Vuls

Vuls

  • Docs
  • Community
  • Blog
  • Languages iconEnglish
    • 日本語
  • GitHub
  • vulsdoc

›Usage

Introduction

  • Abstract
  • Main Features
  • Supported OS

Architecture

  • Remote, Local, One-liner scan
  • Remote Scan Mode
  • One-liner scan mode
  • Local Scan Mode
  • architecture
  • Fast Scan
  • Fast-Root Scan
  • Deep Scan
  • CPE Scan

Installation

  • Vulsctl - Quickest Vuls setup
  • Vulsctl - Install on HostOS
  • Install Manually
  • Install with Docker
  • Install with Package
  • Install with Ansible
  • Install with awless

Tutorial

  • Tutorial
  • Scan with Vulsctl
  • Local Scan Mode
  • Remote Scan Mode
  • Scan using Docker
  • Scan Docker Image
  • Scan non OS packages
  • Scan WordPress
  • Scan Port
  • Scan Windows

Usage

  • config.toml
  • Automatic Discovery
  • configtest
  • Scan
  • Report
  • TUI
  • Server

Vulsrepo

  • VulsRepo

Development

  • Contribute
  • Integration Testing

Misc

  • Cron
  • Update Vuls to the latest version
  • go-cve-dictionary
  • goval-dictionary
  • gost
  • go-exploitdb
  • go-msfdb
  • go-kev
  • go-cti
  • Related Projects
  • Tips
Edit

configtest

$ vuls configtest --help
configtest:
        configtest
                        [-config=/path/to/config.toml]
                        [-log-dir=/path/to/log]
                        [-timeout=300]
                        [-debug]

                        [SERVER]...
  -config string
        /path/to/toml (default "/Users/kotakanbe/go/src/github.com/future-architect/vuls/config.toml")
  -debug
        debug mode
  -http-proxy string
        http://proxy-url:port (default: empty)
  -log-dir string
        /path/to/log (default "/var/log/vuls")
  -timeout int
        Timeout(Sec) (default 300)

The configtest subcommand checks whether vuls is able to connect via SSH to servers/containers defined in the config.toml

Dependencies

fast scan mode

DistributionReleaseRequirements
Alpine3.2 and later-
Ubuntu14.04, 16.04, 18.04, 20.04, 21.04, 21.10, 22.04, 22.10, 23.04, 23.10, 24.04-
Debian7, 8, 9, 10, 11, 12(reboot-notifier)
CentOS6, 7, 8, stream8, stream9-
AlmaLinux8, 9-
Rocky Linux8, 9-
AmazonAll-
RHEL5, 6, 7, 8, 9-
Fedora32, 33, 34, 35, 36, 37, 38, 39-
Oracle Linux5, 6, 7-
openSUSEtumbleweed-
openSUSE Leap15.2, 15.3-
SUSE Enterprise11, 12, 15-
FreeBSD10, 11-
RaspbianJessie, Stretch, Buster-
WindowsClient, Server-
MacOSMacOS X, MacOS X Server, MacOS, MacOS Server-

fast-root scan mode

The configtest subcommand with fast-root mode checks whether the packages are installed on the scan target server and also check /etc/sudoers

DistributionReleaseRequirements
Alpine3.2 and later-
Ubuntu14.04, 16.04, 18.04, 20.04, 21.04, 21.10, 22.04, 22.10, 23.04, 23.10, 24.04debian-goodies
Debian8, 9, 10, 11, 12debian-goodies, reboot-notifier
CentOS6, 7, 8, stream8, stream9-
AlmaLinux8, 9-
Rocky Linux8, 9-
AmazonAll-
RHEL6, 7-
RHEL8, 9lsof, yum-utils
Fedora32, 33, 34, 35, 36, 37, 38, 39-
Oracle Linux5, 6, 7-
openSUSEtumbleweed-
openSUSE Leap15.2, 15.3-
SUSE Enterprise11, 12, 15-
FreeBSD10, 11-
RaspbianJessie, Stretch, Busterdebian-goodies
WindowsClient, Server-
MacOSMacOS X, MacOS X Server, MacOS, MacOS Server-

deep scan mode

same as fast-root scan mode

/etc/sudoers on Target Servers

The configtest subcommand also checks sudo settings on target servers whether Vuls is able to SUDO with nopassword via SSH.

if you got the below error, requiretty should be defined in /etc/sudoers.

stderr: sudo: sorry, you must have a tty to run sudo
Defaults:vuls !requiretty

/etc/sudoers

Distributionfastfast-rootdeep
Ubuntu 14.04, 16.04, 18.04, 20.04, 21.04, 21.10, 22.04, 22.10, 23.04, 23.10, 24.04-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -nsame as fast-root
Debian 8, 9, 10, 11, 12-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -nsame as fast-root
CentOS 6, 7, 8, stream8, stream9-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nsame as fast-root
AlmaLinux 8, 9-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/repoquery, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -nsame as fast-root
Rocky Linux 8-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nsame as fast-root
Amazon Linux-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nsame as fast-root
Amazon Linux 2-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nsame as fast-root
Amazon Linux 2022-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nsame as fast-root
Amazon Linux 2023-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nsame as fast-root
RHEL 6, 7, 8, 9-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /usr/bin/repoquery, /usr/bin/yum makecache --assumeyes, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n, /usr/sbin/lsof -i -P -nsame as fast-root
Oracle Linux 6, 7-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /usr/bin/repoquery, /usr/bin/yum makecache --assumeyessame as fast-root
SUSE Enterprise 11, 12, 15-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/which, /usr/bin/zypper ps, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n, /usr/sbin/lsof -i -P -nsame as fast-root
FreeBSD 10---
Raspbian-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -nsame as fast-root

If your server is behind a proxy, also add the following.

Defaults:vuls env_keep="http_proxy https_proxy HTTP_PROXY HTTPS_PROXY"
← Automatic DiscoveryScan →
Vuls
Docs
IntroductionArchitectureTutorial
Community
Join SlackSlackTwitter(English)Twitter(Japanese)
More
BlogGitHub
Copyright © 2025 kotakanbe