dictionary/oval.sqlite3 $HOME/oval.sqlite3

The binary was built under $GOPATH/bin

For example, if your scan target is Oracle Linux 9, command to fetch is:

$ goval-dictionary fetch oracle 9

Deploy gost

gost (go-security-tracker)

version Vuls 0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors using new data source named gost.

$ sudo mkdir /var/log/gost
$ sudo chown <user> /var/log/gost
$ sudo chmod 700 /var/log/gost
$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/gost.git
$ cd gost
$ make install
$ ln -s $GOPATH/src/github.com/vulsio/gost/gost.sqlite3 $HOME/gost.sqlite3

The binary was built under $GOPATH/bin

Then fetch security tracker for RedHat since the server to be scanned is CentOS. README

$ gost fetch redhat

To fetch Debian security tracker, See gost README

Deploy go-exploitdb

go-exploitdb

New version Vuls 0.6.0 now possible to display exploit codes have been published at Exploit DB.com. If you don't need to know about exploit code for detected CVEs, skip this section.

$ sudo mkdir /var/log/go-exploitdb
$ sudo chown <user> /var/log/go-exploitdb
$ sudo chmod 700 /var/log/go-exploitdb
$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/go-exploitdb.git
$ cd go-exploitdb
$ make install
$ ln -s $GOPATH/src/github.com/vulsio/go-exploitdb/go-exploitdb.sqlite3 $HOME/go-exploitdb.sqlite3

The binary was built under $GOPATH/bin

Then fetch exploit-db information. README

$ go-exploitdb fetch exploitdb
$ go-exploitdb fetch awesomepoc
$ go-exploitdb fetch githubrepos
$ go-exploitdb fetch inthewild

Deploy go-msfdb

go-msfdb

New version Vuls 0.11.0 now possible to display metasploit modules have been published at Metasploit. If you don't need to know about metasploit modules for detected CVEs, skip this section.

$ sudo mkdir /var/log/go-msfdb
$ sudo chown <user> /var/log/go-msfdb
$ sudo chmod 700 /var/log/go-msfdb
$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/go-msfdb.git
$ cd go-msfdb
$ make install
$ ln -s $GOPATH/src/github.com/vulsio/go-msfdb/go-msfdb.sqlite3 $HOME/go-msfdb.sqlite3

The binary was built under $GOPATH/bin

Then fetch msf-db information. README

$ go-msfdb fetch msfdb

Deploy go-kev

go-kev

New version Vuls 0.19.0 now possible to display Known Exploited Vulnerabilities have been published at Cybersecurity & Infrastructure Security Agency. If you don't need to know about Known Exploited Vulnerabilities for detected CVEs, skip this section.

$ sudo mkdir /var/log/go-kev
$ sudo chown <user> /var/log/go-kev
$ sudo chmod 700 /var/log/go-kev
$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/go-kev.git
$ cd go-kev
$ make install
$ ln -s $GOPATH/src/github.com/vulsio/go-kev/go-kev.sqlite3 $HOME/go-kev.sqlite3

The binary was built under $GOPATH/bin

Then fetch Known Exploited Vulnerabilities information. README

$ go-kev fetch kevuln

Deploy go-cti

go-cti

New version Vuls 0.19.8 now possible to display Cyber Threat Intelligence(MITER ATT&CK and CAPEC) have been published at mitre/cti. If you don't need to know about Cyber Threat Intelligence for detected CVEs, skip this section.

$ sudo mkdir /var/log/go-cti
$ sudo chown <user> /var/log/go-cti
$ sudo chmod 700 /var/log/go-cti
$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/go-cti.git
$ cd go-cti
$ make install
$ ln -s $GOPATH/src/github.com/vulsio/go-cti/go-cti.sqlite3 $HOME/go-cti.sqlite3

The binary was built under $GOPATH/bin

Then fetch Cyber Threat Intelligence information. README

$ go-cti fetch threat

Deploy Vuls

$ mkdir -p $GOPATH/src/github.com/future-architect
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install

If you have previously installed vuls and want to update, please do the following

$ rm -rf $GOPATH/pkg/linux_amd64/github.com/future-architect/vuls/
$ rm -rf $GOPATH/src/github.com/future-architect/vuls/
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install

The binary was built under $GOPATH/bin

Test Installation

Local Scan Mode: From Configuration to Reporting

Vulsctl - Install on HostOSInstall with Docker