Vuls

Vuls

  • Docs
  • Community
  • Blog
  • Languages icon日本語
    • English
  • GitHub
  • vulsdoc

›Usage

Introduction

  • Abstract
  • Main Features
  • Supported OS

Architecture

  • Remote, Local, One-liner scan
  • Remote Scan Mode
  • One-liner scan mode
  • Local Scan Mode
  • architecture
  • Fast Scan
  • Fast-Root Scan
  • Deep Scan
  • CPE Scan

Installation

  • Vulsctl - Quickest Vuls setup
  • Vulsctl - Install on HostOS
  • Install Manually
  • Install with Docker
  • Install with Package
  • Install with Ansible
  • Install with awless

Tutorial

  • Tutorial
  • Scan with Vulsctl
  • Local Scan Mode
  • Remote Scan Mode
  • Scan using Docker
  • Scan Docker Image
  • Scan non OS packages
  • Scan WordPress
  • Scan Port

Usage

  • config.toml
  • Automatic Discovery
  • configtest
  • Scan
  • Report
  • TUI
  • Server

Vulsrepo

  • VulsRepo

Development

  • Contribute
  • Integration Testing

Misc

  • Cron
  • Update Vuls to the latest version
  • go-cve-dictionary
  • goval-dictionary
  • gost
  • go-exploitdb
  • go-msfdb
  • go-kev
  • go-cti
  • Related Projects
  • Tips
Edit

Server

$ vuls server -h
Server:
  Server
    [-lang=en|ja]
    [-config=/path/to/config.toml]
    [-log-to-file]
    [-log-dir=/path/to/log]
    [-confidence-over=80]
    [-cvss-over=7]
    [-ignore-unscored-cves]
    [-ignore-unfixed]
    [-to-localfile]
    [-http-proxy=http://192.168.0.1:8080]
    [-debug]
    [-debug-sql]
    [-listen=localhost:5515]

    [RFC3339 datetime format under results dir]
  -config string
      /path/to/toml (default "/Users/kanbe/go/src/github.com/future-architect/vuls/config.toml")
  -confidence-over int
      -confidence-over=40 means reporting Confidence Score 40 and over (default: 80) (default 80)
  -cvss-over float
      -cvss-over=6.5 means Servering CVSS Score 6.5 and over (default: 0 (means Server all))
  -debug
      debug mode
  -debug-sql
      SQL debug mode
  -http-proxy string
      http://proxy-url:port (default: empty)
  -ignore-unfixed
      Don't show the unfixed CVEs
  -ignore-unscored-cves
      Don't show the unscored CVEs
  -lang string
      [en|ja] (default "en")
  -listen string
      host:port (default: localhost:5515) (default "localhost:5515")
  -log-dir string
      /path/to/log (default "/var/log/vuls")
  -log-to-file
      Output log to file
  -results-dir string
      /path/to/results (default "/Users/kanbe/go/src/github.com/future-architect/vuls/results")
  -to-localfile
      Write report to localfile

エンドポイント

  • /vuls
    • 脆弱性の検知
  • /health
    • ヘルスチェック

Content-Types

  • application/json
  • text/plain

text/plain

Headers

  • X-Vuls-OS-Family (必須)
    • OS Family of your target server (rhel, fedora, centos, alma, rocky, amazon, ubuntu and debian, raspbian)
  • X-Vuls-OS-Release (必須)
    • スキャン対象サーバのOSバージョン (6.9, 16.04 など)
  • X-Vuls-Kernel-Release (必須)
    • スキャン対象サーバのカーネル (例: 2.6.32-696.6.3.el6.x86_64)
    • uname -rなどで取得出来ます。
  • X-Vuls-Kernel-Version (任意)
    • Debianの時は必須です。 (例 3.16.51-2)
    • Collect by a command such as uname -a | awk '{print $7}'
  • X-Vuls-Server-Name (任意)
    • -to-localfileオプションを指定するときは必須
    • スキャン対象サーバの名前 (例 web01)
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: centos" -H "X-Vuls-OS-Release: 6.9" -H "X-Vuls-Kernel-Release: 2.6.32-696.30.1.el6.x86_64" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://localhost:5515/vuls

上記の設定をcronにします。

application/json

Send JSON to your Vuls server. This is supposed to be used from programs etc.

以下のようなJSONを送ってください。

$ cat centos6.json
{
  "family": "centos",
  "release": "6.9",
  "runningKernel": {
    "release": "2.6.32-696.6.3.el6.x86_64",
    "version": "",
    "rebootRequired": false
  },
  "packages": {
    "ntp": {
      "name": "ntp",
      "version": "4.2.6p5",
      "release": "10.el6.centos.2",
      "arch": "x86_64"
    },
    "openssh": {
      "name": "openssh",
      "version": "5.3p1",
      "release": "122.el6",
      "arch": "x86_64"
    }
  }
}
$ curl -X POST -H "Content-Type: application/json" -d @centos6.json http://localhost:5515/vuls

Supported OS

  • RHEL
  • Fedora
  • CentOS
  • AlmaLinux
  • Rocky Linux
  • Amazon Linux
  • Debian
  • Raspbian(Raspberry Pi OS)
  • Ubuntu
  • SLES

例: 一行でスキャン

Change [Your Vuls Server] to your host name or IP address of the Vuls server.

Vulsサーバの用意

Vulsサーバはスキャン結果を応答します。

$ vuls server -listen 0.0.0.0:5515
[Aug 25 18:10:49]  INFO [localhost] Validating config...
[Aug 25 18:10:49]  INFO [localhost] cve-dictionary: /Users/teppei/src/github.com/future-architect/vuls/cve.sqlite3
[Aug 25 18:10:49]  INFO [localhost] oval-dictionary: /Users/teppei/src/github.com/future-architect/vuls/oval.sqlite3
INFO[08-25|18:10:49] Opening DB.                              db=sqlite3
INFO[08-25|18:10:49] Migrating DB.                            db=sqlite3
[Aug 25 18:10:49]  INFO [localhost] Listening on 0.0.0.0:5515

RHEL/CentOS

スキャン対象サーバにログインして、以下のコマンドを実行するだけです。

RHEL

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $7}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

Fedora

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/fedora-release`" -H "X-Vuls-OS-Release: `awk '{print $3}' /etc/fedora-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

CentOS 6

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $3}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

CentOS 7

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $4}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

Oracle Linux

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/oracle-release`" -H "X-Vuls-OS-Release: `awk '{print $5}' /etc/oracle-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

Amazon Linux

$ export VULS_SERVER=[Your Vuls Server]
$ export AMAZON_LINUX_RELEASE=$(awk '{if ($0 ~ /Amazon\ Linux\ release\ 2023/) for (i=4; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ 2023/) for (i=3; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ release\ 2022/) for (i=4; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ 2022/) for (i=3; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ release\ 2/) printf("%s %s",$4, $5); else if ($0 ~ /Amazon\ Linux\ 2/) for (i=3; i<=NF; i++) printf("%s ", $i); else if (NF==5) print $5}' /etc/system-release)
# Amazon Linux 1, Amazon Linux 2022, Amazon Linux 2023
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/system-release`" -H "X-Vuls-OS-Release: $AMAZON_LINUX_RELEASE" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
# Amazon Linux 2 : recommendation
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/system-release`" -H "X-Vuls-OS-Release: $AMAZON_LINUX_RELEASE" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`repoquery --all --pkgnarrow=installed --qf="%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{ARCH} %{UI_FROM_REPO}"`" http://${VULS_SERVER}:5515/vuls
# Amazon Linux 2 : If using only amzn2-core repository. Otherwise, there is a possibility of false positives.
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/system-release`" -H "X-Vuls-OS-Release: $AMAZON_LINUX_RELEASE" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

Debian

X-Vuls-Kernel-Version header is also required.

$ export VULS_SERVER=[Your Vuls Server]
$ export KERNEL_RELEASE=$(uname -r)
$ export KERNEL_VERSION=$(uname -a | awk '{print $7}')
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: debian" -H "X-Vuls-OS-Release: `cat /etc/debian_version`" -H "X-Vuls-Kernel-Release: ${KERNEL_RELEASE}" -H "X-Vuls-Kernel-Version: ${KERNEL_VERSION}" -H "X-Vuls-Server-Name: `hostname`" --data-binary "$(dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n")" http://${VULS_SERVER}:5515/vuls

Ubuntu

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `lsb_release -si | awk '{print tolower($1)}'`" -H "X-Vuls-OS-Release: `lsb_release -sr | awk '{print $1}'`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "$(dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n")" http://${VULS_SERVER}:5515/vuls > $LOCAL_REPORT

例: スキャン結果をVulsサーバに保存する。

Change [Your Vuls Server] to your host name or IP address of the Vuls server.

Vuls server

Vuls server saves the sent scan results to local.

$ vuls server -listen 0.0.0.0:5515 -to-localfile

Client

Log in your target server and execute only one command. X-Vuls-Server-Name header is also required.

$ export VULS_SERVER=[Your Vuls Server]
$ export SERVER_NAME=$(hostname)

# For RHEL
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-Server-Name: ${SERVER_NAME}" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $7}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

# For RedHat/CentOS 6
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-Server-Name: ${SERVER_NAME}" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $3}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

# For RedHat/CentOS 7
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-Server-Name: ${SERVER_NAME}" -H "X-Vuls-OS-Family: `awk -F: '{print $3}' /etc/system-release-cpe`" -H "X-Vuls-OS-Release: `awk -F: '{print $5}' /etc/system-release-cpe`" -H "X-Vuls-Kernel-Release: `uname -r`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls

例: Vulsエージェントからスキャン結果を集める

Vuls agent scans the target servers and sent the scan results to Vuls server.

Vuls server

Vuls server saves the sent scan results to local.

$ vuls server -listen 0.0.0.0:5515 -to-localfile

Client

Install Vuls to the target server. Scan normally and sent the scan results to Vuls server by -to-http option.

$ vuls scan
$ export VULS_SERVER=[Your Vuls Server]
$ export VULS_HTTP_URL=http://${VULS_SERVER}:5515/vuls
$ vuls report -to-http

例: サーバの情報をJSON形式でサーバに送信

Vuls server responds the scan result.

Vuls server

Vuls server saves the sent scan results to local.

$ vuls server -listen 0.0.0.0:5515 -to-localfile

RHEL/CentOS

$ cat centos6.json
{
  "family": "centos",
  "release": "6.9",
  "runningKernel": {
    "release": "2.6.32-696.6.3.el6.x86_64",
    "version": "",
    "rebootRequired": false
  },
  "packages": {
    "ntp": {
      "name": "ntp",
      "version": "4.2.6p5",
      "release": "10.el6.centos.2",
      "arch": "x86_64"
    },
  }
}

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: application/json" -d @centos6.json http://${VULS_SERVER}:5515/vuls

Amazon Linux

You need release got by a command such as below.

# e.g. "2 (Karoo), 2022 (Amazon Linux), 2023 (Amazon Linux)"
RELEASE=$(awk '{if ($0 ~ /Amazon\ Linux\ release\ 2023/) for (i=4; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ 2023/) for (i=3; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ release\ 2022/) for (i=4; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ 2022/) for (i=3; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ release\ 2/) printf("%s %s",$4, $5); else if ($0 ~ /Amazon\ Linux\ 2/) for (i=3; i<=NF; i++) printf("%s ", $i); else if (NF==5) print $5}' /etc/system-release)
$ cat amazon2.json
{
  "family": "amazon",
  "release": "2 (Karoo)",
  "runningKernel": {
    "release": "4.9.125-linuxkit",
    "version": ""
  },
  "packages": {
    "system-release": {
      "name": "system-release",
      "version": "1:2",
      "release": "10.amzn2",
      "arch": "x86_64"
    }
  }
}

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: application/json" -d @amazon2.json http://${VULS_SERVER}:5515/vuls

Debian

You need srcPackages collected by a command such as dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n"

$ cat debian8.json
{
  "family": "debian",
  "release": "8.10",
  "runningKernel": {
    "release": "3.16.0-4-amd64",
    "version": "3.16.51-2",
    "rebootRequired": false
  },
  "packages": {
    "bind9-host": {
      "name": "bind9-host",
      "version": "1:9.9.5.dfsg-9+deb8u15"
    }
  },
  "srcPackages": {
    "bind9": {
      "name": "bind9",
      "version": "1:9.9.5.dfsg-9+deb8u15",
      "binaryNames": [
        "bind9-host"
      ]
    }
  }
}

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: application/json" -d @debian8.json http://${VULS_SERVER}:5515/vuls

Ubuntu

[email protected]:~$ cat ubuntu1604.json
{
  "family": "ubuntu",
  "release": "16.04",
  "runningKernel": {
    "release": "3.16.0-4-amd64",
    "rebootRequired": false
  },
  "packages": {
    "bind9-host": {
      "name": "bind9-host",
      "version": "1:9.9.5.dfsg-9+deb8u15"
    }
  },
  "srcPackages": {
    "bind9": {
      "name": "bind9",
      "version": "1:9.9.5.dfsg-9+deb8u15",
      "binaryNames": [
        "bind9-host"
      ]
    }
  }
}

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: application/json" -d @ubuntu1604.json http://${VULS_SERVER}:5515/vuls

SLES

You may need to apply the following patch to goval-dictionnary before to fix SLES OVAL fetching: https://github.com/vulsio/goval-dictionary/pull/108

$ cat sles12.json
{
  "family": "suse.linux.enterprise.server",
  "release": "12.1",
  "packages": {
    "openssl": {
      "name": "openssl",
      "version": "1.0.1i-34.1",
      "arch" : "x86_64"
    }
  }
}

$ export VULS_SERVER=[Your Vuls Server]
$ curl -X POST -H "Content-Type: application/json" -d @sles12.json http://${VULS_SERVER}:5515/vuls
← TUIVulsRepo →
Vuls
Docs
IntroductionArchitectureTutorial
Community
Join SlackSlackTwitter(English)Twitter(Japanese)
More
BlogGitHub
Copyright © 2023 kotakanbe