Vuls

Vuls

  • Docs
  • Community
  • Blog
  • Languages iconEnglish
    • 日本語
  • GitHub
  • vulsdoc

›Tutorial

Introduction

  • Abstract
  • Main Features
  • Supported OS

Architecture

  • Remote, Local, One-liner scan
  • Remote Scan Mode
  • One-liner scan mode
  • Local Scan Mode
  • architecture
  • Fast Scan
  • Fast-Root Scan
  • Deep Scan
  • CPE Scan

Installation

  • Vulsctl - Quickest Vuls setup
  • Vulsctl - Install on HostOS
  • Install Manually
  • Install with Docker
  • Install with Package
  • Install with Ansible
  • Install with awless

Tutorial

  • Tutorial
  • Scan with Vulsctl
  • Local Scan Mode
  • Remote Scan Mode
  • Scan using Docker
  • Scan Docker Image
  • Scan non OS packages
  • Scan WordPress
  • Scan Port
  • Scan Windows

Usage

  • config.toml
  • Automatic Discovery
  • configtest
  • Scan
  • Report
  • TUI
  • Server

Vulsrepo

  • VulsRepo

Development

  • Contribute
  • Integration Testing

Misc

  • Cron
  • Update Vuls to the latest version
  • go-cve-dictionary
  • goval-dictionary
  • gost
  • go-exploitdb
  • go-msfdb
  • go-kev
  • go-cti
  • Related Projects
  • Tips
Edit

Tutorial - Remote Scan Mode

This tutorial will let you scan the vulnerabilities on the remote host via SSH with Vuls. This can be done in the following steps.

  1. Launch new Ubuntu Linux
  2. Enable to SSH from localhost
  3. Configuration
  4. Check config.toml and settings on the server before scanning
  5. Scan
  6. Reporting

We will use the Vuls server (called localhost) created in the previous tutorial.

Step1. Launch new Ubuntu Linux

Same like as Tutorial: Local Scan Mode#Step1. Launch CentOS7
Launch a new terminal and SSH to the Remote host.
To add the remote host's Host Key to $HOME/.ssh/known_hosts, you need to log in to the remote host through SSH before scanning.

Step2. Enable to SSH from localhost

Vuls doesn't support SSH password authentication. So you have to use SSH key-based authentication.
Create a keypair on the localhost then append the public key to authorized_keys on the remote host.
If you need to use a key with password, see the tips of How to scan with SSH key with passphrase

localhost

$ ssh-keygen -t rsa

Copy ~/.ssh/id_rsa.pub to the clipboard.

Remote Host

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ touch ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
$ vim ~/.ssh/authorized_keys

Paste from the clipboard to ~/.ssh/authorized_keys

And also, confirm that the host keys of scan target servers has been registered in the known_hosts of the localhost. To add the remote host's Host Key to $HOME/.ssh/known_hosts, you need to log in to the remote host through SSH before scanning.

localhost

$ ssh [email protected] -i ~/.ssh/id_rsa

Step3. Configure (config.toml)

localhost

$ cd $HOME
$ cat config.toml
[servers]

[servers.ubuntu]
host         = "172.31.4.82"
port        = "22"
user        = "ubuntu"
keyPath     = "/home/centos/.ssh/id_rsa"

Step4. Check config.toml and settings on the server before scanning

$ vuls configtest ubuntu

see Usage: configtest

Step5. Start Scanning

$ vuls scan ubuntu
... snip ...

One Line Summary
================
ubuntu  ubuntu16.04     30 updatable packages

Step6. Reporting

  • See Tutorial: Local Scan#Step6. Reporting
  • See Tutorial: Local Scan#Step7. TUI
  • See Tutorial: Local Scan#Step8. Web UI
← Local Scan ModeScan using Docker →
Vuls
Docs
IntroductionArchitectureTutorial
Community
Join SlackSlackTwitter(English)Twitter(Japanese)
More
BlogGitHub
Copyright © 2025 kotakanbe