Vuls

Vuls

  • Docs
  • Community
  • Blog
  • Languages icon日本語
    • English
  • GitHub
  • vulsdoc

›Tutorial

Introduction

  • Abstract
  • Main Features
  • Supported OS

Architecture

  • Remote, Local, One-liner scan
  • Remote Scan Mode
  • One-liner scan mode
  • Local Scan Mode
  • architecture
  • Fast Scan
  • Fast-Root Scan
  • Deep Scan
  • CPE Scan

Installation

  • Vulsctl - Quickest Vuls setup
  • Vulsctl - Install on HostOS
  • Install Manually
  • Install with Docker
  • Install with Package
  • Install with Ansible
  • Install with awless

Tutorial

  • Tutorial
  • Scan with Vulsctl
  • Local Scan Mode
  • Remote Scan Mode
  • Scan using Docker
  • Scan Docker Image
  • Scan non OS packages
  • Scan WordPress

Usage

  • config.toml
  • Automatic Discovery
  • configtest
  • Scan
  • Report
  • TUI
  • Server

Vulsrepo

  • VulsRepo

Misc

  • Cron
  • Update Vuls to the latest version
  • go-cve-dictionary
  • goval-dictionary
  • gost
  • go-exploitdb
  • go-msfdb
  • Related Projects
  • Tips
  • Contribute
Edit

Tutorial - Local Scan Mode

このチュートリアルでは、Vulsを用いてローカルホストの脆弱性をスキャンする方法を学びます。 手順は以下の通りです。

  1. CentOSを準備する
  2. Vulsをデプロイ
  3. 設定
  4. 設定ファイルと、スキャン対象サーバの設定のチェック
  5. スキャン
  6. レポート作成
  7. TUI(Terminal-Based User Interface)で結果を参照する
  8. Web UI (VulsRepo)

Step1. CentOSの準備

  • 今回は説明のために、脆弱性を含む古いAMIを使う

  • EC2作成時に自動アップデートされるとVulsスキャン結果が0件になってしまうので、cloud-initに以下を指定してEC2を作成する。

    • Q: どうやったら重大で重要なセキュリティアップデートが初回起動時に自動でインストールされてしまうのを防げますか?

      #cloud-config
      repo_upgrade: none
      

Step2. Vulsをデプロイ

There are several ways to set up Vuls.

An easy one is vulsctl/install-host. It can be tedious, but you can also do set up manually instead of vulsctl.

Step3. 設定

Create a config file(TOML format).

$ cd $HOME
$ cat config.toml
[servers]

[servers.localhost]
host = "localhost"
port = "local"

Step4. 設定ファイルと、スキャン対象サーバの設定のチェック

$ vuls configtest

see Usage: configtest

Step5. スキャン

$ vuls scan

... snip ...

One Line Summary
================
localhost       centos7.3.1611  31 updatable packages

Step6. レポート

View one-line summary

$ vuls report -format-one-line-text

One Line Summary
================
localhost       Total: 109 (High:35 Medium:55 Low:16 ?:3)       31 updatable packages

View short summary

$ vuls report -format-list

localhost (centos7.3.1611)
==========================
Total: 109 (High:35 Medium:55 Low:16 ?:3)       31 updatable packages

CVE-2015-2806           10.0 HIGH (nvd)
                        Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows
                        remote attackers to have unspecified impact via unknown vectors.
                        ---
                        https://nvd.nist.gov/vuln/detail/CVE-2015-2806
                        https://access.redhat.com/security/cve/CVE-2015-2806 (RHEL-CVE)
                        10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C (nvd)
                        2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P (redhat)
                        https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2015-2806
                        3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L (redhat)
                        https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2015-2806
                        Confidence: 100 / OvalMatch

... snip ...

View full report.

$ vuls report -format-full-text | less
localhost (centos7.3.1611)
==========================
Total: 109 (High:35 Medium:55 Low:16 ?:3)       31 updatable packages

CVE-2015-2806
----------------
Max Score               10.0 HIGH (nvd)
nvd                     10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat                  2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P
redhat                  3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVSSv2 Calc             https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2015-2806
CVSSv3 Calc             https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2015-2806
Summary                 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows
                        remote attackers to have unspecified impact via unknown vectors.
Source                  https://nvd.nist.gov/vuln/detail/CVE-2015-2806
RHEL-CVE                https://access.redhat.com/security/cve/CVE-2015-2806
CWE-119 (nvd)           https://cwe.mitre.org/data/definitions/119.html
Package/CPE             libtasn1-3.8-3.el7 -
Confidence              100 / OvalMatch

... snip ...

View Japanese

$ vuls report -format-list -lang ja | less
localhost (centos7.3.1611)
==========================
Total: 109 (High:35 Medium:55 Low:16 ?:3)       31 updatable packages

CVE-2017-12188  7.6 IMPORTANT (redhat)
                Linux Kernel  におけるパストラバーサルの脆弱性
                Linux Kernel には、パストラバーサルの脆弱性が存在します。
                ---
                https://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-009311.html
                https://access.redhat.com/security/cve/CVE-2017-12188 (RHEL-CVE)
                6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C (nvd)
                6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C (redhat)
                6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C (jvn)
                https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2017-12188
                7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H (redhat)
                https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-12188
                Confidence: 100 / OvalMatch

... snip ...

Step7. TUI

Vuls has Terminal-Based User Interface to display the scan result.

$ vuls tui

Vuls-TUI

Step8. Web UI (VulsRepo)で結果を参照する

Vulsrepo

Check it out the Online Demo.

Installation refer to VulsRepo

← Scan with VulsctlRemote Scan Mode →
Vuls
Docs
IntroductionArchitectureTutorial
Community
Join SlackSlackTwitter(English)Twitter(Japanese)
More
BlogGitHub
Copyright © 2021 kotakanbe