diff --git a/docs/en/config.toml.html b/docs/en/config.toml.html index 624ec6c8..7cf592a9 100644 --- a/docs/en/config.toml.html +++ b/docs/en/config.toml.html @@ -128,14 +128,16 @@ # https://vuls.io/docs/en/config.toml.html#email-section #[email] -#smtpAddr = "smtp.example.com" -#smtpPort = "587" -#user = "username" -#password = "password" -#from = "from@example.com" -#to = ["to@example.com"] -#cc = ["cc@example.com"] -#subjectPrefix = "[vuls]" +#smtpAddr = "smtp.example.com" +#smtpPort = "587" +#tlsMode = "STARTTLS" +#tlsInsecureSkipVerify = false +#user = "username" +#password = "password" +#from = "from@example.com" +#to = ["to@example.com"] +#cc = ["cc@example.com"] +#subjectPrefix = "[vuls]" # https://vuls.io/docs/en/config.toml.html#http-section #[http] @@ -353,27 +355,31 @@

EMail section

[email]
-smtpAddr      = "smtp.gmail.com"
-smtpPort      = "587"
-user          = "username"
-password      = "password"
-from          = "from@address.com"
-to            = ["to@address.com"]
-cc            = ["cc@address.com"]
-subjectPrefix = "[vuls]"
+smtpAddr              = "smtp.gmail.com"
+smtpPort              = "587"
+tlsMode               = "STARTTLS"
+tlsInsecureSkipVerify = false
+user                  = "username"
+password              = "password"
+from                  = "from@address.com"
+to                    = ["to@address.com"]
+cc                    = ["cc@address.com"]
+subjectPrefix         = "[vuls]"
 
[email]
-smtpAddr      = "smtp.gmail.com"
-smtpPort      = "465"
-user          = "username"
-password      = "password"
-from          = "from@address.com"
-to            = ["to@address.com"]
-cc            = ["cc@address.com"]
-subjectPrefix = "[vuls]"
+smtpAddr              = "smtp.gmail.com"
+smtpPort              = "465"
+tlsMode               = "SMTPS"
+tlsInsecureSkipVerify = false
+user                  = "username"
+password              = "password"
+from                  = "from@address.com"
+to                    = ["to@address.com"]
+cc                    = ["cc@address.com"]
+subjectPrefix         = "[vuls]"

Gmail account setting

If you can't send vuls report via Email, please check your Gmail account setting.

diff --git a/docs/en/supported-os.html b/docs/en/supported-os.html index fe902a59..7866e7d9 100644 --- a/docs/en/supported-os.html +++ b/docs/en/supported-os.html @@ -1,4 +1,4 @@ -Supported OS · Vuls
Edit

Abstract

システム管理者にとって、脆弱性調査やソフトウェアの更新を日々行うことは重荷である。 本番環境のサービス停止を避けるため、システム管理者がパッケージマネージャの自動更新を使うことを選ばずに手動で更新するケースも多い。 だが、手動更新での運用には以下の問題がある。

-
    -
  • システム管理者は継続的にNVD (National Vulnerability Database) などの脆弱性データベースを確認する必要がある。
    • -
  • サーバにインストールされているソフトウェアの数は膨大であり、システム管理者が全てを把握するのは困難
    • -
  • 新着の脆弱性がどのサーバに該当するのかといった調査コストが大きく、漏れる可能性がある
    • -
-

Vulsは上に挙げた手動運用での課題を解決するツールであり、以下の特徴がある。

-
    -
  • システムに関係ある脆弱性のみ教えてくれる
    • -
  • その脆弱性に該当するサーバを教えてくれる
    • -
  • 自動スキャンのため脆弱性検知の漏れを防ぐことができる
    • -
  • CRONなどで定期実行、レポートすることで脆弱性の放置を防ぐことできる
    • -
-

Vuls-Motivation

-
Main Features
\ No newline at end of file diff --git a/docs/ja/architecture-cpe-scan.html b/docs/ja/architecture-cpe-scan.html deleted file mode 100644 index 2c702f0c..00000000 --- a/docs/ja/architecture-cpe-scan.html +++ /dev/null @@ -1,98 +0,0 @@ -CPE Scan · Vuls
Edit

CPE Scan

Vuls can detect vulnerabilities in network devices and commercial middleware by defining CPE in config.toml. The OS package scan is done by actually SSH into the server and issuing the command. However, the CPE scan is detected by comparing the versions of the NVD and JVN databases. It does not issue commands on the device and does not access the device via a network.

-

CPEScan-Architecture

-

Tutorial: usage-scan-non-os-packages Tutorial: Vulsctl/cpe scan

-
Deep ScanVulsctl - Quickest Vuls setup
\ No newline at end of file diff --git a/docs/ja/architecture-deep-scan.html b/docs/ja/architecture-deep-scan.html deleted file mode 100644 index ff81a303..00000000 --- a/docs/ja/architecture-deep-scan.html +++ /dev/null @@ -1,96 +0,0 @@ -Deep Scan · Vuls
Edit

Deep Scan

ファストスキャンモードと同じ。

-
Fast-Root ScanCPE Scan
\ No newline at end of file diff --git a/docs/ja/architecture-fast-deep.html b/docs/ja/architecture-fast-deep.html deleted file mode 100644 index 964fe2a1..00000000 --- a/docs/ja/architecture-fast-deep.html +++ /dev/null @@ -1,101 +0,0 @@ -architecture · Vuls
Edit

architecture

fast-scan

-

Fast Scanモードは、対象サーバにroot権限を必要とせず、依存関係もなく、負荷もほとんどかけずにスキャンします。

-

fast-root scan mode

-

Fast root scanモードは、対象サーバでroot権限を用いて、負荷をほとんどかけずにスキャンします。

-

Offline scan mode

-

fast モードと fast-root モードには、 offline スキャンモードがあります。 offlineでは、Vulsはインターネットにアクセスせずにスキャンします。 詳細は、 fast offlinefast-root offline を確認してください。

-
Local Scan ModeFast Scan
\ No newline at end of file diff --git a/docs/ja/architecture-fast-root-scan.html b/docs/ja/architecture-fast-root-scan.html deleted file mode 100644 index a6fd910f..00000000 --- a/docs/ja/architecture-fast-root-scan.html +++ /dev/null @@ -1,185 +0,0 @@ -Fast-Root Scan · Vuls
Edit

Fast-Root Scan

Vuls-Scan-Flow

- - - - - - - - - - - - - - - - - - - - - - - -
Distributionスキャン速度root権限OVALインターネットアクセス
Alpine速い不要対応必要
CentOS速い必要対応必要
AlmaLinux速い必要対応必要
Rocky Linux速い必要対応必要
RHEL速い必要対応必要
Fedora速い必要対応必要
OracleFastNeedSupported必要
UbuntuFastNeedSupported必要
DebianFastNeedSupported必要
Raspbian1st time: Slow, From 2nd time: FastNeedPartially Supported必要
FreeBSDFastNoNoNeed
AmazonFastNeedSupportedNeed
openSUSEFastNoSupportedNeed
openSUSE LeapFastNoSupportedNeed
SUSE EnterpriseFastNoSupportedNeed
WindowsFastPartiallyNoPartially
MacOSFastNoNoNo
-

Raspbian has been modified from its previous Changelog only scan to scan using Debian OVAL and Debian Security Tracker, Changelog. The difference between Fast-Root scan and Deep scan is that the packages that use change logs are limited (because Debian OVAL and Debian Security Tracker cannot detect packages that only exist on the Raspberry Pi). In summary, the behavior of each scan mode in Raspbian is shown in the table below.

- - - - - - - - -
Scan Modefastfast-rootdeep
v0.11(deep scan)(deep scan)changelog
v0.12
-
    -
  • OVAL
    • -
  • Debian Security Tracker
    • -
-

|

-
    -
  • OVAL
    • -
  • Debian Security Tracker
    • -
  • changelog(only raspberrypi package)
    • -
-

|

-
    -
  • OVAL
    • -
  • Debian Security Tracker
    • -
  • changelog(all updatable package)
    • -
-

|

-

For more information, see This Pull Request (https://github.com/future-architect/vuls/pull/1019).

-

-offlineオプションのとき

-

Scan with -offline option, vuls scans with no internet access.

- - - - - - - - - - - - - - - - - - - - - -
DistributionScan SpeedNeed Root PrivilegeOVALNeed Internet Access
AlpineFastNoSupportedNo
CentOSFastNeedSupportedNo
AlmaLinuxFastNeedSupportedNo
Rocky LinuxFastNeedSupportedNo
RHELFastNeedSupportedNo
FedoraFastNeedSupportedNo
OracleFastNeedSupportedNo
UbuntuFastNeedSupportedNo
DebianFastNeedSupportedNo
AmazonFastNeedSupportedNo
openSUSEFastNoSupportedNo
openSUSE LeapFastNoSupportedNo
SUSE EnterpriseFastNoSupportedNo
WindowsFastPartiallyNoNo
MacOSFastNoNoNo
-

Offline scan mode is not supported FreeBSD, Raspbian.

-

In Fast-Root Scan and Deep Scan, Raspbian scans a combination of Debian OVAL and Debian Security Tracker, Changelog, so Offline Scan mode cannot be provided completely. If you execute Offline Scan, you can get the result of Debian OVAL and Debian Security Tracker only (same result as Fast Scan).

-

依存関係と/etc/sudoers

-

For details, see

- -

実行時検査

-

パッケージをアップデートすることで影響を受けるプロセスの検知

-

It is possible to know processes affecting software update in advance using yum-ps on RedHat, CentOS, AlmaLinux, Rocky Linux,OracleLinux and Amazon Linux

-

再起動されなかったプロセスの検知

-

Detect processes which updated before but not restarting yet using checkrestart of debian-goodies on Debian and Ubuntu

-
Fast ScanDeep Scan
\ No newline at end of file diff --git a/docs/ja/architecture-fast-scan.html b/docs/ja/architecture-fast-scan.html deleted file mode 100644 index 9c9c4cec..00000000 --- a/docs/ja/architecture-fast-scan.html +++ /dev/null @@ -1,153 +0,0 @@ -Fast Scan · Vuls
Edit

Fast Scan

Fast Scanモードは、対象サーバにroot権限を必要とせず、依存関係もなく、負荷もほとんどかけずにスキャンします。

-

Vuls-Scan-Flow

- - - - - - - - - - - - - - - - - - - - - - - -
Distributionスキャン スピードスキャン対象サーバ上のroot権限の要否OVALスキャン対象サーバのインターネットアクセス要否
Alpine速い不要サポート済必要
CentOS速い不要サポート済必要
AlmaLinux速い不要サポート済必要
Rocky Linux速い不要サポート済必要
RHEL速い不要サポート済必要
Fedora速い不要サポート済必要
Oracle速い不要Supported必要
Ubuntu速い不要Supported必要
Debian速い不要SupportedNeed
RaspbianFastNoPartially SupportedNeed
FreeBSDFastNoNoNeed
AmazonFastNoSupportedNeed
openSUSEFastNoSupportedNo
openSUSE LeapFastNoSupportedNo
SUSE EnterpriseFastNoSupportedNo
Windows速いPartially不要Partially
MacOS速い不要不要No
-

-offlineオプションのとき

-

Scan with -offline option, vuls scans with no internet access.

- - - - - - - - - - - - - - - - - - - - - - -
Distributionスキャン速度root権限OVALインターネットアクセス
AlpineFastNoサポート済No
CentOSFast不要サポート済No
AlmaLinux速い不要サポート済不要
Rocky Linux速い不要サポート済不要
RHEL速い不要サポート済不要
Fedora速い不要サポート済不要
Oracle速い不要Supported不要
Ubuntu速い不要Supported不要
DebianFastNoSupportedNo
RaspbianFastNoPartially SupportedNo
AmazonFastNoSupportedNo
openSUSEFastNoSupportedNo
openSUSE LeapFastNoSupportedNo
SUSE EnterpriseFastNoSupportedNo
WindowsFastPartiallySupportedNo
MacOSFastNoNoNo
-

The offline scan mode is not supported for FreeBSD.

-

依存関係と/etc/sudoers

-

For details, see

- -
architectureFast-Root Scan
\ No newline at end of file diff --git a/docs/ja/architecture-local-scan.html b/docs/ja/architecture-local-scan.html deleted file mode 100644 index 3f30e97e..00000000 --- a/docs/ja/architecture-local-scan.html +++ /dev/null @@ -1,98 +0,0 @@ -Local Scan Mode(Scan without SSH) · Vuls
Edit

Local Scan Mode(Scan without SSH)

もし中央のサーバから各サーバにSSH接続できない環境の場合はローカルスキャンモードでスキャン可能。 Vulsをスキャン対象サーバにデプロイする。 Vulsはローカルホストにコマンドを発行する(SSH経由ではない)。 スキャン結果のJSONを別サーバに集約する。 スキャン結果の詳細化のためにはCVEデータベースへのアクセスが必要なので、事前にgo-cve-dictionaryをserver modeで起動しておく。 その集約サーバ上で、あなたはWebUIやTUIを用いて各スキャン対象サーバのスキャン結果を参照することが可能。

-

Vuls-Architecture Local Scan Mode

-

Tutorial: local scan mode

-
One-liner scan modearchitecture
\ No newline at end of file diff --git a/docs/ja/architecture-one-liner-scan.html b/docs/ja/architecture-one-liner-scan.html deleted file mode 100644 index 8ebeb326..00000000 --- a/docs/ja/architecture-one-liner-scan.html +++ /dev/null @@ -1,98 +0,0 @@ -One Liner Scan Mode(Scan with one-liner) · Vuls
Edit

One Liner Scan Mode(Scan with one-liner)

One-liner scan mode

-

まず、Vulsをサーバモードで起動しておきます。 rpmやdebなどのパッケージマネージャのコマンドを対象のサーバで実行し、その結果を、用意しておいたVulsのサーバにcurlで送信します。 スキャン結果はJSONで返されます。

-

詳しくは、One-liner scan mode を参照してください。

-
Remote Scan ModeLocal Scan Mode
\ No newline at end of file diff --git a/docs/ja/architecture-remote-local.html b/docs/ja/architecture-remote-local.html deleted file mode 100644 index e973a13c..00000000 --- a/docs/ja/architecture-remote-local.html +++ /dev/null @@ -1,106 +0,0 @@ -Remote, Local, One-liner scan · Vuls
Edit

Remote, Local, One-liner scan

Vulsには、Remote scan modeLocal scan modeServer mode の3つのスキャン方法があります。

-

Remote scan モード

-

Remote scan モードは対象のサーバにSSHで接続し、いくつかのコマンドを実行することでスキャンします。

-

Local scan モード

-

Local scanモードはSSHを必要とせず、コマンドをローカルホストで直接実行してスキャンします。

-

Server モード

-
    -
  • SSHもスキャナーも必要ありません。対象のサーバで直接コマンドを実行するだけです。
    • -
  • まず、VulsをServerモードで起動し、HTTPサーバとします。
    • -
  • 次に、対象のサーバでコマンドを実行しソフトウェアの情報を集めます。そして、その結果をHTTPを通してVulsサーバに送信します。その結果はJSON形式で取得できます。
    • -
-
Supported OSRemote Scan Mode
\ No newline at end of file diff --git a/docs/ja/architecture-remote-scan.html b/docs/ja/architecture-remote-scan.html deleted file mode 100644 index 0049c62c..00000000 --- a/docs/ja/architecture-remote-scan.html +++ /dev/null @@ -1,98 +0,0 @@ -Remote Scan Mode (Scan via SSH) · Vuls
Edit

Remote Scan Mode (Scan via SSH)

Remote, Local, One-liner scanOne-liner scan mode
\ No newline at end of file diff --git a/docs/ja/community.html b/docs/ja/community.html deleted file mode 100644 index e122f7f6..00000000 --- a/docs/ja/community.html +++ /dev/null @@ -1,51 +0,0 @@ -Community · Vuls
Edit

Community

\ No newline at end of file diff --git a/docs/ja/config.toml.html b/docs/ja/config.toml.html deleted file mode 100644 index c8f217d8..00000000 --- a/docs/ja/config.toml.html +++ /dev/null @@ -1,529 +0,0 @@ -config.toml · Vuls
Edit

config.toml

Generate a template of the config.toml settings file

-
$ vuls discover 127.0.0.1/32
-
-
# Create config.toml using below and then ./vuls -config=/path/to/config.toml
-
-
-# https://vuls.io/docs/en/config.toml.html#database-section
-[cveDict]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/cve.sqlite3"
-#url        = ""
-
-[ovalDict]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/oval.sqlite3"
-#url        = ""
-
-[gost]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/gost.sqlite3"
-#url        = ""
-
-[exploit]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-exploitdb.sqlite3"
-#url        = ""
-
-[metasploit]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-msfdb.sqlite3"
-#url        = ""
-
-[kevuln]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-kev.sqlite3"
-#url        = ""
-
-[cti]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-cti.sqlite3"
-#url        = ""
-
-# https://vuls.io/docs/en/config.toml.html#slack-section
-#[slack]
-#hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-##legacyToken = "xoxp-11111111111-222222222222-3333333333"
-#channel      = "#channel-name"
-##channel     = "${servername}"
-#iconEmoji    = ":ghost:"
-#authUser     = "username"
-#notifyUsers  = ["@username"]
-
-# https://vuls.io/docs/en/config.toml.html#email-section
-#[email]
-#smtpAddr      = "smtp.example.com"
-#smtpPort      = "587"
-#user          = "username"
-#password      = "password"
-#from          = "from@example.com"
-#to            = ["to@example.com"]
-#cc            = ["cc@example.com"]
-#subjectPrefix = "[vuls]"
-
-# https://vuls.io/docs/en/config.toml.html#http-section
-#[http]
-#url = "http://localhost:11234"
-
-# https://vuls.io/docs/en/config.toml.html#syslog-section
-#[syslog]
-#protocol    = "tcp"
-#host        = "localhost"
-#port        = "514"
-#tag         = "vuls"
-#facility    = "local0"
-#severity    = "alert"
-#verbose     = false
-
-# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
-#[aws]
-#profile                = "default"
-#region                 = "ap-northeast-1"
-#s3Bucket               = "vuls"
-#s3ResultsDir           = "/path/to/result"
-#s3ServerSideEncryption = "AES256"
-
-# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
-#[azure]
-#accountName   = "default"
-#accountKey    = "xxxxxxxxxxxxxx"
-#containerName = "vuls"
-
-# https://vuls.io/docs/en/config.toml.html#chatwork-section
-#[chatwork]
-#room     = "xxxxxxxxxxx"
-#apiToken = "xxxxxxxxxxxxxxxxxx"
-
-# https://vuls.io/docs/en/config.toml.html#telegram-section
-#[telegram]
-#chatID     = "xxxxxxxxxxx"
-#token = "xxxxxxxxxxxxxxxxxx"
-
-#[wpscan]
-#token = "xxxxxxxxxxx"
-#detectInactive = false
-
-# https://vuls.io/docs/en/config.toml.html#default-section
-[default]
-#port               = "22"
-#user               = "username"
-#keyPath            = "/home/username/.ssh/id_rsa"
-#scanMode           = ["fast", "fast-root", "deep", "offline"]
-#scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
-#lockfiles = ["/path/to/package-lock.json"]
-#cpeNames = [
-#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-#]
-#owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
-#ignoreCves         = ["CVE-2014-6271"]
-#ignorePkgsRegexp   = ["^kernel", "^python"]
-#containersOnly     = false
-#containerType      = "docker" #or "lxd" or "lxc" default: docker
-#containersIncluded = ["${running}"]
-#containersExcluded = ["container_name_a"]
-
-# https://vuls.io/docs/en/config.toml.html#servers-section
-[servers]
-
-[servers.127-0-0-1]
-host                = "127.0.0.1"
-#port               = "22"
-#user               = "root"
-#sshConfigPath      = "/home/username/.ssh/config"
-#keyPath            = "/home/username/.ssh/id_rsa"
-#scanMode           = ["fast", "fast-root", "deep", "offline"]
-#scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
-#type               = "pseudo"
-#memo               = "DB Server"
-#findLock           = true
-#findLockDirs       = ["/path/to/dir"]
-#lockfiles          = ["/path/to/package-lock.json"]
-#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
-#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
-#ignoreCves         = ["CVE-2014-0160"]
-#ignorePkgsRegexp   = ["^kernel", "^python"]
-#containersOnly     = false
-#containerType      = "docker" #or "lxd" or "lxc" default: docker
-#containersIncluded = ["${running}"]
-#containersExcluded = ["container_name_a"]
-
-#[servers.127-0-0-1.containers.container_name_a]
-#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
-#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
-#ignoreCves         = ["CVE-2014-0160"]
-#ignorePkgsRegexp   = ["^kernel", "^python"]
-
-#[servers.127-0-0-1.githubs."owner/repo"]
-#token   = "yourToken"
-#IgnoreGithubDismissed = true
-
-
-#[servers.127-0-0-1.wordpress]
-#cmdPath = "/usr/local/bin/wp"
-#osUser = "wordpress"
-#docRoot = "/path/to/DocumentRoot/"
-
-#[servers.127-0-0-1.portscan]
-#scannerBinPath = "/usr/bin/nmap"
-#hasPrivileged = true
-#scanTechniques = ["sS"]
-#sourcePort = "65535"
-
-#[servers.127-0-0-1.windows]
-#serverSelection = 3
-#cabPath = "/path/to/wsusscn2.cab"
-
-#[servers.127-0-0-1.optional]
-#key = "value1"
-
-

Database Section

-
[cveDict]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/cve.sqlite3"
-#url        = ""
-
-[ovalDict]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/oval.sqlite3"
-#url        = ""
-
-[gost]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/gost.sqlite3"
-#url        = ""
-
-[exploit]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-exploitdb.sqlite3"
-#url        = ""
-
-[metasploit]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-msfdb.sqlite3"
-#url        = ""
-
-[kevuln]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-kev.sqlite3"
-#url        = ""
-
-[cti]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-cti.sqlite3"
-#url        = ""
-
-
    -
  • type : the method of access for the database. (Default: "sqlite3")
    • -
  • SQLite3Path : Should only be set when using "sqlite" otherwise unused. (Default: SQLite3 in current directory)
    • -
  • url : specifies the url to access the database.
    • -
-

These can also be specified by an environment variable. Refer to the source code for the environment variable names.

- -

Slack section

-
[slack]
-hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-#legacyToken  = "xoxp-11111111111-222222222222-3333333333"
-channel      = "#channel-name"
-#channel      = "${servername}"
-iconEmoji    = ":ghost:"
-authUser     = "username"
-notifyUsers  = ["@username"]
-
-
    -

  • hookURL or legacyToken.
    -If there are a lot of vulnerabilities, it is better to use legacyToken since the Slack notification will be flooded.

    • -

  • hookURL : Incoming web-hook's URL (hookURL is ignored when legacyToken is set.)
    -Vuls-slack

    • -

  • legacyToken : slack legacy token
    -Vuls-slack-thread

    • -

  • channel : channel name.

    • -
-

If you set ${servername} to channel, the report will be sent to each channel.
-In the following example, the report will be sent to the #server1 and #server2.
-Be sure to create these channels before scanning.

-
[slack]
-channel      = "${servername}"
-...snip...
-
-[servers]
-
-[servers.server1]
-host         = "172.31.4.82"
-...snip...
-
-[servers.server2]
-host         = "172.31.4.83"
-...snip...
-
-
    -
  • iconEmoji: emoji
    • -
  • authUser: username of the slack team
    • -
  • notifyUsers: a list of Slack usernames to send Slack notifications. If you set ["@foo", "@bar"] to notifyUsers, @foo @bar will be included in text.
    -So @foo, @bar can receive mobile push notifications on their smartphone.
    • -
-

HTTP section

-
[http]
-url = "http://localhost:11234"
-
-

EMail section

-
[email]
-smtpAddr      = "smtp.gmail.com"
-smtpPort      = "587"
-user          = "username"
-password      = "password"
-from          = "from@address.com"
-to            = ["to@address.com"]
-cc            = ["cc@address.com"]
-subjectPrefix = "[vuls]"
-
-
    -
  • If you use SMTPS when send email, please set config.toml as follows.
    • -
-
[email]
-smtpAddr      = "smtp.gmail.com"
-smtpPort      = "465"
-user          = "username"
-password      = "password"
-from          = "from@address.com"
-to            = ["to@address.com"]
-cc            = ["cc@address.com"]
-subjectPrefix = "[vuls]"
-
-

Gmail account setting

-

If you can't send vuls report via Email, please check your Gmail account setting.

-
    -
  1. Access Manage your Google Account -> "Security" tab
    2. -
  2. Check Signing in to Google -> "Use your phone to sign in" and "2-Step Verification" is OFF
    3. -
  3. Check "Less secure app access" is On
    4. -
-

Syslog section

-
[syslog]
-protocol    = "tcp"
-host        = "localhost"
-port        = "514"
-tag         = "vuls"
-facility    = "local0"
-severity    = "alert"
-verbose     = false
-
-
    -
  • protocol : transfer protocol (default: empty)
    • -
  • tcp or udp or empty
    -If protocol is empty, vuls will connect to the local syslog server.
    • -
  • host : syslog target host
    • -
  • domain name or IP address
    • -
  • port : syslog target port (default: 514)
    • -
  • tag : syslog tag
    • -
  • facility : syslog facility (default: auth)
    • -
  • kern, user, mail, daemon, etc.
    • -
  • severity : syslog severity (default: info)
    • -
  • emerg, alert, crit, etc.
    • -
  • verbose : verbose mode (default: false)
    • -
  • CVE detail, etc.
    • -
-

Default section

-
[default]
-#port        = "22"
-#user        = "username"
-#keyPath     = "/home/username/.ssh/id_rsa"
-#lockfiles = ["/path/to/package-lock.json"]
-#cpeNames = [
-#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-#]
-#ignoreCves         = ["CVE-2016-6313"]
-#ignorePkgsRegexp   = ["^kernel", "^python"]
-#optional = [
-#    ["key", "value"],
-#]
-
-

Items of the default section will be used if not specified.

-

servers section

-
[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-#ignoreIPAddresses = ["127.0.0.2"]
-#jumpServer  = ["test@test.com:22", "test@test1.com:2222"]
-#port        = "22"
-#user        = "root"
-#sshConfigPath      = "/home/username/.ssh/config"
-#keyPath     = "/home/username/.ssh/id_rsa"
-#type          = "pseudo"
-#findLock = true
-#lockfiles = ["/path/to/package-lock.json"]
-#cpeNames = [
-#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-#]
-#ignoreCves         = ["CVE-2016-6314"]
-#ignorePkgsRegexp   = ["^kernel", "^python"]
-#optional = [
-#    ["key", "value"],
-#]
-#[servers.172-31-4-82.containers]
-#type = "lxd" # or "docker" or "lxc"
-#includes = ["${running}"]
-#excludes = ["container_name", "container_id"]
-
-

You can overwrite the default value specified in default section.

-
    -
  • host: IP address or hostname of target server (support CIDR range)
    • -
  • ignoreIPAddresses: IP address to be removed from the host described in the CIDR Range. (CIDR Range is also possible)
    • -
  • jumpServer: IP address or hostname with port number of proxy
    • -
  • port: SSH Port number
    • -
  • user: SSH username
    • -
  • sshConfigPath: SSH config file path. see #1005
    • -
  • keyPath: SSH private key path
    • -
  • type: "pseudo" for non-ssh scanning. see #531
    • -
  • findLock, findLockDirs and lockfiles: see Usage: Scan vulnerability of non-OS package#Library Vulns Scan
    • -
  • cpeNames: see Usage: Scan vulnerability of non-OS package#CPE Scan
    • -
  • ignoreCves: CVE IDs that will not be reported. But output to JSON file.
    • -
  • ignorePkgsRegexp: Use regex to match any package name and ignore it from the report. But output to JSON file.
    • -
  • optional: Add additional information to JSON report.
    • -
  • containers: see Example: Scan Running containers (Docker/LXD/LXC)
    • -
-

Multiple SSH authentication methods are supported.

-
    -
  • SSH agent
    • -
  • SSH public key authentication (with password and empty password)
    • -
-

If you need password authentication, see the tips of How to scan with SSH key with passphrase

- -

ChatWork section

-
[chatwork]
-room = "xxxxxxxxxxx"
-apiToken = "xxxxxxxxxxxxxxx"
-
-

GoogleChat section

-
[googlechat]
-webHookURL = "https://chat.googleapis.com/v1/spaces/xxxxxxxxxx/messages?key=yyyyyyyyyy&token=zzzzzzzzzz%3D"
-skipIfNoCve = false
-serverNameRegexp = "(^(\\[Reboot Required\\] )?(?:(spam|ham)).*|.*(?:egg)$)"
-
-
    -
  • webHookURL
    -Chat room pull down menu ▼
    -Select web hook management ⚙
    -Create web hook
    -Copy and Paste from web hook url
    • -
  • skipIfNoCve
    -Skip reporting if the server has not any CVEs.
    • -
  • serverNameRegexp
    -ServerName filter by regexp. The bellow excludes spamonigiri, hamburger and boiledegg.
    -[Reboot Required] is magic words for vuls inside. Please ignore 😀
    • -
-

Telegram section

-

Posting to a user: here is how to find user's chatID

-
[telegram]
-chatID = "xxxxxxxxxxx"
-token = "xxxxxxxxxxxxxxx"
-
-

Posting to a channel:

-
[telegram]
-chatID = "@xxxxxxxxxx"
-token = "xxxxxxxxxxxxxxx"
-
-
Scan WindowsAutomatic Discovery
\ No newline at end of file diff --git a/docs/ja/cron.html b/docs/ja/cron.html deleted file mode 100644 index 21d2027c..00000000 --- a/docs/ja/cron.html +++ /dev/null @@ -1,103 +0,0 @@ -Cron · Vuls
Edit

Cron

    -
  • crontab
    • -
  • shell script
    • -
-

cron

-

If you use local scan mode for cron jobs, don't forget to add below line to /etc/sudoers on RHEL/Fedora/CentOS/AlmaLinux/Rocky Linux. (username: vuls)

-
Defaults:vuls !requiretty
-
-
Integration TestingUpdate Vuls to the latest version
\ No newline at end of file diff --git a/docs/ja/go-cti.html b/docs/ja/go-cti.html deleted file mode 100644 index d0bbe41e..00000000 --- a/docs/ja/go-cti.html +++ /dev/null @@ -1,107 +0,0 @@ -go-cti · Vuls
Edit

go-cti

For detail of go-cti, see vulsio/go-cti

-

Usage: go-cti on different server

-
$ go-cti server -bind=192.168.10.1 -port=1329
-
-

Specify URL of the go-cti in config.toml

-
[cti]
-url = "http://192.168.0.1:1329"
-
-
$ vuls report
-
-

Usage: Update MITRE ATT&CK and CAPEC

-

see Usage: Fetch and Insert MITRE ATT&CK, CAPEC

-
go-kevRelated Projects
\ No newline at end of file diff --git a/docs/ja/go-cve-dictionary.html b/docs/ja/go-cve-dictionary.html deleted file mode 100644 index b552b71c..00000000 --- a/docs/ja/go-cve-dictionary.html +++ /dev/null @@ -1,111 +0,0 @@ -go-cve-dictionary · Vuls
Edit

go-cve-dictionary

For detail of go-cve-dictionary see vulsio/go-cve-dictionary

-

Usage: go-cve-dictionaryをサーバモードで使う

-

スキャンをする前に go-cve-dictionary を サーバモードで 192.168.10.1 に起動しておきます。

-
$ go-cve-dictionary server -bind=192.168.10.1 -port=1323
-
-

Specify URL of the go-cve-dictionary in config.toml

-
[cveDict]
-type = "http"
-url = "http://192.168.0.1:1323"
-
-
$ vuls report
-
-

Usage: Update NVD Data

-

see go-cve-dictionary#fetch-nvd-data

-

Usage: Update JVN Data

-

see go-cve-dictionary#fetch-jvn-data

-
Update Vuls to the latest versiongoval-dictionary
\ No newline at end of file diff --git a/docs/ja/go-exploitdb.html b/docs/ja/go-exploitdb.html deleted file mode 100644 index 55a81bbd..00000000 --- a/docs/ja/go-exploitdb.html +++ /dev/null @@ -1,107 +0,0 @@ -go-exploitdb · Vuls
Edit

go-exploitdb

For detail of go-exploitdb, see vulsio/go-exploitdb

-

使い方:go-exploitdbが違うサーバにあるとき

-
$ go-exploitdb server -bind=192.168.10.1 -port=1326
-
-

Specify URL of the go-exploitdb in config.toml

-
[exploit]
-url = "http://192.168.0.1:1326"
-
-
$ vuls report
-
-

Usage: Update exploit db

-

see Usage: Fetch and Insert Exploit

-
gostgo-msfdb
\ No newline at end of file diff --git a/docs/ja/go-kev.html b/docs/ja/go-kev.html deleted file mode 100644 index 30b41c55..00000000 --- a/docs/ja/go-kev.html +++ /dev/null @@ -1,107 +0,0 @@ -go-kev · Vuls
Edit

go-kev

For detail of go-kev, see vulsio/go-kev

-

Usage: go-kev on different server

-
$ go-kev server -bind=192.168.10.1 -port=1328
-
-

Specify URL of the go-kev in config.toml

-
[kevuln]
-url = "http://192.168.0.1:1328"
-
-
$ vuls report
-
-

Usage: Update Known Exploited Vulnerability

-

see Usage: Fetch and Insert Known Exploited Vulnerability

-
go-msfdbgo-cti
\ No newline at end of file diff --git a/docs/ja/go-msfdb.html b/docs/ja/go-msfdb.html deleted file mode 100644 index 80bdcaeb..00000000 --- a/docs/ja/go-msfdb.html +++ /dev/null @@ -1,107 +0,0 @@ -go-msfdb · Vuls
Edit

go-msfdb

For detail of go-msfdb, see vulsio/go-msfdb

-

使い方:go-msfdbが違うサーバにあるとき。

-
$ go-msfdb server -bind=192.168.10.1 -port=1327
-
-

go-msfdbのURLをconfig.tomlに設定する。

-
[metasploit]
-url = "http://192.168.0.1:1327"
-
-
$ vuls report
-
-

使い方:Metasploitモジュールのデータベースを更新する

-

see Usage: Fetch and Insert Module

-
go-exploitdbgo-kev
\ No newline at end of file diff --git a/docs/ja/gost.html b/docs/ja/gost.html deleted file mode 100644 index 27d33ee9..00000000 --- a/docs/ja/gost.html +++ /dev/null @@ -1,108 +0,0 @@ -gost · Vuls
Edit

gost

For detail of gost, see vulsio/gost

-

使い方:gostが違うサーバにあるとき。

-
$ gost server -bind=192.168.10.1 -port=1325
-
-

gostのURLをconfig.tomlに設定する。

-
[gost]
-type = "http"
-url = "http://192.168.0.1:1325"
-
-
$ vuls report
-
-

使い方:セキュリティ追跡データをアップデートする。

-

for details, see doc

-
goval-dictionarygo-exploitdb
\ No newline at end of file diff --git a/docs/ja/goval-dictionary.html b/docs/ja/goval-dictionary.html deleted file mode 100644 index 3152abb3..00000000 --- a/docs/ja/goval-dictionary.html +++ /dev/null @@ -1,115 +0,0 @@ -goval-dictionary · Vuls
Edit

goval-dictionary

go-cve-dictionarygost
\ No newline at end of file diff --git a/docs/ja/how-to-contribute.html b/docs/ja/how-to-contribute.html deleted file mode 100644 index 13fd4321..00000000 --- a/docs/ja/how-to-contribute.html +++ /dev/null @@ -1,105 +0,0 @@ -Contribute · Vuls
Edit

Contribute

VulsRepoIntegration Testing
\ No newline at end of file diff --git a/docs/ja/install-manually.html b/docs/ja/install-manually.html deleted file mode 100644 index 8be550ac..00000000 --- a/docs/ja/install-manually.html +++ /dev/null @@ -1,295 +0,0 @@ -Install Manually · Vuls
Edit

Install Manually

Install Requirements

-

Linux Distributions

-

The following example should work on Fedora based Linux distributions, which include: CentOS, RedHat, Amazon Linux etc (tested on CentOS and Amazon Linux).

-

Packages

-

Vuls requires the following packages.

-
    -
  • SQLite3, MySQL, PostgreSQL, Redis
    • -
  • git
    • -
  • gcc
    • -
  • GNU Make
    • -
  • Greater than or equal to Go v1.18 (The latest version is recommended) -
    • -
-
$ ssh <user>@<IP> -i ~/.ssh/private.pem
-$ export latest_version=1.14.2 # Latest Go release as of writing
-$ sudo yum -y install sqlite git gcc make wget
-$ wget https://dl.google.com/go/go$latest_version.linux-amd64.tar.gz
-$ sudo tar -C /usr/local -xzf go$latest_version.linux-amd64.tar.gz
-$ mkdir $HOME/go
-
-

Add these lines into /etc/profile.d/goenv.sh (you'll need sudo access)

-
export GOROOT=/usr/local/go
-export GOPATH=$HOME/go
-export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
-
-

Set the OS environment variable to current shell

-
$ source /etc/profile.d/goenv.sh
-
-

Deploy go-cve-dictionary

-

go-cve-dictionary

-
$ sudo mkdir /var/log/vuls
-$ sudo chown <user> /var/log/vuls
-$ sudo chmod 700 /var/log/vuls
-$ mkdir -p $GOPATH/src/github.com/vulsio
-$ cd $GOPATH/src/github.com/vulsio
-$ git clone https://github.com/vulsio/go-cve-dictionary.git
-$ cd go-cve-dictionary
-$ make install
-
-

The binary was built under $GOPATH/bin

-

Then Fetch vulnerability data from NVD. It takes about 10 minutes (on AWS).

-
$ cd $HOME
-$ go-cve-dictionary fetch nvd
-... snip ...
-$ ls -alh cve.sqlite3
--rw-r--r--. 1 centos centos  51M Aug  6 08:10 cve.sqlite3
--rw-r--r--. 1 centos centos  32K Aug  6 08:10 cve.sqlite3-shm
--rw-r--r--. 1 centos centos 5.1M Aug  6 08:10 cve.sqlite3-wal
-
-

If you want results in Japanese, you also need to fetch the JVN data. It takes about 10 minutes (on AWS).

-
$ cd $HOME
-$ go-cve-dictionary fetch jvn
-... snip ...
-$ ls -alh cve.sqlite3
--rw-r--r--. 1 centos centos  51M Aug  6 08:10 cve.sqlite3
--rw-r--r--. 1 centos centos  32K Aug  6 08:10 cve.sqlite3-shm
--rw-r--r--. 1 centos centos 5.1M Aug  6 08:10 cve.sqlite3-wal
-
-

Deploy goval-dictionary

-

goval-dictionary

-
$ mkdir -p $GOPATH/src/github.com/vulsio
-$ cd $GOPATH/src/github.com/vulsio
-$ git clone https://github.com/vulsio/goval-dictionary.git
-$ cd goval-dictionary
-$ make install
-$ ln -s $GOPATH/src/github.com/vulsio/goval-dictionary/oval.sqlite3 $HOME/oval.sqlite3
-
-

The binary was built under $GOPATH/bin

-

Then fetch OVAL data of Red Hat since the server to be scanned is CentOS. README

-
$ goval-dictionary fetch redhat 7
-
-

If you would like to scan other Linux distributions then retrieve the OVAL data according to the OS type and version of scan target server in advance.

- -

Deploy gost

-

gost (go-security-tracker)

-
-

version Vuls 0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors using new data source named gost.

-
-
$ sudo mkdir /var/log/gost
-$ sudo chown <user> /var/log/gost
-$ sudo chmod 700 /var/log/gost
-$ mkdir -p $GOPATH/src/github.com/vulsio
-$ cd $GOPATH/src/github.com/vulsio
-$ git clone https://github.com/vulsio/gost.git
-$ cd gost
-$ make install
-$ ln -s $GOPATH/src/github.com/vulsio/gost/gost.sqlite3 $HOME/gost.sqlite3
-
-

The binary was built under $GOPATH/bin

-

Then fetch security tracker for RedHat since the server to be scanned is CentOS. README

-
$ gost fetch redhat
-
-

To fetch Debian security tracker, See gost README

-

Deploy go-exploitdb

-

go-exploitdb

-
-

Vuls 0.6.0 からは、Exploit DB.com で公開されているexploitコードを表示することができるようになりました。 そのCVEのexploitコードを知る必要がない人は、この章を飛ばしてください。

-
-
$ sudo mkdir /var/log/go-exploitdb
-$ sudo chown <user> /var/log/go-exploitdb
-$ sudo chmod 700 /var/log/go-exploitdb
-$ mkdir -p $GOPATH/src/github.com/vulsio
-$ cd $GOPATH/src/github.com/vulsio
-$ git clone https://github.com/vulsio/go-exploitdb.git
-$ cd go-exploitdb
-$ make install
-$ ln -s $GOPATH/src/github.com/vulsio/go-exploitdb/go-exploitdb.sqlite3 $HOME/go-exploitdb.sqlite3
-
-

The binary was built under $GOPATH/bin

-

Then fetch exploit-db information. README

-
$ go-exploitdb fetch exploitdb
-$ go-exploitdb fetch awesomepoc
-$ go-exploitdb fetch githubrepos
-$ go-exploitdb fetch inthewild
-
-

Deploy go-msfdb

-

go-msfdb

-
-

New version Vuls 0.11.0 now possible to display metasploit modules have been published at Metasploit. If you don't need to know about metasploit modules for detected CVEs, skip this section.

-
-
$ sudo mkdir /var/log/go-msfdb
-$ sudo chown <user> /var/log/go-msfdb
-$ sudo chmod 700 /var/log/go-msfdb
-$ mkdir -p $GOPATH/src/github.com/vulsio
-$ cd $GOPATH/src/github.com/vulsio
-$ git clone https://github.com/vulsio/go-msfdb.git
-$ cd go-msfdb
-$ make install
-$ ln -s $GOPATH/src/github.com/vulsio/go-msfdb/go-msfdb.sqlite3 $HOME/go-msfdb.sqlite3
-
-

The binary was built under $GOPATH/bin

-

Then fetch msf-db information. README

-
$ go-msfdb fetch msfdb
-
-

Deploy go-kev

-

go-kev

-
-

New version Vuls 0.19.0 now possible to display Known Exploited Vulnerabilities have been published at Cybersecurity & Infrastructure Security Agency. If you don't need to know about Known Exploited Vulnerabilities for detected CVEs, skip this section.

-
-
$ sudo mkdir /var/log/go-kev
-$ sudo chown <user> /var/log/go-kev
-$ sudo chmod 700 /var/log/go-kev
-$ mkdir -p $GOPATH/src/github.com/vulsio
-$ cd $GOPATH/src/github.com/vulsio
-$ git clone https://github.com/vulsio/go-kev.git
-$ cd go-kev
-$ make install
-$ ln -s $GOPATH/src/github.com/vulsio/go-kev/go-kev.sqlite3 $HOME/go-kev.sqlite3
-
-

The binary was built under $GOPATH/bin

-

Then fetch Known Exploited Vulnerabilities information. README

-
$ go-kev fetch kevuln
-
-

Deploy go-cti

-

go-cti

-
-

New version Vuls 0.19.8 now possible to display Cyber Threat Intelligence(MITER ATT&CK and CAPEC) have been published at mitre/cti. If you don't need to know about Cyber Threat Intelligence for detected CVEs, skip this section.

-
-
$ sudo mkdir /var/log/go-cti
-$ sudo chown <user> /var/log/go-cti
-$ sudo chmod 700 /var/log/go-cti
-$ mkdir -p $GOPATH/src/github.com/vulsio
-$ cd $GOPATH/src/github.com/vulsio
-$ git clone https://github.com/vulsio/go-cti.git
-$ cd go-cti
-$ make install
-$ ln -s $GOPATH/src/github.com/vulsio/go-cti/go-cti.sqlite3 $HOME/go-cti.sqlite3
-
-

The binary was built under $GOPATH/bin

-

Then fetch Cyber Threat Intelligence information. README

-
$ go-cti fetch threat
-
-

Deploy Vuls

-
$ mkdir -p $GOPATH/src/github.com/future-architect
-$ cd $GOPATH/src/github.com/future-architect
-$ git clone https://github.com/future-architect/vuls.git
-$ cd vuls
-$ make install
-
-

If you have previously installed vuls and want to update, please do the following

-
$ rm -rf $GOPATH/pkg/linux_amd64/github.com/future-architect/vuls/
-$ rm -rf $GOPATH/src/github.com/future-architect/vuls/
-$ cd $GOPATH/src/github.com/future-architect
-$ git clone https://github.com/future-architect/vuls.git
-$ cd vuls
-$ make install
-
-

The binary was built under $GOPATH/bin

-

Test Installation

-

Local Scan Mode: From Configuration to Reporting

-
Vulsctl - Install on HostOSInstall with Docker
\ No newline at end of file diff --git a/docs/ja/install-with-ansible.html b/docs/ja/install-with-ansible.html deleted file mode 100644 index bb678eee..00000000 --- a/docs/ja/install-with-ansible.html +++ /dev/null @@ -1,96 +0,0 @@ -Install with Ansible · Vuls
Edit

Install with Ansible

For details, see the book

-
Install with PackageInstall with awless
\ No newline at end of file diff --git a/docs/ja/install-with-awless.html b/docs/ja/install-with-awless.html deleted file mode 100644 index 12ffbd07..00000000 --- a/docs/ja/install-with-awless.html +++ /dev/null @@ -1,96 +0,0 @@ -Install with awless · Vuls
Edit

Install with awless

For Details, see the doc

-
Install with AnsibleTutorial
\ No newline at end of file diff --git a/docs/ja/install-with-docker.html b/docs/ja/install-with-docker.html deleted file mode 100644 index c58f336a..00000000 --- a/docs/ja/install-with-docker.html +++ /dev/null @@ -1,241 +0,0 @@ -Install with Docker · Vuls
Edit

Install with Docker

Docker images for Vuls are built per commit and push to DockerHub/Vuls automatically.

-

install/update go-cve-dictionary

-
$ docker pull vuls/go-cve-dictionary
-$ docker run  --rm  vuls/go-cve-dictionary help
-
-GO CVE Dictionary
-[...]
-
-

install/update goval-dictionary

-
$ docker pull vuls/goval-dictionary
-$ docker run  --rm  vuls/goval-dictionary help
-
-OVAL(Open Vulnerability and Assessment Language) dictionary
-[...]
-
-

install/update gost

-
-

New version Vuls 0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors using new data source named gost.

-
-
$ docker pull vuls/gost
-$ docker run  --rm  vuls/gost help
-
-Security Tracker
-[...]
-
-

install/update go-exploitdb

-

go-exploitdb

-
-

Vuls 0.6.0 からは、Exploit DB.com で公開されているexploitコードを表示することができるようになりました。 そのCVEのexploitコードを知る必要がない人は、この章を飛ばしてください。

-
-
$ docker pull vuls/go-exploitdb
-$ docker run  --rm  vuls/go-exploitdb help
-
-Go Exploit DB
-[...]
-
-

install/update go-msfdb

-

go-msfdb

-
-

New version Vuls 0.11.0 now possible to display metasploit modules have been published at Metasploit. If you don't need to know about metasploit modules for detected CVEs, skip this section.

-
-
$ docker pull vuls/go-msfdb
-$ docker run  --rm  vuls/go-msfdb help
-
-Go Metasploit DB
-[...]
-
-

install/update go-kev

-
-

New version Vuls 0.19.0 now possible to display Known Exploited Vulnerabilities have been published at Cybersecurity & Infrastructure Security Agency. If you don't need to know about Known Exploited Vulnerabilities for detected CVEs, skip this section.

-
-
$ docker pull vuls/go-kev
-$ docker run --rm  vuls/go-kev help
-
-Go Known Exploited Vulnerabilities
-[...]
-
-

install/update go-cti

-
-

New version Vuls 0.19.8 now possible to display Cyber Threat Intelligence(MITER ATT&CK and CAPEC) have been published at mitre/cti. If you don't need to know about Cyber Threat Intelligence for detected CVEs, skip this section.

-
-
$ docker pull vuls/go-cti
-$ docker run --rm  vuls/go-cti help
-
-Go collect Cyber Threat Intelligence
-[...]
-
-

install/update Vuls

-
$ docker pull vuls/vuls
-$ docker run  --rm  vuls/vuls help
-
-Usage: vuls <flags> <subcommand> <subcommand args>
-[...]
-
-

Scan

-

チュートリアル:Dockerを参照してください。

-

How to confirm version and Git revision

-
    -
  • go-cve-dictionary
    • -
-
$ docker run  --rm  vuls/go-cve-dictionary version
-
-go-cve-dictionary v0.0.xxx xxxx
-
-
    -
  • goval-dictionary
    • -
-
$ docker run  --rm  vuls/goval-dictionary version
-
-goval-dictionary v0.0.xxx xxxx
-
-
    -
  • gost
    • -
-
$ docker run  --rm  vuls/gost version
-
-gost v0.0.xxx xxxx
-
-
    -
  • go-exploitdb
    • -
-
$ docker run  --rm  vuls/go-exploitdb version
-
-go-exploitdb v0.0.xxx xxxx
-
-
    -
  • go-msfdb
    • -
-
$ docker run  --rm  vuls/go-msfdb version
-
-go-msfdb v0.0.xxx xxxx
-
-
    -
  • go-kev
    • -
-
$ docker run  --rm  vuls/go-kev version
-
-go-kev v0.0.xxx xxxx
-
-
    -
  • go-cti
    • -
-
$ docker run  --rm  vuls/go-cti version
-
-go-cti v0.0.xxx xxxx
-
-
    -
  • vuls
    • -
-
$ docker run  --rm  vuls/vuls -v
-
-vuls v0.0.xxx xxxx
-
-

DockerHub

- -

イメージのバージョンはGitHubのリポジトリのバージョンと同じです。

-
Install ManuallyInstall with Package
\ No newline at end of file diff --git a/docs/ja/install-with-package.html b/docs/ja/install-with-package.html deleted file mode 100644 index 3cda8008..00000000 --- a/docs/ja/install-with-package.html +++ /dev/null @@ -1,95 +0,0 @@ -Install with Package · Vuls
Edit

Install with Package

Install with DockerInstall with Ansible
\ No newline at end of file diff --git a/docs/ja/install-with-vulsctl-host.html b/docs/ja/install-with-vulsctl-host.html deleted file mode 100644 index 2eda12aa..00000000 --- a/docs/ja/install-with-vulsctl-host.html +++ /dev/null @@ -1,122 +0,0 @@ -Install with vulsctl on host · Vuls
Edit

Install with vulsctl on host

Vulsctl

-

Vulsctl was created to ease setup.

-

Deploy vuls on the host

-

You can deploy vuls on your host easily while using the install.sh script. To know what the script doing, it's quicker to look at the script.

-

install

-
$ sudo bash install.sh
-
-

Fetch all databases

-

Fetch the vulnerability databases used by Vuls to the current directory using update-all.sh. Fetching all databases is time consuming. Look at the script before executing update-all.sh and make sure you fetch only what you need.

-
$ update-all.sh
-
-

Update Modules

-

Update Vuls-related modules to the latest version using upgrade.sh.

-
$ sudo bash upgrade.sh
-
-

Scan and Report

-

You can find the Vuls command in /usr/local/bin/vuls, and the config.toml sample is here. If you don't define the SQLite3 databases path in config.toml, Vuls uses the ones in the same directory as the Vuls binaries. Scanning and reporting command is the following.

-
$ which vuls
-/usr/loca/bin/vuls
-$ ls config.toml
-config.toml
-$ ls *.sqlite3
-oval.sqlite3 go-cti.sqlite3 go-exploitdb.sqlite3 go-kev.sqlite3 go-msfdb.sqlite3 gost.sqlite3 cve.sqlite3
-$ vuls scan
-$ vuls report
-$ vuls tui
-
-
Vulsctl - Quickest Vuls setupInstall Manually
\ No newline at end of file diff --git a/docs/ja/install-with-vulsctl.html b/docs/ja/install-with-vulsctl.html deleted file mode 100644 index 24be0cb7..00000000 --- a/docs/ja/install-with-vulsctl.html +++ /dev/null @@ -1,149 +0,0 @@ -Install with vulsctl · Vuls
Edit

Install with vulsctl

Vulsctl

-

Linux Distributions

-

The following example should work on Fedora based Linux distributions, which include: CentOS, RedHat, Amazon Linux etc (tested on CentOS and Red Hat 7).

-

Vulsctl was created to ease setup. Each shell script is a wrapper around Docker commands.

-

Setup Docker

- -
$ sudo systemctl start docker
-
-

Vulsctl をクローン

-
$ git clone https://github.com/vulsio/vulsctl.git
-$ cd vulsctl
-
-

Fetch Vulnerability Databases

-

This will take some time ...

-
$ cd docker
-$ ./update-all.sh
-
-

Config, Scan, Report

-

Prepare the config.toml in the vulsctl install directory similar to the configuration below.

-
[servers]
-[servers.hostos]
-host        = "52.10.10.10"
-port        = "22"
-user        = "centos"
-# if ssh config file exists in .ssh, path to ssh config file in docker
-sshConfigPath   = "/root/.ssh/config"
-# keypath in the Vuls docker container
-keyPath     = "/root/.ssh/id_rsa"
-
-

When config exists in .ssh, vuls refers to /root/.ssh/config in the docker container when connecting to SSH. However, an error occurs because the local user does not match the user in Docker. To deal with this, specify /root/.ssh/config in sshConfigPath.

-

The scan.sh will mount $HOME/.ssh from the host operating system into the Docker container, however you will need to SSH into the target server beforehand which will add your fingerprint to $HOME/.ssh/known_hosts.

-

` scan

-
$ ssh centos@52.100.100.100 -i ~/.ssh/id_rsa.pem
-
-
$ ./scan.sh
-$ ./report.sh
-$ ./tui.sh
-
-

For details, see

- -

Vulsrepo

-
$ ./vulsrepo.sh
-$ docker ps
-CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                    NAMES
-39c8830dbeac        ishidaco/vulsrepo   "vulsrepo-server"   3 seconds ago       Up 1 second         0.0.0.0:5111->5111/tcp   focused_wu
-
-

Vulsrepo is running on http://host-ip:5111.

-
CPE ScanVulsctl - Install on HostOS
\ No newline at end of file diff --git a/docs/ja/main-features.html b/docs/ja/main-features.html deleted file mode 100644 index 916fd0bb..00000000 --- a/docs/ja/main-features.html +++ /dev/null @@ -1,219 +0,0 @@ -Main Features · Vuls
Edit

Main Features

Linux/FreeBSDサーバに存在するすべての脆弱性をスキャン

-

Supports major Linux/FreeBSD/Windows/MacOS

-
    -
  • Alpine, Ubuntu, Debian, CentOS, AlmaLinux, Rocky Linux, Amazon Linux, RHEL, Fedora, Oracle Linux, openSUSE, openSUSE Leap, SUSE Enterprise Linux and Raspbian, FreeBSD, Windows, MacOS
    • -
  • Cloud, on-premise, Docker
    • -
-

高精度なスキャン

-

Vulsは複数の脆弱性データベースを使用します。

- -

FastスキャンとDeepスキャン

-

Fastスキャン

-
    -
  • root権限や依存性が必要無いスキャン
    • -
  • スキャン対象サーバにほぼ負荷がかかりません。
    • -
  • Offline mode scan with no internet access. (Red Hat, Fedora, CentOS, AlmaLinux, Rocky Linux,OracleLinux, Ubuntu, Debian)
    • -
-

Fast Root スキャン

-
    -
  • root権限でスキャン
    • -
  • スキャン対象サーバにほぼ負荷がかかりません。
    • -
  • Detect processes affected by update using yum-ps (Red Hat, Fedora, CentOS, AlmaLinux, Rocky Linux, Oracle Linux and Amazon Linux)
    • -
  • DebianとUbuntuでは、debian-goodiesのcheckrestartを使うことで、以前にアップデートされたのに再起動されていないプロセスを検知することができます。
    • -
  • Offline mode scan with no internet access. (Red Hat, Fedora, CentOS, AlmaLinux, Rocky Linux, OracleLinux, Ubuntu, Debian)
    • -
-

Deepスキャン

-
    -
  • same as fast-root scan mode for now.
    • -
-

リモートスキャンモード、ローカルスキャンモード、サーバモード

-

リモートスキャンモード

-
    -
  • スキャン対象サーバにSSH接続可能なマシン1台にセットアップするだけで動作
    • -
-

ローカルスキャンモード

-
    -
  • もし中央のサーバから各サーバにSSH接続をしたくない場合は、Vulsをローカルスキャンモードで使用可能。
    • -
-

サーバモード

-
    -
  • No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target serve.
    • -
  • まず、VulsをServerモードで起動し、HTTPサーバとします。
    • -
  • VulsをServerモードで起動し、HTTPサーバとします。
    • -
  • 次に、対象のサーバでコマンドを実行しソフトウェアの情報を集めます。そして、その結果をHTTPを通してVulsサーバに送信します。その結果はJSON形式で取得できます。
    • -
-

動的 解析

-
    -
  • サーバにSSH接続してコマンドを発行することで、サーバの状態を取得可能
    • -
  • Vulsは、以前にアップデートされたのに再起動されていないプロセスを警告したり、アップデート前にそのアップデートにより影響を受けるプロセスを検知したりできます。
    • -
-

Scan middleware that are not included in OS package management

-
    -
  • Scan middleware, programming language libraries and framework for vulnerability
    • -
  • Support software registered in CPE
    • -
-

Integration

- -

MISC

-
    -
  • Nondestructive testing
    • -
  • Pre-authorization is NOT necessary before scanning on AWS -
      -
    • Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
      • -
    • -
  • Auto generation of configuration file template -
      -
    • Auto detection of servers set using CIDR, generate configuration file template
      • -
    • -
  • Email and Slack notification is possible (supports Japanese language)
    • -
  • Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI (VulsRepo).
    • -
-
AbstractSupported OS
\ No newline at end of file diff --git a/docs/ja/misc-update-vuls.html b/docs/ja/misc-update-vuls.html deleted file mode 100644 index d4dc14d8..00000000 --- a/docs/ja/misc-update-vuls.html +++ /dev/null @@ -1,170 +0,0 @@ -Update Vuls to the latest version · Vuls
Edit

Update Vuls to the latest version

Update manually

-
    -
  • go-cve-dictionaryのアップデート
    • -
-

もしデータベースの構造が変わったときには、新しいデータベースを使用します。Vulsは古いものを移行しません。

-
$ cd $GOPATH/src/github.com/vulsio/go-cve-dictionary
-$ git pull
-$ rm -r vendor
-$ make install
-
-
    -
  • goval-dictionaryのアップデート
    • -
-

もしデータベースの構造が変わったときには、新しいデータベースを使用します。Vulsは古いものを移行しません。

-
$ cd $GOPATH/src/github.com/vulsio/goval-dictionary
-$ git pull
-$ rm -r vendor
-$ make install
-
-
    -
  • gostのアップデート
    • -
-

もしデータベースの構造が変わったときには、新しいデータベースを使用します。Vulsは古いものを移行しません。

-
$ cd $GOPATH/src/github.com/vulsio/gost
-$ git pull
-$ rm -r vendor
-$ make install
-
-
    -
  • go-exploitdbのアップデート
    • -
-

もしデータベースの構造が変わったときには、新しいデータベースを使用します。Vulsは古いものを移行しません。

-
$ cd $GOPATH/src/github.com/vulsio/go-exploitdb
-$ git pull
-$ rm -r vendor
-$ make install
-
-
    -
  • Update go-msfdb
    • -
-

If the DB schema was changed, use a new database. Vuls doesn't migrate old schema to new schema.

-
$ cd $GOPATH/src/github.com/vulsio/go-msfdb
-$ git pull
-$ make install
-
-
    -
  • Update go-kev
    • -
-

If the DB schema was changed, use a new database. Vuls doesn't migrate old schema to new schema.

-
$ cd $GOPATH/src/github.com/vulsio/go-kev
-$ git pull
-$ make install
-
-
    -
  • Update go-cti
    • -
-

If the DB schema was changed, use a new database. Vuls doesn't migrate old schema to new schema.

-
$ cd $GOPATH/src/github.com/vulsio/go-cti
-$ git pull
-$ make install
-
-
    -
  • Update vuls
    • -
-
$ cd $GOPATH/src/github.com/future-architect/vuls
-$ git pull
-$ rm -r vendor
-$ make install
-
-
    -
  • Binary file was built under $GOPATH/bin
    • -
  • If an error occurs, delete $GOPATH/pkg before executing it
    • -
-

Update using docker

-

If you set up on docker, see Docker setup

-
Crongo-cve-dictionary
\ No newline at end of file diff --git a/docs/ja/related-projects.html b/docs/ja/related-projects.html deleted file mode 100644 index 8d95c57e..00000000 --- a/docs/ja/related-projects.html +++ /dev/null @@ -1,123 +0,0 @@ -Related Projects · Vuls
Edit

Related Projects

ohsawa0515/serverless-vuls

-

'serverless-vuls' repository contains an AWS Lambda-backed Vuls architecture for AWS CloudFormation.

-

GEROMAX/vuls_to_updateinfo

-

vuls_to_updateinfo script creates 'updateinfo.xml' file from Vuls report file(xml) so that 'yum --security update' command can be executed on CentOS.

-

Jiab77/vuls-scripts

-
    -
  • vuls-client-scan.sh: Copy this script on the client to be scanned and run it.
    • -
  • vuls-server.sh: Start the vuls scanning server for using the client scan script. -
      -
    • (can be done also with the vuls-manage.sh script)
      • -
    • -
  • vuls-manage.sh: Used to run most of the common actions with Vuls -
      -
    • Start the scan server
      • -
    • Start the terminal interface
      • -
    • Start the web interface
      • -
    • Scan local host
      • -
    • Show scan history
      • -
    • Generate recent scan reports
      • -
    • Generate all scan reports
      • -
    • Generate and send recent scan reports and specify severity level
      • -
    • Generate and upload recent scan reports
      • -
    • Generate and upload all scan reports
      • -
    • Create / Reset Vuls configuration
      • -
    • Update all vulnerabilities databases
      • -
    • -
-

The scripts are based on vulsctl.

-
go-ctiTips
\ No newline at end of file diff --git a/docs/ja/supported-os.html b/docs/ja/supported-os.html deleted file mode 100644 index 7128718c..00000000 --- a/docs/ja/supported-os.html +++ /dev/null @@ -1,119 +0,0 @@ -Supported OS · Vuls
Edit

Supported OS

- - - - - - - - - - - - - - - - - - - - - - -
DistributionRelease
Alpine3.3以降
Ubuntu14.04, 16.04, 18.04, 20.04, 21.04, 21.10, 22.04, 22.10, 23.04, 23.10
Debian8, 9, 10, 11, 12
RHEL5, 6, 7, 8, 9
Fedora32, 33, 34, 35, 36, 37, 38, 39
Oracle Linux5, 6, 7
CentOS6, 7, 8, stream8, stream9
AlmaLinux8, 9
Rocky Linux8, 9
Amazon LinuxAll
FreeBSD10, 11
openSUSEtumbleweed
openSUSE Leap15.2, 15.3
SUSE Enterprise11, 12, 15
RaspbianJessie, Stretch, Buster
WindowsClient, Server
MacOSMacOS X, MacOS X Server, MacOS, MacOS Server
-
Main FeaturesRemote, Local, One-liner scan
\ No newline at end of file diff --git a/docs/ja/testing.html b/docs/ja/testing.html deleted file mode 100644 index e94f1d35..00000000 --- a/docs/ja/testing.html +++ /dev/null @@ -1,139 +0,0 @@ -Integration Testing · Vuls
Edit

Integration Testing

Makerfile

-

https://github.com/future-architect/vuls/blob/master/GNUmakefile#L85

-

Diff

-

Prepare vulnerability databases

-
    $ git clone git@github.com:vulsio/vulsctl.git
-    $ cd vulsctl/docker
-    $ ./update-all.sh
-    $ cd /path/to/future-architect/vuls
-    $ vim integration/int-config.toml
-
-

build binaries

-
    -
  • working-tree
    • -
  • HEAD
    • -
  • HEAD^
    • -
-
    $ make build-integration
-
-

diff between HEAD and working-set

-
    $ ln -s vuls vuls.new
-    $ ln -s vuls.xxxxx vuls.old
-    $ make diff
-
-

diff between HEAD^ and HEAD

-
    $ ln -s vuls.xxxHEADxxx vuls.new
-    $ ln -s vuls.yyyHEAD^yyy vuls.old
-    $ make diff
-
-

Diff on Redis-backend

-
    $ docker network create redis-nw
-    $ docker run --name redis -d --network redis-nw -p 127.0.0.1:6379:6379 redis
-    $ git clone git@github.com:vulsio/vulsctl.git
-    $ cd vulsctl/docker
-    $ ./update-all-redis.sh
-    $ (or export DOCKER_NETWORK=redis-nw; cd /home/ubuntu/vulsctl/docker; ./update-all.sh --dbtype redis --dbpath "redis://redis/0")
-    $ vim integration/int-redis-config.toml
-
-
    $ ln -s vuls vuls.new
-    $ ln -s oldvuls vuls.old
-    $ make diff-redis
-
-

Diff between Redis-backend and SQLite3

-
    $ make diff-rdb-redis
-
-
ContributeCron
\ No newline at end of file diff --git a/docs/ja/tips.html b/docs/ja/tips.html deleted file mode 100644 index 814207d0..00000000 --- a/docs/ja/tips.html +++ /dev/null @@ -1,189 +0,0 @@ -Tips · Vuls
Edit

Tips

go getできません

-

gitを最新バージョンに更新してください。古いバージョンのgitではレポジトリを取得できません。

-

HTTP プロキシってサポートしてますか?

-

プロキシ環境下では、--http-proxyオプションを指定してください

-

go-cve-dictionaryをDaemon化するには?

-

systemd, upstart, supervisord, daemontools など使ってみて下さい

-

脆弱性情報の自動更新ってどうやるの?

-

cronとかのジョブスケジューラを使ってみて下さい( -last2y オプションも併用して)

-

スキャンを自動化するには?

-

CRONなどを使い、自動化のためにsudoと、秘密鍵のパスワードなしでも実行可能なようにする

-
    -
  • スキャン対象サーバの /etc/sudoers に NOPASSWORD を設定する
    • -
  • 秘密鍵パスフレーズなしの公開鍵認証か、ssh-agentを使う
    • -
-

SSHの鍵確認をせずにスキャンするには?

-

StrictHostKeyChecking no を SSH 接続に使用する設定ファイルに書き込みます。 次に、config.toml の sshConfigPath に ssh が使用する設定ファイルに PATH を記述します。 see setting server section, #1005

-

How to scan with SSH key with passphrase

-

Vuls calls ssh many times, so you will be asked to type password again and again when vuls scans. If you need to scan a server with ssh-key with password, we recommend using ssh-agent. Specifically you can use ssh-agent beforehand like below.

-
$ ssh-add ~/.ssh/authorized_keys
-Enter passphrase for ~/.ssh/id_rsa:
-Identity added: ~/.ssh/id_rsa (~/.ssh/id_rsa)
-$ vuls scan ubuntu
-... snip ...
-
-One Line Summary
-================
-ubuntu  ubuntu16.04     30 updatable packages
-
-

If you run Vuls in Docker container, you can do below instead of above.

-

Scan in Docker container

-

If you need to scan a server with ssh-key with password, you can do 1. or 2. below.

-

1. Use ssh-agent in the container

-
$ pwd
-/home/vuls/vulsctl/docker
-$ docker run -it \
-  -v $HOME/.ssh:/root/.ssh:ro \
-  -v $PWD:/vuls \
-  --entrypoint="/bin/ash" \
-  vuls/vuls
-/vuls # eval `ssh-agent`
-/vuls # ssh-add /root/.ssh/id_rsa
-Enter passphrase for /root/.ssh/id_rsa:
-Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
-/vuls # vuls scan -log-dir=/vuls/log -config=/vuls/config.toml
-
-

Or you can do it with one-liner like this.

-
$ docker run -it \
-  -v $HOME/.ssh:/root/.ssh:ro \
-  -v $PWD:/vuls \
-  --entrypoint="/bin/ash" \
-  vuls/vuls \
-  -c "eval \`ssh-agent\` && ssh-add /root/.ssh/id_rsa && vuls scan  -log-dir=/vuls/log -config=/vuls/config.toml"
-
-

2. Use ssh-agent in host machine and share it with the container

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ssh-add ~/.ssh/id_rsa
-Enter passphrase for /Users/***/.ssh/id_rsa:
-Identity added: /Users/***/.ssh/id_rsa (/Users/***/.ssh/id_rsa)
-$ docker run -it \
-  -v $HOME/.ssh:/root/.ssh:ro \
-  -v $PWD:/vuls \
-  -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK \
-  -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK \
-  vuls/vuls scan \
-  -log-dir=/vuls/log \
-  -config=/vuls/config.toml \
-
-

If you use docker for mac, use it instead.

-
$ ssh-add ~/.ssh/id_rsa
-Enter passphrase for /Users/***/.ssh/id_rsa:
-Identity added: /Users/***/.ssh/id_rsa (/Users/***/.ssh/id_rsa)
-$ docker run -it \
--v $HOME/.ssh:/root/.ssh:ro \
--v $PWD:/vuls \
--v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock \
--e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock \
-vuls/vuls scan \
--log-dir=/vuls/log \
--config=/vuls/config.toml \
-
-

How to cross compile

-
$ cd /path/to/your/local-git-repository/vuls
-$ GOOS=linux GOARCH=amd64 go build -o vuls.amd64 ./cmd/vuls
-
-

Logging

-

Log is under /var/log/vuls/

-

Debug

-

Run with --debug, --sql-debug option.

-

Adjusting Open File Limit

-

Riak docs is awesome.

-

Does Vuls accept SSH connections with fish-shell or old zsh as the login shell

-

No, Vuls needs a user on the server for bash login.
-Yes, fixed in #545

-
Related Projects
\ No newline at end of file diff --git a/docs/ja/tutorial-docker.html b/docs/ja/tutorial-docker.html deleted file mode 100644 index 664cb8df..00000000 --- a/docs/ja/tutorial-docker.html +++ /dev/null @@ -1,434 +0,0 @@ -Tutorial - Scan using Docker · Vuls
Edit

Tutorial - Scan using Docker

It's easier to use vulsctl than to use docker directly.

-

This tutorial will let you scan the vulnerabilities on the remote host via SSH with Docker-Vuls.

-

Before doing this tutorial, you have to setup vuls with Docker.

-

This can be done in the following steps.

-
    -
  1. NVDの取得 (vuls/go-cve-dictionary)
    2. -
  2. OVALの取得 (vuls/goval-dictionary)
    3. -
  3. GOSTの取得 (vuls/gost)
    4. -
  4. fetch go-exploitdb(vuls/go-exploitdb)
    5. -
  5. fetch go-msfdb(vuls/go-msfdb)
    6. -
  6. fetch go-kev(vuls/go-kev)
    7. -
  7. fetch go-cti(vuls/go-cti)
    8. -
  8. configuration (vuls/vuls)
    9. -
  9. configtest (vuls/vuls)
    10. -
  10. scan (vuls/vuls)
    11. -
  11. vulsrepo (ishidaco/vulsrepo)
    12. -
-

Step0. ログディレクトリの準備

-
$ cd /path/to/working/dir
-$ mkdir go-cve-dictionary-log goval-dictionary-log gost-log go-exploitdb-log go-msfdb-log
-
-

Step1. NVDの取得

-

go-cve-dictionary

-

vulsio/go-cve-dictionary:README

-
$ docker run --rm -it \
-    -v $PWD:/go-cve-dictionary \
-    -v $PWD/go-cve-dictionary-log:/var/log/go-cve-dictionary \
-    vuls/go-cve-dictionary fetch nvd
-
-

To fetch JVN(Japanese), See README

-

Step2. OVALの取得 (RedHatの例)

-

goval-dictionary

-
$ docker run --rm -it \
-    -v $PWD:/goval-dictionary \
-    -v $PWD/goval-dictionary-log:/var/log/goval-dictionary \
-    vuls/goval-dictionary fetch redhat 5 6 7 8 9
-
-

To fetch other OVAL, See README

-

Step3. Fetch gost(Go Security Tracker) (for RedHat/CentOS/AlmaLinux/Rocky Linux, Debian and Ubuntu)

-

gost (go-security-tracker)

-
$ docker run --rm -i \
-    -v $PWD:/gost \
-    -v $PWD/gost-log:/var/log/gost \
-    vuls/gost fetch redhat
-
-

To fetch Debian security tracker, See Gost README

-

Step3.5. go-exploitdb の取得

-

go-exploitdb

-
$ docker run --rm -i \
-    -v $PWD:/go-exploitdb \
-    -v $PWD/go-exploitdb-log:/var/log/go-exploitdb \
-    vuls/go-exploitdb fetch exploitdb
-$ docker run --rm -i \
-    -v $PWD:/go-exploitdb \
-    -v $PWD/go-exploitdb-log:/var/log/go-exploitdb \
-    vuls/go-exploitdb fetch awesomepoc
-$ docker run --rm -i \
-    -v $PWD:/go-exploitdb \
-    -v $PWD/go-exploitdb-log:/var/log/go-exploitdb \
-    vuls/go-exploitdb fetch githubrepos
-$ docker run --rm -i \
-    -v $PWD:/go-exploitdb \
-    -v $PWD/go-exploitdb-log:/var/log/go-exploitdb \
-    vuls/go-exploitdb fetch inthewild
-
-

Step3.6. Fetch go-msfdb

-

go-msfdb

-
$ docker run --rm -i \
-    -v $PWD:/go-msfdb \
-    -v $PWD/go-msfdb-log:/var/log/go-msfdb \
-    vuls/go-msfdb fetch msfdb
-
-

Step3.7. Fetch go-kev

-

go-kev

-
$ docker run --rm -i \
-    -v $PWD:/go-kev \
-    -v $PWD/go-kev-log:/var/log/go-kev \
-    vuls/go-kev fetch kevuln
-
-

Step3.8. Fetch go-cti

-

go-cti

-
$ docker run --rm -i \
-    -v $PWD:/go-cti \
-    -v $PWD/go-cti-log:/var/log/go-cti \
-    vuls/go-cti fetch threat
-
-

Step4. Configuration

-

Create config.toml referring to this.

-
[servers]
-
-[servers.c74]
-host            = "54.249.93.16"
-port            = "22"
-user            = "vuls-user"
-# if ssh config file exists in .ssh, path to ssh config file in docker
-sshConfigPath   = "/root/.ssh/config"
-# path to ssh private key in docker
-keyPath         = "/root/.ssh/id_rsa"
-
-

Step5. Configtest

-
$ docker run --rm -it\
-    -v ~/.ssh:/root/.ssh:ro \
-    -v $PWD:/vuls \
-    -v $PWD/vuls-log:/var/log/vuls \
-    vuls/vuls configtest \
-    -config=./config.toml # path to config.toml in docker
-
-

Usage: configtest

-

Step6. Scan

-
$ docker run --rm -it \
-    -v ~/.ssh:/root/.ssh:ro \
-    -v $PWD:/vuls \
-    -v $PWD/vuls-log:/var/log/vuls \
-    -v /etc/localtime:/etc/localtime:ro \
-    -e "TZ=Asia/Tokyo" \
-    vuls/vuls scan \
-    -config=./config.toml # path to config.toml in docker
-
-

If Docker Host is Debian or Ubuntu

-
$ docker run --rm -it \
-    -v ~/.ssh:/root/.ssh:ro \
-    -v $PWD:/vuls \
-    -v $PWD/vuls-log:/var/log/vuls \
-    -v /etc/localtime:/etc/localtime:ro \
-    -v /etc/timezone:/etc/timezone:ro \
-    vuls/vuls scan \
-    -config=./config.toml # path to config.toml in docker
-
-

Usage: Scan

-

Step7. Report

-

config.toml

-
[cveDict]
-type = "sqlite3"
-SQLite3Path = "/path/to/cve.sqlite3"
-
-[ovalDict]
-type = "sqlite3"
-SQLite3Path = "/path/to/oval.sqlite3"
-
-[gost]
-type = "sqlite3"
-SQLite3Path = "/path/to/gost.sqlite3"
-
-[exploit]
-type = "sqlite3"
-SQLite3Path = "/path/to/go-exploitdb.sqlite3"
-
-[metasploit]
-type = "sqlite3"
-SQLite3Path = "/path/to/db/go-msfdb.sqlite3"
-
-[kevuln]
-type = "sqlite3"
-SQLite3Path = "/path/to/db/go-kev.sqlite3"
-
-[cti]
-type = "sqlite3"
-SQLite3Path = "/path/to/db/go-cti.sqlite3"
-
-
$ docker run --rm -it \
-    -v ~/.ssh:/root/.ssh:ro \
-    -v $PWD:/vuls \
-    -v $PWD/vuls-log:/var/log/vuls \
-    -v /etc/localtime:/etc/localtime:ro \
-    vuls/vuls report \
-    -format-list \
-    -config=./config.toml # path to config.toml in docker
-
-

Usage: Report

-

Use TUI(Terminal-Based User Interface) to display the scan result.

-
$ docker run --rm -it \
-    -v ~/.ssh:/root/.ssh:ro \
-    -v $PWD:/vuls \
-    -v $PWD/vuls-log:/var/log/vuls \
-    -v /etc/localtime:/etc/localtime:ro \
-    vuls/vuls tui \
-    -config=./config.toml # path to config.toml in docker
-
-

Vuls-TUI

-

Step8. vulsrepo

-
$docker run -dt \
-    -v $PWD:/vuls \
-    -p 5111:5111 \
-    ishidaco/vulsrepo
-
-

VulsRepo

-

HTTP-Server mode

-

Run containers as below if you want to use go-cve-dictionary, goval-dictionary and gost as a server mode.

-

go-cve-dictionary

-
$ docker run -dt \
-    --name go-cve-dictionary \
-    -v $PWD:/go-cve-dictionary \
-    -v $PWD/go-cve-dictionary-log:/var/log/go-cve-dictionary \
-    --expose 1323 \
-    -p 1323:1323 \
-    vuls/go-cve-dictionary server --bind=0.0.0.0
-
-

goval-dictionary

-
$ docker run -dt \
-    --name goval-dictionary \
-    -v $PWD:/goval-dictionary \
-    -v $PWD/goval-dictionary-log:/var/log/goval-dictionary \
-    --expose 1324 \
-    -p 1324:1324 \
-    vuls/goval-dictionary server --bind=0.0.0.0
-
-

gost

-
$ docker run -dt \
-    --name gost \
-    -v $PWD:/gost \
-    -v $PWD/gost-log:/var/log/gost \
-    --expose 1325 \
-    -p 1325:1325 \
-    vuls/gost server --bind=0.0.0.0
-
-

go-exploitdb

-
$ docker run -dt \
-    --name go-exploitdb \
-    -v $PWD:/go-exploitdb \
-    -v $PWD/go-exploitdb-log:/var/log/go-exploitdb \
-    --expose 1326 \
-    -p 1326:1326 \
-    vuls/go-exploitdb server --bind=0.0.0.0
-
-

go-msfdb

-
$ docker run -dt \
-    --name go-msfdb \
-    -v $PWD:/go-msfdb \
-    -v $PWD/go-msfdb-log:/var/log/go-msfdb \
-    --expose 1327 \
-    -p 1327:1327 \
-    vuls/go-msfdb server --bind=0.0.0.0
-
-

go-kev

-
$ docker run -dt \
-    --name go-kev \
-    -v $PWD:/go-kev \
-    -v $PWD/go-kev-log:/var/log/go-kev \
-    --expose 1328 \
-    -p 1328:1328 \
-    vuls/go-kev server --bind=0.0.0.0
-
-

go-cti

-
$ docker run -dt \
-    --name go-cti \
-    -v $PWD:/go-cti \
-    -v $PWD/go-cti-log:/var/log/go-cti \
-    --expose 1329 \
-    -p 1329:1329 \
-    vuls/go-cti server --bind=0.0.0.0
-
-

Report

-
[cveDict]
-type = "http"
-url = "http://hostname:1323"
-
-[ovalDict]
-type = "http"
-url = "http://hostname:1324"
-
-[gost]
-type = "http"
-url = "http://hostname:1325"
-
-[exploit]
-type = "http"
-url = "http://hostname:1326"
-
-[metasploit]
-type = "http"
-url = "http://hostname:1327"
-
-[kevuln]
-type = "http"
-url = "http://hostname:1328"
-
-
$ docker run --rm -it \
-    -v ~/.ssh:/root/.ssh:ro \
-    -v $PWD:/vuls \
-    -v $PWD/vuls-log:/var/log/vuls \
-    vuls/vuls report  \
-    -config=./config.toml
-
-

Use MySQL 5.7 or later

-

If you get below error message while fetching, define sql_mode.

-
Error 1292: Incorrect datetime value: '0000-00-00' for column 'issued' at row 1
-
-

see the issue

-
$ docker run --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=chHUIDCUAUaidfhasuadasuda  -d mysql:8 --sql-mode="" --default-authentication-plugin=mysql_native_password
-4e4440bbbcb556cf949c2ffcda15afe6ee7139752c08de8b1e4def47adde24ea
-
-$ docker exec -it mysql bash
-root@4e4440bbbcb5:/# mysql -uroot -h127.0.0.1 -pchHUIDCUAUaidfhasuadasuda
-mysql: [Warning] Using a password on the command line interface can be insecure.
-Welcome to the MySQL monitor.  Commands end with ; or \g.
-Your MySQL connection id is 8
-Server version: 8.0.12 MySQL Community Server - GPL
-
-Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
-
-Oracle is a registered trademark of Oracle Corporation and/or its
-affiliates. Other names may be trademarks of their respective
-owners.
-
-Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
-
-mysql> select @@GLOBAL.sql_mode;
-+-------------------+
-| @@GLOBAL.sql_mode |
-+-------------------+
-|                   |
-+-------------------+
-1 row in set (0.00 sec)
-
-mysql> create database oval;
-Query OK, 1 row affected (0.08 sec)
-
-mysql> exit
-Bye
-root@4e4440bbbcb5:/# exit
-exit
-
-bash-3.2$ go build && ./goval-dictionary fetch ubuntu -dbtype mysql -dbpath "root:chHUIDCUAUaidfhasuadasuda@(127.0.0.1:3306)/oval?parseTime=true" 18
-INFO[08-21|21:41:58] Fetching...                              URL=https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.bionic.cve.oval.xml
-
-
-INFO[08-21|21:47:56] Fetched...                               URL=https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.bionic.cve.oval.xml
-INFO[08-21|21:47:56] Finished fetching OVAL definitions
-INFO[08-21|21:47:56] Fetched                                  URL=https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.bionic.cve.oval.xml OVAL definitions=6319
-INFO[08-21|21:47:56] Refreshing...                            Family=ubuntu Version=18
-
-
-bash-3.2$ go build && ./goval-dictionary fetch debian -dbtype mysql -dbpath "root:chHUIDCUAUaidfhasuadasuda@(127.0.0.1:3306)/oval?parseTime=true" 9
-INFO[08-21|21:49:43] Fetching...                              URL=https://www.debian.org/security/oval/oval-definitions-stretch.xml
-INFO[08-21|21:50:14] Fetched...                               URL=https://www.debian.org/security/oval/oval-definitions-stretch.xml
-INFO[08-21|21:50:14] Finished fetching OVAL definitions
-INFO[08-21|21:50:16] Fetched                                  URL=https://www.debian.org/security/oval/oval-definitions-stretch.xml OVAL definitions=17946
-INFO[08-21|21:50:16] Refreshing...                            Family=debian Version=9
-
-
Remote Scan ModeScan Docker Image
\ No newline at end of file diff --git a/docs/ja/tutorial-local-scan.html b/docs/ja/tutorial-local-scan.html deleted file mode 100644 index 50a79325..00000000 --- a/docs/ja/tutorial-local-scan.html +++ /dev/null @@ -1,230 +0,0 @@ -Tutorial - Local Scan Mode · Vuls
Edit

Tutorial - Local Scan Mode

このチュートリアルでは、Vulsを用いてローカルホストの脆弱性をスキャンする方法を学びます。 手順は以下の通りです。

-
    -
  1. CentOSを準備する
    2. -
  2. Vulsをデプロイ
    3. -
  3. 設定
    4. -
  4. 設定ファイルと、スキャン対象サーバの設定のチェック
    5. -
  5. スキャン
    6. -
  6. レポート作成
    7. -
  7. TUI(Terminal-Based User Interface)で結果を参照する
    8. -
  8. Web UI (VulsRepo)
    9. -
-

Step1. CentOSの準備

- -

Step2. Vulsをデプロイ

-

There are several ways to set up Vuls.

-

An easy one is vulsctl/install-host. It can be tedious, but you can also do set up manually instead of vulsctl.

-

Step3. 設定

-

Create a config file(TOML format).

-
$ cd $HOME
-$ cat config.toml
-[servers]
-
-[servers.localhost]
-host = "localhost"
-port = "local"
-
-

Step4. 設定ファイルと、スキャン対象サーバの設定のチェック

-
$ vuls configtest
-
-

see Usage: configtest

-

Step5. スキャン

-
$ vuls scan
-
-... snip ...
-
-One Line Summary
-================
-localhost       centos7.3.1611  31 updatable packages
-
-
-

Step6. レポート

-

View one-line summary

-
$ vuls report -format-one-line-text
-
-One Line Summary
-================
-localhost       Total: 109 (High:35 Medium:55 Low:16 ?:3)       31 updatable packages
-
-
-

View short summary

-
$ vuls report -format-list
-
-localhost (centos7.3.1611)
-==========================
-Total: 109 (High:35 Medium:55 Low:16 ?:3)       31 updatable packages
-
-CVE-2015-2806           10.0 HIGH (nvd)
-                        Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows
-                        remote attackers to have unspecified impact via unknown vectors.
-                        ---
-                        https://nvd.nist.gov/vuln/detail/CVE-2015-2806
-                        https://access.redhat.com/security/cve/CVE-2015-2806 (RHEL-CVE)
-                        10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C (nvd)
-                        2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P (redhat)
-                        https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2015-2806
-                        3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L (redhat)
-                        https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2015-2806
-                        Confidence: 100 / OvalMatch
-
-... snip ...
-
-

View full report.

-
$ vuls report -format-full-text | less
-localhost (centos7.3.1611)
-==========================
-Total: 109 (High:35 Medium:55 Low:16 ?:3)       31 updatable packages
-
-CVE-2015-2806
-----------------
-Max Score               10.0 HIGH (nvd)
-nvd                     10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
-redhat                  2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P
-redhat                  3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
-CVSSv2 Calc             https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2015-2806
-CVSSv3 Calc             https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2015-2806
-Summary                 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows
-                        remote attackers to have unspecified impact via unknown vectors.
-Source                  https://nvd.nist.gov/vuln/detail/CVE-2015-2806
-RHEL-CVE                https://access.redhat.com/security/cve/CVE-2015-2806
-CWE-119 (nvd)           https://cwe.mitre.org/data/definitions/119.html
-Package/CPE             libtasn1-3.8-3.el7 -
-Confidence              100 / OvalMatch
-
-... snip ...
-
-

View Japanese

-
$ vuls report -format-list -lang ja | less
-localhost (centos7.3.1611)
-==========================
-Total: 109 (High:35 Medium:55 Low:16 ?:3)       31 updatable packages
-
-CVE-2017-12188  7.6 IMPORTANT (redhat)
-                Linux Kernel  におけるパストラバーサルの脆弱性
-                Linux Kernel には、パストラバーサルの脆弱性が存在します。
-                ---
-                https://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-009311.html
-                https://access.redhat.com/security/cve/CVE-2017-12188 (RHEL-CVE)
-                6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C (nvd)
-                6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C (redhat)
-                6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C (jvn)
-                https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2017-12188
-                7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H (redhat)
-                https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-12188
-                Confidence: 100 / OvalMatch
-
-... snip ...
-
-

Step7. TUI

-

Vuls has Terminal-Based User Interface to display the scan result.

-
$ vuls tui
-
-

Vuls-TUI

-

Step8. Web UI (VulsRepo)で結果を参照する

-

Vulsrepo

-

Check it out the Online Demo.

-

Installation refer to VulsRepo

-
Scan with VulsctlRemote Scan Mode
\ No newline at end of file diff --git a/docs/ja/tutorial-remote-scan.html b/docs/ja/tutorial-remote-scan.html deleted file mode 100644 index a306e840..00000000 --- a/docs/ja/tutorial-remote-scan.html +++ /dev/null @@ -1,158 +0,0 @@ -Tutorial - Remote Scan Mode · Vuls
Edit

Tutorial - Remote Scan Mode

This tutorial will let you scan the vulnerabilities on the remote host via SSH with Vuls. This can be done in the following steps.

-
    -
  1. Ubuntu Linuxを新規に1台作成(スキャン対象)
    2. -
  2. スキャン対象のRemoteホストにlocalhostからSSH可能にする
    3. -
  3. config.tomlの設定
    4. -
  4. 設定ファイルと、スキャン対象サーバの設定のチェック
    5. -
  5. Scan
    6. -
  6. Reporting
    7. -
-

ローカルスキャンのチュートリアルで作成したVulsサーバ(以下localhostと記述)を用いる。

-

Step1. Launch new Ubuntu Linux

-

Tutorial: Local Scan Mode#Step1. Launch CentOS7と同じようにUbuntu16を新規に1台作成する。 新規にターミナルを開いてリモートホストにSSH接続する。
-$HOME/.ssh/known_hosts にリモートホストのHost Keyを追加するために、スキャン前にリモートホストにSSH接続する必要がある。

-

Step2. Enable to SSH from localhost

-

VulsはSSHパスワード認証をサポートしてない。 So you have to use SSH key-based authentication.
-Create a keypair on the localhost then append the public key to authorized_keys on the remote host.
-If you need to use a key with password, see the tips of How to scan with SSH key with passphrase

-

localhost

-
$ ssh-keygen -t rsa
-
-

~/.ssh/id_rsa.pubの公開鍵の内容をクリップボードにコピーします。

-

Remote Host

-
$ mkdir ~/.ssh
-$ chmod 700 ~/.ssh
-$ touch ~/.ssh/authorized_keys
-$ chmod 600 ~/.ssh/authorized_keys
-$ vim ~/.ssh/authorized_keys
-
-

先程クリップボードにコピーしたlocalhostの公開鍵を、リモートホストの~/.ssh/.authorized_keysに貼り付けて保存します。

-

localhostのknown_hostsにremote hostのホストキーが登録されている必要があるので確認すること。 $HOME/.ssh/known_hostsにリモートホストのHost Keyを追加するために、スキャン前にリモートホストにSSH接続する必要がある。

-

localhost

-
$ ssh ubuntu@172.31.4.82 -i ~/.ssh/id_rsa
-
-

Step3. Configure (config.toml)

-

localhost

-
$ cd $HOME
-$ cat config.toml
-[servers]
-
-[servers.ubuntu]
-host         = "172.31.4.82"
-port        = "22"
-user        = "ubuntu"
-keyPath     = "/home/centos/.ssh/id_rsa"
-
-

Step4. Check config.toml and settings on the server before scanning

-
$ vuls configtest ubuntu
-
-

see Usage: configtest

-

Step5. Start Scanning

-
$ vuls scan ubuntu
-... snip ...
-
-One Line Summary
-================
-ubuntu  ubuntu16.04     30 updatable packages
-
-

Step6. Reporting

- -
Local Scan ModeScan using Docker
\ No newline at end of file diff --git a/docs/ja/tutorial-scan-docker-image.html b/docs/ja/tutorial-scan-docker-image.html deleted file mode 100644 index 0060c942..00000000 --- a/docs/ja/tutorial-scan-docker-image.html +++ /dev/null @@ -1,97 +0,0 @@ -Scan Docker Image · Vuls
Edit

Scan Docker Image

コンテナイメージのスキャン

-

Container image scan has been obsoleted since v0.9.5. Use aquasecurity/trivy directly.

-
Scan using DockerScan non OS packages
\ No newline at end of file diff --git a/docs/ja/tutorial-vulsctl-docker.html b/docs/ja/tutorial-vulsctl-docker.html deleted file mode 100644 index 3cd69fc2..00000000 --- a/docs/ja/tutorial-vulsctl-docker.html +++ /dev/null @@ -1,721 +0,0 @@ -Tutorial - Vulsctl · Vuls
Edit

Tutorial - Vulsctl

Vulsctl Tutorial

-

Vuls is an agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices.

-

This tutorial explains how to perform a vulnerability scan using Vulsctl, an easy setup tool for Vuls.

-
    -
  • Scan Host OS (CentOS) vulnerabilities
    • -
  • Scan Ubuntu via SSH
    • -
  • Application-dependent library vulnerability scan
    • -
  • CPE Scanning of Network Device OS
    • -
-

Vuls provides a Docker image on DockerHub. This tutorial is a tutorial on scanning with the official Vuls image; the official Docker Hub repository is here.

-
-

Environmental Settings

-

Prepare one Linux machine for the Vuls setup. Any major Linux will work.

-

The following spec is recommended.

-
    -
  • Disk: About 15 GB is enough.
    • -
  • 4GB or more of memory is recommended. -
      -
    • Vulnerability DB (NVD) fetch consumes about 2.5 GB of memory.
      • -
    • If it's not enough, it will be out of memory.
      • -
    • t3.medium is fine (AWS EC2).
      • -
    • Since go-cve-dictionary-v0.8.1, memory consumption has been reduced, You can use a smaller instance.
      • -
    • -
-

In this tutorial, we will use CentOS 7 as an example.

-

Install git by connecting to it via SSH.

-
$ sudo yum install git
-
-

Next, install Docker and configure it so that you can run the docker command without root privileges.

- -

Clone vulsio/vulsctl, which is full of useful scripts. You can clone it anywhere, but this time you will clone it to $HOME/vulsctl

-
$ cd
-$ git clone https://github.com/vulsio/vulsctl.git
-Cloning into 'vuls-vulsctl'...
-remote: Enumerating objects: 14, done.
-remote: Counting objects: 100% (14/14), done.
-remote: Compressing objects: 100% (12/12), done.
-remote: Total 14 (delta 4), reused 12 (delta 2), pack-reused 0
-Unpacking objects: 100% (14/14), done.
-
-

If you have previously set up vulsctl, update it to the latest version.

-
$ cd vulsctl
-$ git pull
-
-

The rest of the operations are done in the vulsctl/docker.

-
$ cd docker
-$ pwd
-/home/vuls/vulsctl/docker
-
-
-

Scan Host OS (CentOS) vulnerabilities

-
-

Configuring SSH Public Key Authentication.

-

To scan from the Vuls Docker container via SSH to the host OS, you need to configure SSH.

-

Vuls remote scan mode only supports SSH public key authentication. Create a key pair and SSH to the server to be scanned beforehand. To register the fingerprint of the server to be scanned in $HOME/.ssh/known_hosts. This time, create a key with no password. Make sure you can SSH without a password prompt. If you see the password prompt, you can't scan, so you need to review your SSH settings and configure your SSH to use public key authentication with no password. If you need to use a key with password, see the tips of Scan in Docker container

-
$ ssh-keygen -q -f ~/.ssh/id_rsa -N ""
-$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
-$ chmod 600 ~/.ssh/*
-$ ssh vuls@192.168.56.3
-$ exit
-
-
-

Creating config.toml

-

Next, you need to prepare a configuration file.

-

Vuls uses the TOML configuration file, config.toml, to configure the server to be scanned, and so on. A template for remote scanning can be found in here. You can define multiple servers to scan in config.toml. In this case, only one server is defined. In config.toml, you can set up the information needed to SSH to the server you want to scan.

-
    -
  • IP address
    • -
  • SSH port number
    • -
  • User Name
    • -
  • Private Key for SSH
    • -
-

For details of config.toml, please refer to Manual.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ cat config.toml 
-[servers]
-[servers.host]
-host        = "192.168.56.3"
-port        = "22"
-user        = "vuls"
-keyPath     = "/root/.ssh/id_rsa"
-
-

Note that this tutorial is a Docker-based setup, so be careful with the keyPath in config.toml. The keyPath is not the path in Host OS, but the path in the Docker container. In vulsctl/scan.sh, we have mounted it as -v $HOME/.ssh:/root/.ssh:ro, so the The path in the container, /root/.ssh/ir_rsa.

-
-

Scan

-

Now, let's run the scan using the configuration file we prepared earlier.

-

vulsctl/scan.sh is a script to scan based on the information set in config.toml. The scan results will be stored in JSON format under $PWD/results and will be used when reporting. You can specify the server to be scanned by the command line arguments. Since host is specified as command-line args, the server [servers.host] defined in config.toml will be scanned.

-

Vuls uses the SSH information defined in config.toml to SSH to the server to be scanned and issue commands on it. There are several scanning modes, but in this case, the default fast scan mode will be used as we haven't specified anything in config.toml.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./scan.sh host
-[Sep 12 07:08:38]  INFO [localhost] Validating config...
-[Sep 12 07:08:38]  INFO [localhost] Detecting Server/Container OS... 
-[Sep 12 07:08:38]  INFO [localhost] Detecting OS of servers... 
-[Sep 12 07:08:39]  INFO [localhost] (1/1) Detected: hostos: centos 7.6.1810
-[Sep 12 07:08:39]  INFO [localhost] Detecting OS of static containers... 
-[Sep 12 07:08:39]  INFO [localhost] Detecting OS of containers... 
-[Sep 12 07:08:39]  INFO [localhost] Checking Scan Modes...
-[Sep 12 07:08:39]  INFO [localhost] Checking dependencies...
-[Sep 12 07:08:39]  INFO [hostos] Dependencies ... Pass
-[Sep 12 07:08:39]  INFO [localhost] Checking sudo settings...
-[Sep 12 07:08:39]  INFO [hostos] Sudo... Pass
-[Sep 12 07:08:39]  INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
-[Sep 12 07:08:39]  INFO [localhost] Scannable servers are below...
-host
-[Sep 12 07:08:39]  INFO [localhost] Start scanning
-[Sep 12 07:08:39]  INFO [localhost] config: /vuls/config.toml
-[Sep 12 07:08:39]  INFO [localhost] Validating config...
-[Sep 12 07:08:39]  INFO [localhost] Detecting Server/Container OS... 
-[Sep 12 07:08:39]  INFO [localhost] Detecting OS of servers... 
-[Sep 12 07:08:40]  INFO [localhost] (1/1) Detected: host: centos 7.6.1810
-[Sep 12 07:08:40]  INFO [localhost] Detecting OS of static containers... 
-[Sep 12 07:08:40]  INFO [localhost] Detecting OS of containers... 
-[Sep 12 07:08:40]  INFO [localhost] Checking Scan Modes... 
-[Sep 12 07:08:40]  INFO [localhost] Detecting Platforms... 
-[Sep 12 07:08:40]  INFO [localhost] (1/1) host is running on aws
-[Sep 12 07:08:40]  INFO [localhost] Detecting IPS identifiers... 
-[Sep 12 07:08:40]  INFO [localhost] (1/1) host has 0 IPS integration
-[Sep 12 07:08:40]  INFO [localhost] Scanning vulnerabilities... 
-[Sep 12 07:08:40]  INFO [localhost] Scanning vulnerable OS packages...
-[Sep 12 07:08:40]  INFO [host] Scanning in fast mode
-
-
-One Line Summary
-================
-host centos7.6.1810  359 installed, 63 updatable
-
-
-

Fetch OVAL DB

-

Next, fetch the vulnerability DB in the OVAL format provided by Linux distributors.

-

As we have scanned CentOS this time, we will fetch it with --redhat; for other distributions such as Ubuntu, you can fetch it with the corresponding option. For more information about options, please refer to the following page.

-
-

For reference: If you target a Debian based distribution, OVAL will be skipped when generating a report.
You can use the command $ ./gost.sh --debian instead to have a working DB for the report.sh script.

-
-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./oval.sh --redhat
-INFO[09-12|06:28:12] Fetching...                              URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL6.xml.bz2
-INFO[09-12|06:28:12] Fetching...                              URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2
-INFO[09-12|06:28:12] Fetching...                              URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2
-INFO[09-12|06:28:13] Fetched...                               URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2
-INFO[09-12|06:28:13] Fetched...                               URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL6.xml.bz2
-INFO[09-12|06:28:13] Fetched...                               URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2
-INFO[09-12|06:28:13] Finished fetching OVAL definitions 
-INFO[09-12|06:28:13] Fetched                                  URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2 OVAL definitions=60
-INFO[09-12|06:28:13] Refreshing...                            Family=redhat Version=8
-INFO[09-12|06:28:14] Fetched                                  URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL6.xml.bz2 OVAL definitions=1130
-INFO[09-12|06:28:14] Refreshing...                            Family=redhat Version=6
-INFO[09-12|06:28:16] Fetched                                  URL=https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 OVAL definitions=887
-INFO[09-12|06:28:16] Refreshing...                            Family=redhat Version=7
-$ ls oval.sqlite3
-oval.sqlite3
-$ ls -alh oval.sqlite3
--rw-r--r--. 1 root root 11M Sep 12 06:28 oval.sqlite3
-
-
-

report

-

Now that the vulnerability DB is ready. Run the report.

-

Use vulsctl/report.sh to display the results. Identify potential CVE-IDs in the server to be scanned using the information in the JSON created by scan.sh and the OVAL provided by Red Hat, which we fetched earlier. See documentation for details.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./report.sh
-[Sep 12 07:12:10]  INFO [localhost] Validating config...
-[Sep 12 07:12:10]  INFO [localhost] Loaded: /vuls/results/2019-09-12T07:08:40Z
-[Sep 12 07:12:10]  INFO [localhost] Validating db config...
-INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /vuls/cve.sqlite3 
-INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /vuls/oval.sqlite3 
-INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /vuls/gost.sqlite3 
-INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /vuls/go-exploitdb.sqlite3 
-[Sep 12 07:12:10]  WARN [localhost] --cvedb-path=/vuls/cve.sqlite3 file not found. [CPE-scan](https://vuls.io/docs/en/usage-scan-non-os-packages.html#cpe-scan) needs cve-dictionary. if you specify cpe in config.toml, fetch cve-dictionary before reporting. For details, see `https://github.com/vulsio/go-cve-dictionary#deploy-go-cve-dictionary`
-[Sep 12 07:12:10]  WARN [localhost] --gostdb-path=/vuls/gost.sqlite3 file not found. Vuls can detect `patch-not-released-CVE-ID` using gost if the scan target server is Debian, RHEL or CentOS, For details, see `https://github.com/vulsio/gost#fetch- f`
-[Sep 12 07:12:10]  WARN [localhost] --exploitdb-path=/vuls/go-exploitdb.sqlite3 file not found. Fetch go-exploit-db before reporting if you want to display exploit codes of detected CVE-IDs. For details, see `https://github.com/vulsio/go-exploitdb`
-[Sep 12 07:12:10]  INFO [localhost] host: 0 CVEs are detected with Library
-[Sep 12 07:12:10]  INFO [localhost] OVAL is fresh: redhat 7.6.1810 
-[Sep 12 07:12:12]  INFO [localhost] host: 111 CVEs are detected with OVAL
-[Sep 12 07:12:12]  INFO [localhost] host: 0 CVEs are detected with CPE
-[Sep 12 07:12:12]  INFO [localhost] host: 0 CVEs are detected with GitHub Security Alerts
-[Sep 12 07:12:12]  INFO [localhost] host: 0 unfixed CVEs are detected with gost
-[Sep 12 07:12:12]  INFO [localhost] Fill CVE detailed information with CVE-DB
-[Sep 12 07:12:12]  INFO [localhost] Fill exploit information with Exploit-DB
-[Sep 12 07:12:12]  INFO [localhost] host: 0 exploits are detected
-host (centos7.6.1810)
-=======================
-Total: 111 (High:57 Medium:39 Low:15 ?:0), 35/111 Fixed, 359 installed, 63 updatable, 0 exploits, en: 0, ja: 0 alerts
-
-+------------------+------+--------+-----+------+---------+---------------------------------------------------+
-|      CVE-ID      | CVSS | ATTACK | POC | CERT |  FIXED  |                        NVD                        |
-+------------------+------+--------+-----+------+---------+---------------------------------------------------+
-| CVE-2019-10160   |  9.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-10160   |
-| CVE-2019-9636    |  9.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9636    |
-| CVE-2016-10745   |  9.0 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2016-10745   |
-| CVE-2019-11085   |  8.8 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11085   |
-| CVE-2018-5743    |  8.6 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-5743    |
-| CVE-2018-1000876 |  7.8 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-1000876 |
-| CVE-2018-18281   |  7.8 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-18281   |
-| CVE-2019-11811   |  7.8 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11811   |
-| CVE-2019-6974    |  7.8 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6974    |
-| CVE-2018-14618   |  7.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14618   |
-| CVE-2018-16871   |  7.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-16871   |
-| CVE-2019-11477   |  7.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11477   |
-| CVE-2019-3855    |  7.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-3855    |
-...snip
-
-
-

TUI

-

Vuls has a terminal-based viewer that allows you to view the results in the terminal. Let's try it out here.

-

Use vulsctl/tui.sh to view the results in the console. Tab to move the pane, arrow or jk to move it, and Ctrl-C to exit.

-

See documentation for details.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./tui.sh --cvss-over=7
-
-

tui

-
-

Overview

-

overview

-
-

Scan Ubuntu

-

Vuls can easily scan for vulnerabilities on any SSH-enabled remote Linux/FreeBSD.

-

Prepare a Ubuntu server and set up an SSH public key authentication and run SSH once before the scan.

-

Next, add the SSH information of the Ubuntu server to the configuration file for the scan.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ cat config.toml
-[servers]
-[servers.ubuntu]
-host        = "192.168.56.4"
-port        = "22"
-user        = "vuls"
-keyPath     = "/root/.ssh/id_rsa"
-
-

Perform a scan.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./scan.sh ubuntu
-
-

The report requires an additional Vulnerability DB for Ubuntu (OVAL).

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./oval.sh --ubuntu
-$ ./report.sh
-$ ./tui.sh
-
-

If you scan other Linux distributions, please prepare a corresponding OVAL in advance as well. Please refer to the documentation for details.

- -
-

Show not-fixed-yet vulnerabilities

-

There are a number of vulnerabilities for which CVE-IDs have been issued, but no update package is available(henceforth referred to as not-fixed-yet vulnerability), and Vuls can also detect not-fixed-yet vulnerability.

-

To detect these vulnerabilities, you need an additional vulnerability database. Use the following command to obtain the vulnerability DB using vulsio/gost.

-

gost only supports Red Hat, CentOS, and Debian. For other OS, fetching gost's DB does not affect the detection accuracy. However, it is recommended to fetch gost to add CVSS and Summary information, because Red Hat CVE information is rich and useful.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./gost.sh --redhat
-Using default tag: latest
-latest: Pulling from vuls/gost
-5d20c808ce19: Already exists
-c0f752a1fc26: Pull complete
-919f8990415c: Pull complete
-Digest: sha256:679a4306d67e0b0992fd43b46c4a2fe4d27a51a1e2d9394e19471c5df02c399c
-Status: Downloaded newer image for vuls/gost:latest
-docker.io/vuls/gost:latest
-INFO[09-12|15:00:33] Initialize Database
-2019-09-12T15:00:33.903Z        DEBUG   db path: db/trivy.db
-2019-09-12T15:00:33.929Z        DEBUG   remove an existed directory
-INFO[09-12|15:02:13] Opening DB.                              db=sqlite3
-INFO[09-12|15:02:13] Migrating DB.                            db=sqlite3
-INFO[09-12|15:02:13] Insert RedHat into DB                    db=sqlite3
- 0 / 20000 [------------------------------------------------------------------------------------------------------------------------------------------------------------------------]   0.00%INFO[09-12|15:02:13] Insert 20000 CVEs
- 20000 / 20000 [===============================================================================================================================================================] 100.00% 2m2s
-
-

In my environment, it took about 10 minutes.

-
    -
  • report
    • -
-

The number of vulnerability detections has increased. Vulnerabilities that not-fixed-yet vulnerability is shown as "Unfixed".

-
-

Show PoC/Exploit (Metasploit Framework)

-

Reports can show whether Exploit for detected CVE-IDs is in Metasploit Framework. A CVE with an attack module is considered to be easily attackable by the tool, so the risk is higher than a CVE without an attack module.

-

Fetch go-msfdb.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./msfdb.sh
-Using default tag: latest
-latest: Pulling from vuls/go-msfdb
-cbdbe7a5bc2a: Pull complete
-936c30013c05: Pull complete
-dabcf4a113d0: Pull complete
-Digest: sha256:124027eec3f5157447102dafaaae638037d3587936ed5f68055c822e8acc8f02
-Status: Downloaded newer image for vuls/go-msfdb:latest
-docker.io/vuls/go-msfdb:latest
-INFO[08-29|08:03:48] Opening DB                               db=sqlite3
-INFO[08-29|08:03:48] Init DB                                  db=sqlite3
-INFO[08-29|08:03:48] Migrating DB                             db=sqlite3
-INFO[08-29|08:03:48] Fetching vulsio/msfdb-list
-INFO[08-29|08:03:48] git clone                                repo=/root/.cache/go-msfdb/msfdb-list
-Cloning into '/root/.cache/go-msfdb/msfdb-list'...
-remote: Enumerating objects: 1835, done.
-remote: Counting objects: 100% (1835/1835), done.
-remote: Compressing objects: 100% (1834/1834), done.
-remote: Total 1835 (delta 26), reused 128 (delta 0), pack-reused 0
-Receiving objects: 100% (1835/1835), 945.52 KiB | 1.17 MiB/s, done.
-Resolving deltas: 100% (26/26), done.
-INFO[08-29|08:03:51] Updated files                            count=1978
-INFO[08-29|08:03:51] Metasploit-Framework modules             count=2216
-INFO[08-29|08:03:51] Insert info into go-msfdb.             db=sqlite3
-INFO[08-29|08:03:51] Inserting Modules having CVEs...
-2216 / 2216 [-----------------------------------------------------------------------------------------------------------------------------] 100.00% 1979 p/s
-INFO[08-29|08:03:53] CveID Metasploit Count                   count=2216
-
-

It took about 5 seconds in my environment.

-

Scan again, and the report will show you the information for the Metasploit module.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./scan.sh
-$ ./tui.sh
-
-

metasploit

-
-

Show PoC/Exploit (Exploit Database)

-

The Exploit Database has collected over 43,000 PoCs.

-

Vuls can show if a PoC exists for each CVE-ID detected by Vuls, which means that vulnerabilities with a PoC are riskier than those without. However, it is unclear whether the PoC detected is a works fine or not, so it needs to be verified by the user.

-

Fetch go-exploitdb.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./exploitdb.sh
-Using default tag: latest
-latest: Pulling from vuls/go-exploitdb
-36ccefbf3d8a: Already exists 
-84ce22b2ba2c: Pull complete 
-b1b2d52f4b6e: Pull complete 
-4f4fb700ef54: Pull complete 
-Digest: sha256:90c7d3a7c5fc6636a024c1eb33bb23f856e1d170d6c4f6ed11e6d619f1ea6f7e
-Status: Downloaded newer image for vuls/go-exploitdb:latest
-docker.io/vuls/go-exploitdb:latest
-go-exploitdb  
-INFO[03-24|23:31:07] Fetching Offensive Security Exploit 
-INFO[03-24|23:31:07] Fetching                                 URL=https://cve.mitre.org/data/downloads/allitems-cvrf.xml
-INFO[03-24|23:32:07] Fetching                                 URL=https://raw.githubusercontent.com/offensive-security/exploitdb/master/files_shellcodes.csv
-INFO[03-24|23:32:07] Fetching                                 URL=https://raw.githubusercontent.com/offensive-security/exploitdb/master/files_exploits.csv
-INFO[03-24|23:32:08] Fetching                                 URL=https://raw.githubusercontent.com/offensive-security/exploitdb-papers/master/files_papers.csv
-INFO[03-24|23:32:08] Offensive Security Exploit               count=49153
-INFO[03-24|23:32:08] Insert Exploit into go-exploitdb.        db=sqlite3
-INFO[03-24|23:32:08] Inserting 49153 Exploits 
-INFO[03-24|23:32:08] Inserting new Exploits 
-49153 / 49153 [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 41581 p/s
-INFO[03-24|23:32:10] No CveID Exploit Count                   count=36406
-INFO[03-24|23:32:10] CveID Exploit Count                      count=12747
-INFO[03-24|23:32:10] Fetching Awesome Poc Exploit 
-INFO[03-24|23:32:11] Awesome Poc Exploit                      count=823
-INFO[03-24|23:32:11] Insert Exploit into go-exploitdb.        db=sqlite3
-INFO[03-24|23:32:11] Inserting 823 Exploits 
-INFO[03-24|23:32:11] Inserting new Exploits 
-823 / 823 [-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s
-INFO[03-24|23:32:11] No CveID Exploit Count                   count=0
-INFO[03-24|23:32:11] CveID Exploit Count                      count=823
-INFO[03-24|23:32:11] Fetching GitHub Repos Exploit 
-WARN[03-24|23:32:11] Recommend installing git (if not, DB update is very slow) 
-INFO[03-24|23:32:37] GitHub Repos Exploit                     count=2808
-INFO[03-24|23:32:37] Insert Exploit into go-exploitdb.        db=sqlite3
-INFO[03-24|23:32:37] Inserting 2808 Exploits 
-INFO[03-24|23:32:37] Inserting new Exploits 
-2808 / 2808 [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s
-INFO[03-24|23:32:37] No CveID Exploit Count                   count=0
-INFO[03-24|23:32:37] CveID Exploit Count                      count=2808
-INFO[03-24|23:32:38] Fetching inTheWild Poc Exploit 
-INFO[03-24|23:32:48] inTheWild Poc Exploit                    count=71653
-INFO[03-24|23:32:48] Insert Exploit into go-exploitdb.        db=sqlite3
-INFO[03-24|23:32:48] Inserting 71653 Exploits 
-INFO[03-24|23:32:48] Inserting new Exploits 
-71653 / 71653 [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 52870 p/s
-INFO[03-24|23:32:49] No CveID Exploit Count                   count=0
-INFO[03-24|23:32:49] CveID Exploit Count                      count=71653
-
-

Scan again and view the report to see the PoC information in the Exploit Database.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./scan.sh
-$ ./tui.sh
-
-

exploitdb

-
-

Show CISA Known Exploited Vulnerabilities Alert

-

The CISA Known Exploited Vulnerabilities Catalog has a list of CVE-IDs that have actually been exploited in attacks.

-

Vuls can show whether a detected CVE-ID is a CVE-ID in the CISA Known Exploited Vulnerabilities Catalog.

-

Fetch go-kev.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./kev.sh
-Using default tag: latest
-latest: Pulling from vuls/go-kev
-97518928ae5f: Pull complete 
-62b85d17d49f: Pull complete 
-dc5e1f7a485e: Pull complete 
-Digest: sha256:f0f0fc109d6de6b160b82c72ba6a70df65ff5ca28bf727be0d122b9d918508e5
-Status: Downloaded newer image for vuls/go-kev:latest
-docker.io/vuls/go-kev:latest
-go-kev  
-INFO[04-15|17:13:38] Fetching Known Exploited Vulnerabilities 
-INFO[04-15|17:13:38] Fetching                                 URL=https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
-INFO[04-15|17:13:39] Insert Known Exploited Vulnerabilities into go-kev. db=sqlite3
-INFO[04-15|17:13:39] Inserting Known Exploited Vulnerabilities... 
-644 / 644 [-------------------------------------------------------------------------------] 100.00% ? p/s
-INFO[04-15|17:13:39] CveID Count                              count=644
-
-

Scan again and view the report to see the CISA Known Exploited Vulnerabilities Alert.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./scan.sh
-$ ./tui.sh
-
-

cisa-kev

-
-

Show Cyber Threat Intelligence(MITER ATT&CK and CAPEC)

-

The Cyber Threat Intelligence(MITRE ATT&CK and CAPEC) has information on attack techniques, etc.

-

Vuls displays the Cyber Threat Intelligence associated with the detected CVE-ID.

-

Fetch go-cti.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./cti.sh
-Using default tag: latest
-latest: Pulling from vuls/go-cti
-97518928ae5f: Pull complete 
-62b85d17d49f: Pull complete 
-dc5e1f7a485e: Pull complete 
-Digest: sha256:f0f0fc109d6de6b160b82c72ba6a70df65ff5ca28bf727be0d122b9d918508e5
-Status: Downloaded newer image for vuls/go-cti:latest
-docker.io/vuls/go-cti:latest
-go-cti
-INFO[04-20|03:27:56] Fetching Cyber Threat Intelligence and CVE-ID to CTI-ID Mappings 
-INFO[04-20|03:27:56] Fetching MITRE ATT&CK... 
-INFO[04-20|03:27:57] Fetching CAPEC... 
-INFO[04-20|03:27:57] Fetching CWE... 
-INFO[04-20|03:28:01] Fetching NVD CVE...                      year=recent
-INFO[04-20|03:28:03] Fetching NVD CVE...                      year=modified
-INFO[04-20|03:28:05] Fetching NVD CVE...                      year=2002
-INFO[04-20|03:28:07] Fetching NVD CVE...                      year=2003
-INFO[04-20|03:28:09] Fetching NVD CVE...                      year=2004
-INFO[04-20|03:28:12] Fetching NVD CVE...                      year=2005
-INFO[04-20|03:28:14] Fetching NVD CVE...                      year=2006
-INFO[04-20|03:28:17] Fetching NVD CVE...                      year=2007
-INFO[04-20|03:28:19] Fetching NVD CVE...                      year=2008
-INFO[04-20|03:28:23] Fetching NVD CVE...                      year=2009
-INFO[04-20|03:28:25] Fetching NVD CVE...                      year=2010
-INFO[04-20|03:28:28] Fetching NVD CVE...                      year=2011
-INFO[04-20|03:28:31] Fetching NVD CVE...                      year=2012
-INFO[04-20|03:28:33] Fetching NVD CVE...                      year=2013
-INFO[04-20|03:28:36] Fetching NVD CVE...                      year=2014
-INFO[04-20|03:28:39] Fetching NVD CVE...                      year=2015
-INFO[04-20|03:28:42] Fetching NVD CVE...                      year=2016
-INFO[04-20|03:28:45] Fetching NVD CVE...                      year=2017
-INFO[04-20|03:28:48] Fetching NVD CVE...                      year=2018
-INFO[04-20|03:28:52] Fetching NVD CVE...                      year=2019
-INFO[04-20|03:28:56] Fetching NVD CVE...                      year=2020
-INFO[04-20|03:29:00] Fetching NVD CVE...                      year=2021
-INFO[04-20|03:29:05] Fetching NVD CVE...                      year=2022
-INFO[04-20|03:29:07] Fetched Cyber Threat Intelligence and CVE-ID to CTI-ID Mappings techniques=1112 mappings=98011 attackers=672
-INFO[04-20|03:29:07] Insert Cyber Threat Intelligences and CVE-ID to CTI-ID Mappings into go-cti. db=sqlite3
-INFO[04-20|03:29:07] Inserting Cyber Threat Intelligences... 
-INFO[04-20|03:29:07] Inserting Techniques... 
-1112 / 1112 [------------------------------------------------] 100.00% 2475 p/s
-INFO[04-20|03:29:08] Inserting CVE-ID to CTI-ID CveToTechniques... 
-98011 / 98011 [----------------------------------------------] 100.00% 7459 p/s
-INFO[04-20|03:29:21] Inserting Attackers... 
-672 / 672 [-----------------------------------------------------] 100.00% ? p/s
-
-

Scan again and view the report to see the Cyber Threat Intelligence.

-
$ pwd
-/home/vuls/vulsctl/docker
-$ ./scan.sh
-$ ./tui.sh
-
-

cti

-
-

JPCERT/CC and USCERT alert information.

-

It is possible to obtain JPCERT/CC and US-CERT alerts and display whether the detected vulnerability corresponds to the alert information.

- -
-

CISA Known Exploited Vulnerabilities alert information.

-

It is possible to obtain CISA Known Exploited Vulnerabilities alerts and display whether the detected vulnerability corresponds to the alert information.

- -
-

Cyber Threat Intelligence(MITRE ATT&CK and CAPEC) information.

-

It is possible to obtain Cyber Threat Information(MITRE ATT&CK and CAPEC) and display whether the detected vulnerability corresponds to the Cyber Threat Information.

- -
-

Scan in fast-root mode

-

The fast-root scan mode issues commands that require root privileges. This allows you to display process information, and network port listen information, and other information useful in making triage decisions.

-
[vuls@host vulsctl]$ sudo su -
-[sudo] vuls password:
-[root@host ~]# mkdir .ssh
-[root@host ~]# chmod 700 .ssh
-[root@host ~]# cat /home/vuls/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
-[root@host ~]# chmod 600 /root/.ssh/*
-[root@host ~]# exit
-
-

Check if you can connect to SSH as a root user without a password.

-
[vuls@host vulsctl]$ ssh root@192.168.56.3
-Last login: Mon Jan 27 13:15:06 2020
-[root@host ~]# exit
-
-

The root user can connect to SSH without a password.

-

Next, add the following to config.toml. The following is added to config.toml: scanMode = ["fast-root"] to specify the fast-root mode.

-
[servers]
-[servers.hostroot]
-host         = "192.168.56.3"
-port        = "22"
-user        = "root"
-keyPath     = "/root/.ssh/id_rsa"
-scanMode     = ["fast-root"]
-
-

Scan and report.

-
$ ./scan.sh hostroot
-$ ./report.sh
-$ ./tui.sh
-
-

The TUI now displays process, and network port listen information. You can now see if a process is running from a vulnerable package, including CVE, and if the process is listening to a network port. You can now make a decision to investigate if a process that is vulnerable to a network-based attack is listening to the network.

-

port

-

In fast-root scan mode, additional OS packages may need to be installed in advance. Also, if you use sudo instead of root user, you need to set up /etc/sudoers on the server to be scanned. Please refer to documentation for details.

-
-

Offline scan mode

-

There is also an offline mode that allows you to scan even if the server you want to scan cannot connect to the Internet. Configure toml as follows.

-
[servers]
-[servers.hostroot]
-host         = "192.168.56.3"
-port        = "22"
-user        = "root"
-keyPath     = "/root/.ssh/id_rsa"
-scanMode     = ["fast", "offline"]
-
-
-

Application library vulnerability detection

-

Vuls supports scanning for application dependency libraries.

-

There are several ways to do this, and it's better to try them out as they may not be suitable for your needs.

- -

See Document for details.

-

The next section explains how to scan with a lock file.

-
-

Application library vulnerability detection (lock file specification)

-

It is possible to parse the lock files of package managers for programming languages such as Gem and pip and detect potential vulnerabilities in the dependent libraries defined in them. (Vuls uses aquasecurity/trivy internally.)

-

Documentation.

-

The following lock files are supported for now.

-
    -
  • Gemfile.lock
    • -
  • Pipfile.lock
    • -
  • poetry.lock
    • -
  • composer.lock
    • -
  • package-lock.json
    • -
  • yarn.lock
    • -
  • Cargo.lock
    • -
-

So let's try scanning old Redmine Gemfile.lock on GitHub.

-

First, we'll use wget to get the old Gemfile.lock on the scan target server.

-
$ # Execute on the scan target server
-$ pwd
-/home/vuls/vulsctl/docker
-$ wget https://raw.githubusercontent.com/41studio/redmine/master/Gemfile.lock
-
-

Specify the path of the lockfiles in config.toml.

-
[servers]
-[servers.host]
-host         = "192.168.56.3"
-port        = "22"
-user        = "vuls"
-keyPath     = "/root/.ssh/id_rsa"
-lockfiles = [ "/home/vuls/vulsctl/docker/Gemfile.lock" ]
-
-

Scan and report.

-
$ ./scan.sh hostroot
-$ ./report.sh
-$ ./tui.sh
-
-

library

-
-

CPE Scan.

-

Vuls can detect vulnerabilities in network devices and commercial middleware by defining CPE in config.toml. The OS package scan is done by actually SSH into the server and issuing the command. However, the CPE scan is detected by comparing the versions of the NVD and JVN databases. It does not issue commands on the device and does not access the device via a network.

-

Here's a sample config.toml: type="pseudo". If type="pseudo" is specified, you can change the mode to not connect to SSH.

-
[servers.forti]
-type = "pseudo"
-cpeNames = [
-    "cpe:/o:fortinet:fortios:4.3.0",
-]
-
-

Vuls need the NVD and JVN data sources for CPE scan, so use cve.sh to get them if they are not already fetched.

-
$ ./scan.sh forti
-$ ./cve.sh
-$ ./report.sh
-$ ./tui.sh
-
-

image

-

See documentation for more information.

-
-

Commonly used options in reports.

-

vuls.io/usage-report

-

Options|Description| |:-|:-| | -debug | Debug flags. The flag to identify the command being issued.| | -cvss-over | Filter by CVSS score| | -ignore-unfixed | Hide not-fixed-yet vulnerabilities | | -diff | Difference from last time only (new detection only)|

-
-

Fetch all vulnerable DB

-

Fetch all Vulnerability DB using update-all.sh. This will take some time ...

-

This will take over an hour in my environment.

-
$ ./update-all.sh
-
-

Misc

- -
TutorialLocal Scan Mode
\ No newline at end of file diff --git a/docs/ja/tutorial.html b/docs/ja/tutorial.html deleted file mode 100644 index 8113a426..00000000 --- a/docs/ja/tutorial.html +++ /dev/null @@ -1,115 +0,0 @@ -Tutorial · Vuls
Edit

Tutorial

Install with awlessScan with Vulsctl
\ No newline at end of file diff --git a/docs/ja/usage-automatic-discovery.html b/docs/ja/usage-automatic-discovery.html deleted file mode 100644 index 0a610be5..00000000 --- a/docs/ja/usage-automatic-discovery.html +++ /dev/null @@ -1,277 +0,0 @@ -Automatic Discovery · Vuls
Edit

Automatic Discovery

Discoveryサブコマンドは、指定されたCIDR範囲にあるアクティブなサーバを探して、それらに対する設定ファイル(TOML形式) のテンプレートをターミナルに表示します。

-
$ vuls discover -help
-discover:
-        discover 192.168.0.0/24
-
-

Example

-
$ vuls discover 192.168.11.0/24
-# Create config.toml using below and then ./vuls -config=/path/to/config.toml
-
-
-# https://vuls.io/docs/en/config.toml.html#database-section
-[cveDict]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/cve.sqlite3"
-#url        = ""
-
-[ovalDict]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/oval.sqlite3"
-#url        = ""
-
-[gost]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/gost.sqlite3"
-#url        = ""
-
-[exploit]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-exploitdb.sqlite3"
-#url        = ""
-
-[metasploit]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-msfdb.sqlite3"
-#url        = ""
-
-[kevuln]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-kev.sqlite3"
-#url        = ""
-
-[cti]
-#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
-#sqlite3Path = "/path/to/go-cti.sqlite3"
-#url        = ""
-
-# https://vuls.io/docs/en/config.toml.html#slack-section
-#[slack]
-#hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-##legacyToken = "xoxp-11111111111-222222222222-3333333333"
-#channel      = "#channel-name"
-##channel     = "${servername}"
-#iconEmoji    = ":ghost:"
-#authUser     = "username"
-#notifyUsers  = ["@username"]
-
-# https://vuls.io/docs/en/config.toml.html#email-section
-#[email]
-#smtpAddr      = "smtp.example.com"
-#smtpPort      = "587"
-#user          = "username"
-#password      = "password"
-#from          = "from@example.com"
-#to            = ["to@example.com"]
-#cc            = ["cc@example.com"]
-#subjectPrefix = "[vuls]"
-
-# https://vuls.io/docs/en/config.toml.html#http-section
-#[http]
-#url = "http://localhost:11234"
-
-# https://vuls.io/docs/en/config.toml.html#syslog-section
-#[syslog]
-#protocol    = "tcp"
-#host        = "localhost"
-#port        = "514"
-#tag         = "vuls"
-#facility    = "local0"
-#severity    = "alert"
-#verbose     = false
-
-# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
-#[aws]
-#profile                = "default"
-#region                 = "ap-northeast-1"
-#s3Bucket               = "vuls"
-#s3ResultsDir           = "/path/to/result"
-#s3ServerSideEncryption = "AES256"
-
-# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
-#[azure]
-#accountName   = "default"
-#accountKey    = "xxxxxxxxxxxxxx"
-#containerName = "vuls"
-
-# https://vuls.io/docs/en/config.toml.html#chatwork-section
-#[chatwork]
-#room     = "xxxxxxxxxxx"
-#apiToken = "xxxxxxxxxxxxxxxxxx"
-
-# https://vuls.io/docs/en/config.toml.html#telegram-section
-#[telegram]
-#chatID     = "xxxxxxxxxxx"
-#token = "xxxxxxxxxxxxxxxxxx"
-
-#[wpscan]
-#token = "xxxxxxxxxxx"
-#detectInactive = false
-
-# https://vuls.io/docs/en/config.toml.html#default-section
-[default]
-#port               = "22"
-#user               = "username"
-#keyPath            = "/home/username/.ssh/id_rsa"
-#scanMode           = ["fast", "fast-root", "deep", "offline"]
-#scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
-#lockfiles = ["/path/to/package-lock.json"]
-#cpeNames = [
-#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-#]
-#owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
-#ignoreCves         = ["CVE-2014-6271"]
-#ignorePkgsRegexp   = ["^kernel", "^python"]
-#containersOnly     = false
-#containerType      = "docker" #or "lxd" or "lxc" default: docker
-#containersIncluded = ["${running}"]
-#containersExcluded = ["container_name_a"]
-
-# https://vuls.io/docs/en/config.toml.html#servers-section
-[servers]
-
-[servers.127-0-0-1]
-host                = "127.0.0.1"
-#ignoreIPAddresses = ["127.0.0.1"]
-#port               = "22"
-#user               = "root"
-#sshConfigPath      = "/home/username/.ssh/config"
-#keyPath            = "/home/username/.ssh/id_rsa"
-#scanMode           = ["fast", "fast-root", "deep", "offline"]
-#scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
-#type               = "pseudo"
-#memo               = "DB Server"
-#findLock = true
-#findLockDirs       = ["/path/to/dir"]
-#lockfiles = ["/path/to/package-lock.json"]
-#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
-#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
-#ignoreCves         = ["CVE-2014-0160"]
-#ignorePkgsRegexp   = ["^kernel", "^python"]
-#containersOnly     = false
-#containerType      = "docker" #or "lxd" or "lxc" default: docker
-#containersIncluded = ["${running}"]
-#containersExcluded = ["container_name_a"]
-
-#[servers.127-0-0-1.containers.container_name_a]
-#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
-#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
-#ignoreCves         = ["CVE-2014-0160"]
-#ignorePkgsRegexp   = ["^kernel", "^python"]
-
-#[servers.127-0-0-1.githubs."owner/repo"]
-#token   = "yourToken"
-
-#[servers.127-0-0-1.wordpress]
-#cmdPath = "/usr/local/bin/wp"
-#osUser = "wordpress"
-#docRoot = "/path/to/DocumentRoot/"
-
-#[servers.127-0-0-1.portscan]
-#scannerBinPath = "/usr/bin/nmap"
-#hasPrivileged = true
-#scanTechniques = ["sS"]
-#sourcePort = "65535"
-
-#[servers.127-0-0-1.windows]
-#serverSelection = 3
-#cabPath = "/path/to/wsusscn2.cab"
-
-#[servers.127-0-0-1.optional]
-#key = "value1"
-
-

このテンプレートをカスタマイズしてconfig.tomlを作成すればよい。

-
config.tomlconfigtest
\ No newline at end of file diff --git a/docs/ja/usage-configtest.html b/docs/ja/usage-configtest.html deleted file mode 100644 index 1a68dc1c..00000000 --- a/docs/ja/usage-configtest.html +++ /dev/null @@ -1,204 +0,0 @@ -configtest · Vuls
Edit

configtest

$ vuls configtest --help
-configtest:
-        configtest
-                        [-config=/path/to/config.toml]
-                        [-log-dir=/path/to/log]
-                        [-timeout=300]
-                        [-debug]
-
-                        [SERVER]...
-  -config string
-        /path/to/toml (default "/Users/kotakanbe/go/src/github.com/future-architect/vuls/config.toml")
-  -debug
-        debug mode
-  -http-proxy string
-        http://proxy-url:port (default: empty)
-  -log-dir string
-        /path/to/log (default "/var/log/vuls")
-  -timeout int
-        Timeout(Sec) (default 300)
-
-
-

configtestサブコマンドは、config.tomlで定義されたサーバ/コンテナに対してSSH可能かどうかをチェックする。

-

Dependencies

-

fast scan mode

- - - - - - - - - - - - - - - - - - - - - - - -
DistributionReleaseRequirements
Alpine3.2 and later-
Ubuntu14.04, 16.04, 18.04, 20.04, 21.04, 21.10, 22.04, 22.10, 23.04, 23.10-
Debian7, 8, 9, 10, 11, 12(reboot-notifier)
CentOS6, 7, 8, stream8, stream9-
AlmaLinux8, 9-
Rocky Linux8, 9-
AmazonAll-
RHEL5, 6, 7, 8, 9-
Fedora32, 33, 34, 35, 36, 37, 38, 39-
Oracle Linux5, 6, 7-
openSUSEtumbleweed-
openSUSE Leap15.2, 15.3-
SUSE Enterprise11, 12, 15-
FreeBSD10, 11-
RaspbianJessie, Stretch, Buster-
WindowsClient, Server-
MacOSMacOS X, MacOS X Server, MacOS, MacOS Server-
-

fast-root scan mode

-

fast-rootのとき、configtestサブコマンドはスキャン対象のサーバにパッケージがインストールされていることと、/etc/sudoersを確認します。

- - - - - - - - - - - - - - - - - - - - - - - - -
DistributionReleaseRequirements
Alpine3.2 and later-
Ubuntu14.04, 16.04, 18.04, 20.04, 21.04, 21.10, 22.04, 22.10, 23.04, 23.10debian-goodies
Debian8, 9, 10, 11, 12debian-goodies, reboot-notifier
CentOS6, 7, 8, stream8, stream9-
AlmaLinux8, 9-
Rocky Linux8, 9-
AmazonAll-
RHEL6, 7-
RHEL8, 9lsof
Fedora32, 33, 34, 35, 36, 37, 38, 39-
Oracle Linux5, 6, 7-
openSUSEtumbleweed-
openSUSE Leap15.2, 15.3-
SUSE Enterprise11, 12, 15-
FreeBSD10, 11-
RaspbianJessie, Stretch, Busterdebian-goodies
WindowsClient, Server-
MacOSMacOS X, MacOS X Server, MacOS, MacOS Server-
-

deep scan mode

-

fast-rootモードと同じです。

-

/etc/sudoers on Target Servers

-

configtestサブコマンドは、スキャン対象サーバのsudo設定を確認して、VulsがSSH越しにnopasswordでSUDOできるかも確認します。

-

if you got the below error, requiretty should be defined in /etc/sudoers.

-
stderr: sudo: sorry, you must have a tty to run sudo
-
-
Defaults:vuls !requiretty
-
-

/etc/sudoers

- - - - - - - - - - - - - - - - - - - - -
Distributionfastfast-rootdeep
Ubuntu 14.04, 16.04, 18.04, 20.04, 21.04, 21.10, 22.04, 22.10, 23.04, 23.10-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -nfast-rootと同じ
Debian 8, 9, 10, 11, 12-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -nfast-rootと同じ
CentOS 6, 7, 8, stream8, stream9-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nfast-rootと同じ
AlmaLinux 8, 9-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/repoquery, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -nfast-rootと同じ
Rocky Linux 8-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nfast-rootと同じ
Amazon Linux-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nfast-rootと同じ
Amazon Linux 2-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nfast-rootと同じ
Amazon Linux 2022-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nsame as fast-root
Amazon Linux 2023-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -nsame as fast-root
RHEL 6, 7, 8, 9-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /usr/bin/repoquery, /usr/bin/yum makecache --assumeyes, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n, /usr/sbin/lsof -i -P -nsame as fast-root
Oracle Linux 6, 7-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /usr/bin/repoquery, /usr/bin/yum makecache --assumeyessame as fast-root
SUSE Enterprise 11, 12, 15-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/which, /usr/bin/zypper ps, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n, /usr/sbin/lsof -i -P -nsame as fast-root
FreeBSD 10---
Raspbian-vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -nsame as fast-root
-

If your server is behind a proxy, also add the following.

-
Defaults:vuls env_keep="http_proxy https_proxy HTTP_PROXY HTTPS_PROXY"
-
-
Automatic DiscoveryScan
\ No newline at end of file diff --git a/docs/ja/usage-report.html b/docs/ja/usage-report.html deleted file mode 100644 index e4a884ea..00000000 --- a/docs/ja/usage-report.html +++ /dev/null @@ -1,785 +0,0 @@ -Report · Vuls
Edit

Report

report:
-  report
-    [-lang=en|ja]
-    [-config=/path/to/config.toml]
-    [-results-dir=/path/to/results]
-    [-log-to-file]
-    [-log-dir=/path/to/log]
-    [-refresh-cve]
-    [-cvss-over=7]
-    [-confidence-over=80]
-    [-diff]
-    [-diff-minus]
-    [-diff-plus]
-    [-ignore-unscored-cves]
-    [-ignore-unfixed]
-    [-to-email]
-    [-to-http]
-    [-to-slack]
-    [-to-chatwork]
-    [-to-googlechat]
-    [-to-telegram]
-    [-to-localfile]
-    [-to-s3]
-    [-to-azure-blob]
-    [-format-json]
-    [-format-one-email]
-    [-format-one-line-text]
-    [-format-list]
-    [-format-full-text]
-    [-format-csv]
-    [-format-cyclonedx-json]
-    [-format-cyclonedx-xml]
-    [-gzip]
-    [-http-proxy=http://192.168.0.1:8080]
-    [-debug]
-    [-debug-sql]
-    [-quiet]
-    [-no-progress]
-    [-pipe]
-    [-http="http://vuls-report-server"]
-    [-trivy-cachedb-dir=/path/to/dir]
-    [-trivy-java-db-repository="OCI-repository-for-trivy-java-db"]
-    [-trivy-skip-java-db-update]
-
-    [RFC3339 datetime format under results dir]
-  -confidence-over int
-      -confidence-over=40 means reporting Confidence Score 40 and over (default: 80) (default 80)
-  -config string
-      /path/to/toml (default "$HOME/config.toml")
-  -cvss-over float
-      -cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))
-  -debug
-      debug mode
-  -debug-sql
-      SQL debug mode
-  -diff
-      Plus & Minus Difference between previous result and current result
-  -diff-minus
-      Minus Difference between previous result and current result
-  -diff-plus
-      Plus Difference between previous result and current result
-  -format-csv
-      CSV format
-  -format-cyclonedx-json
-      CycloneDX JSON format
-  -format-cyclonedx-xml
-      CycloneDX XML format
-  -format-full-text
-      Detail report in plain text
-  -format-json
-      JSON format
-  -format-list
-      Display as list format
-  -format-one-email
-      Send all the host report via only one EMail (Specify with -to-email)
-  -format-one-line-text
-      One line summary in plain text
-  -gzip
-      gzip compression
-  -http-proxy string
-      http://proxy-url:port (default: empty)
-  -ignore-unfixed
-      Don't report the unfixed CVEs
-  -ignore-unscored-cves
-      Don't report the unscored CVEs
-  -lang string
-      [en|ja] (default "en")
-  -log-dir string
-      /path/to/log (default "/var/log/vuls")
-  -log-to-file
-      Output log to file
-  -no-progress
-      Suppress progress bar
-  -pipe
-      Use args passed via PIPE
-  -quiet
-      Quiet mode. No output on stdout
-  -refresh-cve
-      Refresh CVE information in JSON file under results dir
-  -results-dir string
-      /path/to/results (default "$HOME/results")
-  -to-azure-blob
-      Write report to Azure Storage blob (container/yyyyMMdd_HHmm/servername.json/txt)
-  -to-chatwork
-      Send report via chatwork
-  -to-email
-      Send report via Email
-  -to-googlechat
-      Send report via Google Chat
-  -to-http
-      Send report via HTTP POST
-  -to-localfile
-      Write report to localfile
-  -to-s3
-      Write report to S3 (bucket/yyyyMMdd_HHmm/servername.json/txt)
-  -to-slack
-      Send report via Slack
-  -to-syslog
-      Send report via Syslog
-  -to-telegram
-      Send report via Telegram
-  -trivy-cachedb-dir string
-      /path/to/dir (default "$HOME/.cache/trivy")
-  -trivy-java-db-repository string
-        Trivy Java DB Repository (default "ghcr.io/aquasecurity/trivy-java-db")
-  -trivy-skip-java-db-update
-        Skip Trivy Java DB Update
-
-
-

How to detect CVE in Vuls?

-

Vuls detects CVEs, gets the information of CVEs and filters.

- -

Vuls-Detect

-

Example of three format options

-

Vuls has three format options.

-
    -
  • format-list(default)
    • -
  • format-one-line-text
    • -
  • format-full-text
    • -
-

format-list

-

report-list

-
$ vuls report
-
-localhost (ubuntu20.04)
-=======================
-Total: 285 (Critical:33 High:92 Medium:133 Low:18 ?:9)
-2/285 Fixed, 105 poc, 0 exploits, cisa: 1, uscert: 0, jpcert: 0 alerts
-1932 installed
-
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-|      CVE-ID      | CVSS | ATTACK | POC |   ALERT   |  FIXED  |                PACKAGES                |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2016-1585    |  9.8 |  AV:N  |     |           | unfixed | apparmor                               |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2017-7810    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2017-7826    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2017-7827    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2018-16301   |  9.8 |  AV:L  |     |           | unfixed | tcpdump                                |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2018-5089    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2018-5090    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2018-5126    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2018-5145    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2018-5150    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2018-5151    |  9.8 |  AV:N  |     |           | unfixed | libmozjs-52-0                          |
-+------------------|------|--------|-----|-----------|---------|----------------------------------------+
-| CVE-2019-18276   |  9.8 |  AV:L  | POC |           | unfixed | bash                                   |
-... snip ...
-
-

format-one-line-text

-
$ vuls report -format-one-line-text
-
-One Line Summary
-================
-c74     Total: 294 (High:65 Medium:198 Low:24 ?:7)      93/294 Fixed    708 installed, 285 updatable
-deb8    Total: 490 (High:62 Medium:158 Low:22 ?:248)    11/490 Fixed    512 installed
-
-

format-full-text

-

report-list

-
$ vuls report -format-full-text
-
-c74 (centos7.4.1708)
-====================
-Total: 23 (High:22 Medium:1 Low:0), 9/23 Fixed, 708 installed, 285 updatable
-
-+---------------|----------------------------------------------------------------------------------+
-| CVE-2017-9233 |                                                                                  |
-+---------------|----------------------------------------------------------------------------------+
-| Max Score     | 7.5 HIGH (nvd)                                                                   |
-| nvd           | 7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H HIGH                            |
-| redhat_api    | 6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MODERATE                        |
-| nvd           | 5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P MEDIUM                                            |
-| Summary       | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML       |
-|               | Parser Library) allows attackers to put the parser in an infinite loop using a   |
-|               | malformed external entity definition from an external DTD.                       |
-| Mitigation    |  Do not parse untrusted arbitrary XML data using the expat                       |
-|               | package.                                                                         |
-| CWE           | CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') (redhat_api)     |
-| CWE           | [OWASP Top4] CWE-611: Improper Restriction of XML External Entity Reference      |
-|               | ('XXE') (nvd)                                                                    |
-| Affected PKG  | expat-2.1.0-10.el7_3 -> Will not fix                                             |
-| Confidence    | 100 / RedHatAPIMatch                                                             |
-| Source        | https://nvd.nist.gov/vuln/detail/CVE-2017-9233                                   |
-| CVSSv2 Calc   | https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2017-9233          |
-| CVSSv3 Calc   | https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-9233          |
-| RHEL-CVE      | https://access.redhat.com/security/cve/CVE-2017-9233                             |
-| CWE           | https://cwe.mitre.org/data/definitions/CWE-835.html                              |
-| CWE           | https://cwe.mitre.org/data/definitions/CWE-611.html                              |
-| OWASP Top10   | https://github.com/OWASP/Top10/blob/master/2017/en/0xa4-xxe.md                   |
-+---------------|----------------------------------------------------------------------------------+
-
-... snip ...
-
-
c74 (centos7.4.1708)
-====================
-Total: 23 (High:22 Medium:1 Low:0), 9/23 Fixed, 708 installed, 285 updatable
-
-
    -
  • c74 means that it is a scan report of servers.c74 defined in config.toml.
    • -
  • (centos7.4.1708) means that the version of the OS is CentOS 7.4.
    • -
  • Total: 23 (High:22 Medium:1 Low:0) means that a total of 23 vulnerabilities exist, and the distribution of CVSS Severity is displayed.
    • -
  • 9/23 Fixedmeans` that a total of 23 vulnerabilities exist, and 9 is fixed, 14 is not fixed yet.
    • -
  • 285 updatable packages means that there are 285 update-able packages on the target server.
    • -
-
+---------------|----------------------------------------------------------------------------------+
-| CVE-2017-9233 |                                                                                  |
-+---------------|----------------------------------------------------------------------------------+
-| Max Score     | 7.5 HIGH (nvd)                                                                   |
-| nvd           | 7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H HIGH                            |
-| redhat_api    | 6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MODERATE                        |
-| nvd           | 5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P MEDIUM                                            |
-| Summary       | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML       |
-|               | Parser Library) allows attackers to put the parser in an infinite loop using a   |
-|               | malformed external entity definition from an external DTD.                       |
-| Mitigation    |  Do not parse untrusted arbitrary XML data using the expat                       |
-|               | package.                                                                         |
-| CWE           | CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') (redhat_api)     |
-| CWE           | [OWASP Top4] CWE-611: Improper Restriction of XML External Entity Reference      |
-|               | ('XXE') (nvd)                                                                    |
-| Affected PKG  | expat-2.1.0-10.el7_3 -> Will not fix                                             |
-| Confidence    | 100 / RedHatAPIMatch                                                             |
-| Source        | https://nvd.nist.gov/vuln/detail/CVE-2017-9233                                   |
-| CVSSv2 Calc   | https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2017-9233          |
-| CVSSv3 Calc   | https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-9233          |
-| RHEL-CVE      | https://access.redhat.com/security/cve/CVE-2017-9233                             |
-| CWE           | https://cwe.mitre.org/data/definitions/CWE-835.html                              |
-| CWE           | https://cwe.mitre.org/data/definitions/CWE-611.html                              |
-| OWASP Top10   | https://github.com/OWASP/Top10/blob/master/2017/en/0xa4-xxe.md                   |
-+---------------|----------------------------------------------------------------------------------+
-
-
    -

  • Max Score means Max CVSS Score.

    • -

  • nvd shows CVSS Vector of NVD

    • -

  • redhat shows CVSS Vector of Red Hat OVAL

    • -

  • jvn shows CVSS Vector of JVN

    • -

  • CWE means CWE - Common Weakness Enumeration of the CVE.

    • -

  • [OWASP Top10] means the CWE is included in OWASP TOP 10

    • -

  • Affected PKG shows the package version information including this vulnerability.

    • -

  • Confidence means the reliability of detection.

    -
      -
    • 100 is highly reliable
      • -
    • -

  • Item list of Confidence

    - - - - - - - - - - - - - - - - - - - - -
    Detection MethodConfidencetypeDescription
    OvalMatch100CentOS, AlmaLinux, Rocky Linux, RHEL, Fedora, Oracle, Ubuntu, Debian, SUSEOVAL
    RedHatAPIMatch100CentOS, AlmaLinux, Rocky Linux, RHELRed Hat API
    UbuntuAPIMatch100UbuntuUbuntu API
    DebianSecurityTrackerMatch100DebianDebian Security Tracker
    TrivyMatch100Container image and Lockfiletrivy
    PkgAuditMatch100FreeBSDpkg audit
    WPScanMatch100WordPresswpscan.com
    GitHubMatch100libraryDetected by GitHub Security Alerts
    NvdExactVersionMatch100CPE scanRange match in semantic versioning format or an exact match.
    NvdRoughVersionMatch80CPE scanRough version match for non-semantic versioning as defined in NVD.
    NvdVendorProductMatch10CPE scanIf the version is not defined for the CPE specified in config.toml. There is a possibility of false positives.
    JvnVendorProductMatch10CPE scanDetected by Jvn. Affected Version in JVN is not a parsable format, so it is matched by Part, Vendor and Product. There is a possibility of false positives.
    ChangelogExactMatch95CentOS, Ubuntu, Debian, RaspbianExact version match between changelog and package version.
    ChangelogRoughMatch50Ubuntu, Debian, RaspbianRough version match between changelog and package version.
    -
    • -
-

Example: Generate all client scan reports

-
# Show scan history
-$ vuls history
-
-# Generate reports for all scan history
-$ for REPORT_DATE in $(vuls history | awk '{ print $1 }') ; do echo "$REPORT_DATE" | vuls report -format-one-line-text -pipe ; done
-
-# Generate reports for a specific date
-vuls history | grep "DATE" | vuls report -format-one-line-text -pipe
-
-

Example: Difference between previous result and current result

-

The -diff-plus option detects new or updated vulnerabilities compared to the previous json.The one with _diff.json is output. The -diff-minus option detects vulnerabilities that have already been patched compared to the previous json.The one with _diff.json is output. -diff option turns on both options -diff-plus and -diff-minus

-
# After vuls scan, get minus difference.
-$ vuls report -diff-minus -to-localfile -format-json
-
-

Example: Specify the path of go-cve-dictionary, goval-dictionary and gost

-

config.toml

-
[cveDict]
-type = "sqlite3"
-SQLite3Path = "/path/to/cve.sqlite3"
-
-[ovalDict]
-type = "sqlite3"
-SQLite3Path = "/path/to/oval.sqlite3"
-
-[gost]
-type = "sqlite3"
-SQLite3Path = "/path/to/gost.sqlite3"
-
-[exploit]
-type = "sqlite3"
-SQLite3Path = "/path/to/go-exploitdb.sqlite3"
-
-[metasploit]
-type = "sqlite3"
-SQLite3Path = "/path/to/go-msfdb.sqlite3"
-
-[kevuln]
-type = "sqlite3"
-SQLite3Path = "/path/to/go-kev.sqlite3"
-
-[cti]
-type = "sqlite3"
-SQLite3Path = "/path/to/go-cti.sqlite3"
-
-

Example: Send scan results to another endpoint

-

Define HTTP section in config.toml

-
$ vuls report \
-      -to-http \
-      -format-json
-
-

Sample PHP code on the endpoint side:

-
<?php
-$tmp_file = __DIR__ . '/vuls-'. uniqid() . '.json';
-file_put_contents($tmp_file, file_get_contents("php://input"));
-if (file_exists($tmp_file)) {
-    $raw_json_data = file_get_contents($tmp_file);
-    $json_data = json_decode($raw_json_data);
-    $scanned_hostname = $json_data->{'serverName'};
-    $new_file = __DIR__ . '/' . strtolower($scanned_hostname) . '.json';
-    rename($tmp_file, $new_file);
-}
-?>
-
-

Source: vuls.php

-
-

The following code will simply create a JSON file named with the hostname extracted that way hostname.json. It will be created in the same location of the vuls.php file.

-
-

Example: Send scan results to email

-

Define EMail section in config.toml

-
$ vuls report \
-      -to-email \
-      -cvss-over=7
-
-

With this sample command, it will ..

-
    -
  • Send scan results to Email
    • -
  • CVSSスコアが7以上のCVEのみをレポートします。
    • -
-

Example: Send scan results to ChatWork

-

Define ChatWork section in config.toml

-
$ vuls report \
-      -to-chatwork \
-      -cvss-over=7
-
-

With this sample command, it will ..

-
    -
  • Send scan results to ChatWork
    • -
  • CVSSスコアが7以上のCVEのみをレポートします。
    • -
-

Example: Send scan results to Slack

-

Define Slack section in config.toml

-
$ vuls report \
-      -to-slack \
-      -cvss-over=7
-
-

With this sample command, it will ..

-
    -
  • Send scan results to slack
    • -
  • CVSSスコアが7以上のCVEのみをレポートします。
    • -
-

Example: Send scan results to Telegram

-

Define Telegram section in config.toml

-
$ vuls report \
-      -to-telegram \
-      -cvss-over=7
-
-

With this sample command, it will ..

-
    -
  • Send scan results to Telegram
    • -
  • Only Report CVEs that CVSS score is over 7
    • -
-

Example: Put results in S3 bucket

-

To put results in S3 bucket, configure following settings in AWS before reporting.

- -

Example of IAM policy:

-
{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "s3:ListAllMyBuckets"
-            ],
-            "Resource": "arn:aws:s3:::*"
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "s3:PutObject"
-            ],
-            "Resource": "arn:aws:s3:::vuls/*"
-        }
-    ]
-}
-
-

config.toml

-
[aws]
-profile = "default"
-region = "ap-northeast-1"
-s3Bucket = "vuls"
-s3ServerSideEncryption = "AES256"
-
-

reporting

-
$ vuls report \
-      -to-s3 \
-      -format-json
-
-

With this sample command, it will ..

-

Put scan result(JSON) in S3 bucket

-
    -
  • with AES256
    • -
  • bucket name is "vuls"
    • -
  • ap-northeast-1
    • -
  • profile is "default"
    • -
  • The Server-side encryption algorithm (e.g., AES256, aws:kms).
    • -
-

Example: Put results in Azure Blob storage

-

To put results in Azure Blob Storage, configure following settings in Azure before reporting.

-
    -
  • Create a Azure Blob container
    • -
-

config.toml

-
[azure]
-accountName = "default"
-accountKey = "xxxxxxxxxxxxxx"
-containerName "vuls"
-
-
$ vuls report -to-azure-blob
-...
-
-

With this sample command, it will ..

-

Put scan result(JSON) in Azure Blob Storage.

-
    -
  • container name is "vuls"
    • -
  • storage account is "test"
    • -
  • accesskey is "access-key-string"
    • -
-

account and access key can be defined in environment variables.

-
$ export AZURE_STORAGE_ACCOUNT=test
-$ export AZURE_STORAGE_ACCESS_KEY=access-key-string
-$ vuls report -to-azure-blob
-
-

Example: Put results in Google Cloud Storage

-

vuls report doesn’t support Google Cloud Strorage option If you want to put scan result(JSON) in Google Cloud Storage, please use gsutil

-
$ gsutil cp ./results/yyyyMMdd_HHmm/servername.json gs://my-awesome-bucket
-
-

see Quickstart: Using the gsutil tool

-

Example: IgnoreCves

-

Define ignoreCves in config if you don't want to report(Slack, EMail, Text...) specific CVE IDs.

-
    -
  • config.toml
    • -
-
[default]
-ignoreCves = ["CVE-2016-6313"]
-
-[servers.bsd]
-host     = "192.168.11.11"
-user     = "kanbe"
-ignoreCves = ["CVE-2016-6314"]
-
-

Example: IgnoreCves of a container

-
    -
  • config.toml
    • -
-
[default]
-ignoreCves = ["CVE-2016-6313"]
-
-[servers.cent7]
-host     = "192.168.11.11"
-user     = "kanbe"
-
-[servers.cent7.containers.romantic_goldberg]
-ignoreCves = ["CVE-2016-6314"]
-
-

Example: IgnorePkgsRegexp

-

Define ignorePkgsRegexp in config if you don't want to report(Slack, EMail, Text...) match against the specific regexp google/re2.

-
[servers.c74]
-host     = "192.168.11.11"
-user     = "kanbe"
-ignorePkgsRegexp = ["^kernel", "^python"]
-
-[servers.c74.containers.romantic_goldberg]
-ignorePkgsRegexp = ["^vim"]
-
-

Example: GitHub Security Alerts Integration

- -

Example: Add optional key-value pairs to JSON

-

Optional key-value can be outputted to JSON. The key-value in the default section will be overwritten by servers section's key-value. For instance, you can use this field for Azure ResourceGroup name, Azure VM Name and so on.

-
    -
  • config.toml
    • -
-
[default]
-[default.optional]
-key1 = "default_value"
-key3 = val3
-
-
-[servers.bsd]
-host     = "192.168.11.11"
-user     = "kanbe"
-[servers.bsd.optional]
-key1 = "val1"
-key2 = "val2"
-
-
    -
  • bsd.json
    • -
-
[
-  {
-    "ServerName": "bsd",
-    "Family": "FreeBSD",
-    "Release": "10.3-RELEASE",
-    .... snip ...
-    "Optional": {
-        "key1": "val1" ,
-        "key2": "val2" ,
-        "key3": "val3"
-    }
-  }
-]
-
-

Example: Use MySQL as a DB storage back-end

-

config.toml

-
[cveDict]
-type = "mysql"
-url = "user:pass@tcp(localhost:3306)/dbname?parseTime=true"
-
-[ovalDict]
-type = "mysql"
-url = "user:pass@tcp(localhost:3306)/dbname?parseTime=true"
-
-[gost]
-type = "mysql"
-url = "user:pass@tcp(localhost:3306)/dbname?parseTime=true"
-
-[exploit]
-type = "mysql"
-url = "user:pass@tcp(localhost:3306)/dbname?parseTime=true"
-
-[metasploit]
-type = "mysql"
-url = "user:pass@tcp(localhost:3306)/dbname?parseTime=true"
-
-
$ vuls report
-...
-
-

If you get below error message while fetching, define sql_mode.

-
Error 1292: Incorrect datetime value: '0000-00-00' for column 'issued' at row 1
-
-

For details, see TODO

-

Example: Use PostgreSQL as a DB storage back-end

-

config.toml

-
[cveDict]
-type = "postgres"
-url = "host=myhost user=user dbname=dbname sslmode=disable password=password"
-
-[ovalDict]
-type = "postgres"
-url = "host=myhost user=user dbname=dbname sslmode=disable password=password"
-
-[gost]
-type = "postgres"
-url = "host=myhost user=user dbname=dbname sslmode=disable password=password"
-
-[exploit]
-type = "postgres"
-url = "host=myhost user=user dbname=dbname sslmode=disable password=password"
-
-[metasploit]
-type = "postgres"
-url = "host=myhost user=user dbname=dbname sslmode=disable password=password"
-
-
$ vuls report
-...
-
-

Example: Use Redis as a DB storage back-end

-

config.toml

-
[cveDict]
-type = "redis"
-url = "redis://localhost/1"
-
-[ovalDict]
-type = "redis"
-url = "redis://localhost/1"
-
-[gost]
-type = "redis"
-url = "redis://localhost/1"
-
-[exploit]
-type = "redis"
-url = "redis://localhost/1"
-
-[metasploit]
-type = "redis"
-url = "redis://localhost/1"
-
-
$ vuls report
-...
-
-

Example: Use HTTP to access to vulnerability dictionary

-

config.toml

-
[cveDict]
-type = "http"
-url = "http://localhost:1323"
-
-[ovalDict]
-type = "http"
-url = "http://localhost:1324"
-
-[gost]
-type = "http"
-url = "http://localhost:1325"
-
-[exploit]
-type = "http"
-url = "http://localhost:1326"
-
-[metasploit]
-type = "http"
-url = "http://localhost:1327"
-
-
$ vuls report
-...
-
-
ScanTUI
\ No newline at end of file diff --git a/docs/ja/usage-scan-non-os-packages.html b/docs/ja/usage-scan-non-os-packages.html deleted file mode 100644 index 98af49f6..00000000 --- a/docs/ja/usage-scan-non-os-packages.html +++ /dev/null @@ -1,247 +0,0 @@ -Scan vulnerabilities of non-OS packages · Vuls
Edit

Scan vulnerabilities of non-OS packages

オプション

-

non-OS-packagesの脆弱性をスキャンするために、以下のオプションが用意されています。

-
    -
  • lockファイルの指定(ライブラリ)
    • -
  • GitHubとの連携(ライブラリ)
    • -
  • config.tomlへのCPEの設定(ネットワークデバイス、ライブラリ)
    • -
  • OWASPの依存性チェック(ライブラリ)
    • -
-

ライブラリの脆弱性のスキャン

-

Vuls over v0.8.0 can scan libraries using aquasecurity/trivy on the local/remote file system.

-

A sample of config.toml is blow.
-specify the path of lockfiles, Vuls can detect vulns of libs without defining CPEs.

-
[servers]
-
-[servers.ubuntu]
-host         = "xxx.xxx.xxx"
-port        = "22"
-user        = "tamachi"
-keyPath     = "/Users/amachi/.ssh/id_dsa"
-lockfiles = [
-  "/home/tamachi/lockfiles/package-lock.json",
-  "/home/tamachi/lockfiles/yarn.lock",
-  "/home/tamachi/lockfiles/struts.jar",
-]
-
-

Automatic lockfile detection

-

If findLock=true and findLockDirs are specified, libraries on the local file system can be automatically detected by the find command.

-

NOTE: When findLock = true, the target lockfile depends on the scan mode and scan user privilege. When scan mode is fast, it depends on the privilege of the scan user. If the scan user does not have the root privilege, lockfiles that require the root privilege will not be detected. When scan mode is fast-root, lockfiles are detected with root privileges.

-
[servers]
-
-[servers.ubuntu]
-host         = "xxx.xxx.xxx"
-port        = "22"
-user        = "tamachi"
-keyPath     = "/Users/amachi/.ssh/id_dsa"
-findLock = true # auto detect lockfile
-findLockDirs = [
-  "/path/to/prject/lib",
-  "/path/to/prject2/lib",
-]
-
-

Usage: Integrate with GitHub Security Alerts

-

GitHub tracks reported vulnerabilities in certain dependencies and provides security alerts to affected repositories. GitHub Security Alerts. It becomes possible to import vulnerabilities detected by GitHub via GitHub's API.

-

First, enable GitHub security alerts on your repo. see

-

Second, Issue a token. see

-

3rd, config.toml

-

To ignore vulnerabilities dismissed on GitHub, set IgnoreGithubDismissed to true at githubs section.

-
[servers.ghsa]
-type = "pseudo"
-
-[servers.ghsa.githubs."owner/repo"]
-token   = "xxxxYourTokenxxx"
-IgnoreGithubDismissed = true
-
-

CPE Scan

-

Vuls scan detect vulnerabilities in non-OS packages, such as something you compiled by yourself, language libraries and frameworks that have been registered in the CPE.

-

The CPE scan uses the NVD information to search for the specified CPE. It is necessary to set up go-cve-dictionary and fetch NVD data source in advance. To setup go-cve-dictionary, see here

-

see also Architecture/CPE Scan

-

How to search CPE name by software name

-

NVD: Search Common Platform Enumerations (CPE) You need Check CPE Naming Format: 2.2

-

go-cpe-dictionary is a good choice for geeks. asciicast

-

You can search a CPE name by the application name incrementally.

-

Configuration

-

Host OS

-

To detect the vulnerability of Ruby on Rails v4.2.1 and PostgreSQL9.6.2, cpeNames needs to be set in the servers section.

-
[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-user        = "ec2-user"
-keyPath     = "/home/username/.ssh/id_rsa"
-cpeNames = [
-    "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-    "cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*",
-]
-
-

Container

-

To detect the vulnerability of Ruby on Rails v4.2.1 on specific container, cpeNames needs to be set in the servers>containers section. The following is an example of running Ruby on Rails v4.2.1 and PostgreSQL9.6.2 on dockerA.

-
[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-user        = "ec2-user"
-keyPath     = "/home/username/.ssh/id_rsa"
-containerType = "docker"
-containersIncluded = ["${running}"]
-
-[servers.172-31-4-82.containers.dockerA]
-cpeNames = [
-    "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-    "cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*",
-]
-
-
-

type="pseudo"

-

Specify this when you want to detect vulnerability by specifying cpename without SSH connection. The pseudo type does not do anything when scanning. Search for NVD at report time and detect vulnerability of software specified as cpenamae.

-
[servers]
-
-[servers.forti]
-type = "pseudo"
-cpeNames = [
-    "cpe:/o:fortinet:fortios:4.3.0",
-]
-
-

Japanese Software

-

JVN can be used to detect vulnerabilities in Japanese software that are not defined in the NVD.

-
    -
  • Fetching JVN with go-cve-dictionary
    • -
  • Define CPE for Japanese software.
    • -
  • Report with --confidence-over=0.
    • -
-

The Affected version is not defined in a parsable format in JVN. Therefore, all vulnerabilities with matching Part, Vendor, and Product are detected. Note that there are false positives.

-

Usage: Integrate with OWASP Dependency Check to Automatic update when the libraries are updated (Experimental)

-

OWASP Dependency check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.

-

Benefit of integrating Vuls And OWASP Dependency Check is below.

-
    -
  • Automatic Update of Vuls config when the libraries are updated.
    • -
  • Reporting by Email or Slack by using Vuls.
    • -
  • Reporting in Japanese -
      -
    • OWASP Dependency Check supports only English.
      • -
    • -
-

How to integrate Vuls with OWASP Dependency Check

-
    -

  • Execute OWASP Dependency Check with --format=XML option.

    • -

  • Define the xml file path of dependency check in config.toml.

    -
    ```bash
-[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-user        = "ec2-user"
-keyPath     = "/home/username/.ssh/id_rsa"
-owaspDCXMLPath = "/tmp/dependency-check-report.xml"
-```
-
    • -
-

The following is an example of how to specify a XML of OWASP DC to the specific container.

-
[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-user        = "ec2-user"
-keyPath     = "/home/username/.ssh/id_rsa"
-containerType = "docker"
-containersIncluded = ["${running}"]
-
-[servers.172-31-4-82.containers.dockerA]
-owaspDCXMLPath = "/tmp/dependency-check-report.xml"
-
-
-
Scan Docker ImageScan WordPress
\ No newline at end of file diff --git a/docs/ja/usage-scan-port.html b/docs/ja/usage-scan-port.html deleted file mode 100644 index 9abad52d..00000000 --- a/docs/ja/usage-scan-port.html +++ /dev/null @@ -1,137 +0,0 @@ -Scan Port by External Port Scanner · Vuls
Edit

Scan Port by External Port Scanner

Scan Port by External Port Scanner(nmap)

-

Starting with Vuls v0.13, port scanning is available to make related vulnerabilities more visible.

-

Unless you write the config [servers.xxx-xxx-xxx-xxx.portscan], it will use the port scanning feature of the Vuls built-in. The following config.toml will use an external scanner (currently only nmap is supported) in scannerBinPath to scan ports.

-
    -
  • config.toml
    • -
-
[servers]
-
-[servers.127-0-0-1]
-host                = "127.0.0.1"
-port               = "22"
-user               = "root"
-scanMode           = ["fast-root"]
-scanModules        = ["ospkg", "port"]
-
-[servers.127-0-0-1.portscan]
-scannerBinPath = "/usr/bin/nmap"
-hasPrivileged = true
-scanTechniques = ["sS"]
-sourcePort = "65535"
-
-
    -

  • scannerBinPath: PATH to the external scanner to be executed for port scanning in Vuls. Currently only nmap is supported.

    • -

  • hasPrivileged: Allows you to specify whether you have enough privileges to perform operations that require root privileges on UNIX systems (--privileged). The following options affect scanTechniques, sourcePort. If you want to use this function as a non-root user, you need to set the capability appropriately. Try running the following command, and if the capability is set as well, it should work well. See also this document.

    • -
-
$ getcap /usr/bin/nmap
-/usr/bin/nmap = cap_net_bind_service,cap_net_admin,cap_net_raw+eip
-
-
    -
  • scanTechniques: Allows you to specify the method of port scanning. Currently, the following are supported. Note that you need to set hasPrivileged to true if you want to use a scanning method other than -sT.
    • -
-
SCAN TECHNIQUES:
-  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-  -sN/sF/sX: TCP Null, FIN, and Xmas scans.
-
-
    -
  • sourcePort: packets will be sent from the specified single port number, if possible(-g). The port number can be from 0 to 65535, but if 0 is specified, it may not work on all systems, so a validation error is raised. sourcePort(-g) is incompatible with the default TCPConnect scan (-sT). If you want to set the source port, use a raw scan such as -sS.
    • -
-

Refs

- -
Scan WordPressScan Windows
\ No newline at end of file diff --git a/docs/ja/usage-scan-wordpress.html b/docs/ja/usage-scan-wordpress.html deleted file mode 100644 index a4ae0e8f..00000000 --- a/docs/ja/usage-scan-wordpress.html +++ /dev/null @@ -1,185 +0,0 @@ -Scan vulnerabilities of WordPress · Vuls
Edit

Scan vulnerabilities of WordPress

WordPressのスキャン (本体、プラグイン、テーマ)

-

非商用で使う場合は、WordPressとの連携を無料で使用できます。 But for commercial use, You have to send a E-Mail to the WPScan Team. For Details, see the NOTE:

-
あなたのソフトウェアが非商用かどうかわからない時や、商用で使用したいときのお問い合わせ
-
-

First, you need to register a user and get the API token from your profile page on wpscan.com. And then, check whether the wp command is installed on the scan target server. 以下はサンプルの設定です。

-
    -
  • config.toml
    • -
-
  [wpscan]
-  token = "Token"
-  detectInactive = false
-
-  [servers.kusanagi]
-    user = "root"
-    host = "10.10.10.10"
-    port = "22"
-
-  [servers.kusanagi.wordpress]
-    cmdPath = "/usr/local/bin/wp"
-    osUser = "wordpress"
-    docRoot = "/home/kusanagi/wp/DocumentRoot/"
-    noSudo = false
-
-
    -
  • token: A token of wpscan.com
    • -
  • detectInactive : Detect plugins or themes which are inactive state
    • -
  • cmdPath : A path of wp on the wordpress server
    • -
  • osUser : A OS user of wp on the wordpress server
    • -
  • docRoot : A path of document root on the wordpress server
    • -
  • noSudo : Run the wp command with sudo privileges
    • -
-

スキャン

-

WordPressをスキャンするには、以下のように実行してください。

-
$ vuls scan kusanagi
-
-

Vuls collects WordPress Core version, plugins and themes via wp-cli.

-

レポート

-
$ vuls report
-
-

Vuls detects vulnerabilities via accessing WPScan.com via HTTP.

-
    -
  • Slack
    • -
-

slack

-

slack2

-
    -
  • TUI
    • -
-

tui

-
    -
  • Full-Text
    • -
-

text

-

Tips

-
    -
  • If you have some virtual WordPress sites in a server.
    • -
  • OSのパッケージは要らなくてWordPressだけのレポートが欲しいとき
    • -
-
# for server administrator
-[servers.wordpress]
-host = "wordpress"
-
-# for WordPress site FOO
-[servers.foo]
-host = "wordpress"
-scanModules = ["wordpress"]
-[servers.foo.wordpress]
-docRoot = "/home/foo/wordpress/"
-
-# for WordPress site BAR
-[servers.bar]
-host = "wordpress"
-scanModules = ["wordpress"]
-[servers.bar.wordpress]
-docRoot = "/home/bar/wordpress/"
-
-

If sudo cannot be executed with scan user

-

Set noSudo = true to execute the command without sudo.
-If scan user and wordpress osUser are different, it is necessary to be able to switch from scan user to wordpress osUser without a password, since the command is executed by switching to wordpress osUser.
-See PR #1523 if you want to know the actual command to be executed.

-

For example, the following config requires that the switch from user to wordpress (user $ su - wordpress) can be executed without a password.

-
[servers.wordpress]
-user = "user"
-
-[servers.wordpress.wordpress]
-cmdPath     = "/usr/local/bin/wp"
-osUser      = "wordpress"
-docRoot     = "/var/www/html"
-noSudo      = true
-
-
Scan non OS packagesScan Port
\ No newline at end of file diff --git a/docs/ja/usage-scan.html b/docs/ja/usage-scan.html deleted file mode 100644 index 468badc7..00000000 --- a/docs/ja/usage-scan.html +++ /dev/null @@ -1,299 +0,0 @@ -Scan · Vuls
Edit

Scan

$ vuls scan -help
-scan:
-        scan
-                [-config=/path/to/config.toml]
-                [-results-dir=/path/to/results]
-                [-log-dir=/path/to/log]
-                [-cachedb-path=/path/to/cache.db]
-                [-skip-broken]
-                [-http-proxy=http://192.168.0.1:8080]
-                [-timeout=300]
-                [-timeout-scan=7200]
-                [-debug]
-                [-pipe]
-
-                [SERVER]...
-  -cachedb-path string
-        /path/to/cache.db (local cache of changelog for Ubuntu/Debian)
-  -config string
-        /path/to/toml
-  -debug
-        debug mode
-  -http-proxy string
-        http://proxy-url:port (default: empty)
-  -log-dir string
-        /path/to/log (default "/var/log/vuls")
-  -pipe
-        Use stdin via PIPE
-  -results-dir string
-        /path/to/results
-  -skip-broken
-        [For CentOS] yum update changelog with --skip-broken option
-  -timeout int
-        Number of seconds for processing other than scan (default 300)
-  -timeout-scan int
-        Number of second for scanning vulnerabilities for all servers (default 7200)
-
-

fast scan

-

fast scan mode scans with no root-privilege, no deps on scan target server. 詳しくは、以下を参照してください。 実際にスキャンする前に、vuls configtestで設定をチェックしてください。 詳しくは、以下を参照してください。

- -

インターネット接続を使うfast scan

-
    -
  • config.toml
    • -
-
[servers]
-
-[servers.localhost]
-host         = "192.168.100.111" # or "127.0.0.1"
-port         = "22"
-scanMode     = ["fast"]
-
-

インターネット接続を使わないfast scan

-
    -
  • config.toml
    • -
-
[servers]
-
-[servers.localhost]
-host         = "192.168.100.111" # or "127.0.0.1"
-port         = "22"
-scanMode     = ["fast", "offline"]
-
-

fast-root scan

-

fast-root scan mode scans with root-privilege. 実際にスキャンする前に、vuls configtestで設定をチェックしてください。 詳しくは、以下を参照してください。

- -

インターネット接続を使うfast-root scan

-
    -
  • config.toml
    • -
-
[servers]
-
-[servers.localhost]
-host         = "192.168.100.111" # or "127.0.0.1"
-port         = "22"
-scanMode     = ["fast-root"]
-
-

インターネット接続を使わないfast-root scan

-
    -
  • config.toml
    • -
-
[servers]
-
-[servers.localhost]
-host         = "192.168.100.111" # or "127.0.0.1"
-port         = "22"
-scanMode     = ["fast-root", "offline"]
-
-

deep scan

-
    -
  • 今のところfast-rootスキャンモードと同じです。
    • -
-

-ssh-native-insecure オプション

-

removed in https://github.com/future-architect/vuls/issues/1181

-

Example: Scan all servers defined in config file

-
$ vuls scan
-
-

With this sample command, it will ..

- -

Example: Scan specific servers

-
$ vuls scan server1 server2
-
-

With this sample command, it will ..

-
    -
  • Scan only 2 servers (server1, server2)
    • -
-

Example: Scan via shell instead of SSH

-

Vuls scans localhost instead of SSH if the host address is localhost or 127.0.0.1 and the port is local in config. For more details, see Architecture section

-
    -

  • config.toml

    -
    [servers]
-
-[servers.localhost]
-host         = "localhost" # or "127.0.0.1"
-port         = "local"
-
    • -
-

Example: Scan Running containers (Docker/LXD/LXC)

-

It is common that keep containers running without SSHd daemon. see Docker Blog:Why you don't need to run SSHd in your Docker containers

-

Docker

-

Vuls scans running Docker containers via docker exec instead of SSH. For more details, see Architecture section

-

If you don’t want to use root, create a Unix group called docker and add users to it For details, see docker manual

-

To scan all of the running containers

-

"${running}" needs to be set in the containers item.

-

-[servers.172-31-4-82] host = "172.31.4.82" user = "ec2-user" keyPath = "/home/username/.ssh/id_rsa" containerType = "docker" containersIncluded = ["${running}"] ```
-
-#### 特定の実行中のコンテナだけをスキャンする
-
-The container ID or container name needs to be set in the container item.  
-In the following example, only `container_name_a` and `4aa37a8b63b9` will be scanned.  
-Be sure to check these containers are running state before scanning.  
-If specified containers are not running, Vuls gives up scanning with the printing error message.
-
-```toml [servers]
-
-[servers.172-31-4-82] host = "172.31.4.82" user = "ec2-user" keyPath = "/home/username/.ssh/id_rsa" containerType = "docker" containersIncluded = ["container_name_a", "4aa37a8b63b9"] ```
-
-#### 特定の実行中のコンテナ以外だけをスキャンする
-
-```toml
-[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-user        = "ec2-user"
-keyPath     = "/home/username/.ssh/id_rsa"
-containerType = "docker"
-containersIncluded = ["${running}"]
-containersExcluded = ["container_name_a", "4aa37a8b63b9"]
-
-

コンテナだけをスキャンする (Dockerホストはスキャンされない)

-
 [servers.localhost]
-host = "localhost"
-port = "local"
-user = "vuls"
-scanMode = ["fast-root"]
-containersIncluded = ["${running}"]
-containersOnly= true
-
-

LXD

-

Vuls scans lxd via lxc exec instead of SSH.

-
[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-user        = "ec2-user"
-keyPath     = "/home/username/.ssh/id_rsa"
-containertype = "lxd"
-containersIncluded = ["${running}"]
-containersExcluded = ["container_name_a", "4aa37a8b63b9"]
-
-

LXC

-

Vuls scans lxc via lxc-attach instead of SSH.

-
[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-user        = "ec2-user"
-keyPath     = "/home/username/.ssh/id_rsa"
-containertype = "lxc"
-containersIncluded = ["${running}"]
-containersExcluded = ["container_name_a", "4aa37a8b63b9"]
-
-
-

LXC required root privilege.

-

Example of /etc/sudoers on target servers

-
vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/lxc-attach -n *, /usr/bin/lxc-ls *
-
-

Example: scan WordPress (core, plugin, theme)

-

For Details, see usage-scan-wordpress

-

Example: scan a lockfile of libraries

-

For Details, see Scan vulnerabilities of non-OS packages

-

Example: scan Port by External Port Scanner(nmap)

-

For Details, see Scan Port by External Port Scanner

-

Example: scan Windows

-

For Details, see Scan Windows

-
configtestReport
\ No newline at end of file diff --git a/docs/ja/usage-server.html b/docs/ja/usage-server.html deleted file mode 100644 index 3ad2de21..00000000 --- a/docs/ja/usage-server.html +++ /dev/null @@ -1,502 +0,0 @@ -Server · Vuls
Edit

Server

$ vuls server -h
-Server:
-  Server
-    [-lang=en|ja]
-    [-config=/path/to/config.toml]
-    [-log-to-file]
-    [-log-dir=/path/to/log]
-    [-confidence-over=80]
-    [-cvss-over=7]
-    [-ignore-unscored-cves]
-    [-ignore-unfixed]
-    [-to-localfile]
-    [-http-proxy=http://192.168.0.1:8080]
-    [-debug]
-    [-debug-sql]
-    [-listen=localhost:5515]
-
-    [RFC3339 datetime format under results dir]
-  -config string
-      /path/to/toml (default "/Users/kanbe/go/src/github.com/future-architect/vuls/config.toml")
-  -confidence-over int
-      -confidence-over=40 means reporting Confidence Score 40 and over (default: 80) (default 80)
-  -cvss-over float
-      -cvss-over=6.5 means Servering CVSS Score 6.5 and over (default: 0 (means Server all))
-  -debug
-      debug mode
-  -debug-sql
-      SQL debug mode
-  -http-proxy string
-      http://proxy-url:port (default: empty)
-  -ignore-unfixed
-      Don't show the unfixed CVEs
-  -ignore-unscored-cves
-      Don't show the unscored CVEs
-  -lang string
-      [en|ja] (default "en")
-  -listen string
-      host:port (default: localhost:5515) (default "localhost:5515")
-  -log-dir string
-      /path/to/log (default "/var/log/vuls")
-  -log-to-file
-      Output log to file
-  -results-dir string
-      /path/to/results (default "/Users/kanbe/go/src/github.com/future-architect/vuls/results")
-  -to-localfile
-      Write report to localfile
-
-
-

エンドポイント

-
    -
  • /vuls -
      -
    • 脆弱性の検知
      • -
    • -
  • /health -
      -
    • ヘルスチェック
      • -
    • -
-

Content-Types

-
    -
  • application/json
    • -
  • text/plain
    • -
-

text/plain

-

Headers

-
    -
  • X-Vuls-OS-Family (linux: required, windows: required, macos: required) -
      -
    • OS Family of your target server (rhel, fedora, centos, alma, rocky, amazon, ubuntu and debian, raspbian, windows, macos)
      • -
    • -
  • X-Vuls-OS-Release (linux: required, windows: optional, macos: required) -
      -
    • OS Release of your target server (e.g. 6.9, 16.04, etc.)
      • -
    • -
  • X-Vuls-Kernel-Release (linux: required, windows: not required, macos: not required) -
      -
    • スキャン対象サーバのカーネル (例: 2.6.32-696.6.3.el6.x86_64)
      • -
    • linux: Collect by a command such as uname -r
      • -
    • -
  • X-Vuls-Kernel-Version (linux: optional, windows: optional, macos: optional) -
      -
    • Debianの時は必須です。 (例 3.16.51-2)
      • -
    • linux: Collect by a command such as uname -a | awk '{print $7}'
      • -
    • windows: Version such as <major>.<minor>.<build>(.<revision>) in winver.exe, systeminfo.exe, etc.
      • -
    • -
  • X-Vuls-Server-Name (任意) -
      -
    • -to-localfileオプションを指定するときは必須
      • -
    • スキャン対象サーバの名前 (例 web01)
      • -
    • -
-
$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: centos" -H "X-Vuls-OS-Release: 6.9" -H "X-Vuls-Kernel-Release: 2.6.32-696.30.1.el6.x86_64" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://localhost:5515/vuls
-
-

上記の設定をcronにします。

-

application/json

-

Send JSON to your Vuls server. This is supposed to be used from programs etc.

-

以下のようなJSONを送ってください。

-
$ cat centos6.json
-{
-  "family": "centos",
-  "release": "6.9",
-  "runningKernel": {
-    "release": "2.6.32-696.6.3.el6.x86_64",
-    "version": "",
-    "rebootRequired": false
-  },
-  "packages": {
-    "ntp": {
-      "name": "ntp",
-      "version": "4.2.6p5",
-      "release": "10.el6.centos.2",
-      "arch": "x86_64"
-    },
-    "openssh": {
-      "name": "openssh",
-      "version": "5.3p1",
-      "release": "122.el6",
-      "arch": "x86_64"
-    }
-  }
-}
-
-
$ curl -X POST -H "Content-Type: application/json" -d @centos6.json http://localhost:5515/vuls
-
-

Supported OS

-
    -
  • RHEL
    • -
  • Fedora
    • -
  • CentOS
    • -
  • AlmaLinux
    • -
  • Rocky Linux
    • -
  • Amazon Linux
    • -
  • Debian
    • -
  • Raspbian(Raspberry Pi OS)
    • -
  • Ubuntu
    • -
  • SLES
    • -
  • Windows
    • -
  • MacOS
    • -
-

例: 一行でスキャン

-

Change [Your Vuls Server] to your host name or IP address of the Vuls server.

-

Vulsサーバの用意

-

Vulsサーバはスキャン結果を応答します。

-
$ vuls server -listen 0.0.0.0:5515
-[Aug 25 18:10:49]  INFO [localhost] Validating config...
-[Aug 25 18:10:49]  INFO [localhost] cve-dictionary: /Users/teppei/src/github.com/future-architect/vuls/cve.sqlite3
-[Aug 25 18:10:49]  INFO [localhost] oval-dictionary: /Users/teppei/src/github.com/future-architect/vuls/oval.sqlite3
-INFO[08-25|18:10:49] Opening DB.                              db=sqlite3
-INFO[08-25|18:10:49] Migrating DB.                            db=sqlite3
-[Aug 25 18:10:49]  INFO [localhost] Listening on 0.0.0.0:5515
-
-

RHEL/CentOS

-

スキャン対象サーバにログインして、以下のコマンドを実行するだけです。

-

RHEL

-
$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $7}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-

Fedora

-
$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/fedora-release`" -H "X-Vuls-OS-Release: `awk '{print $3}' /etc/fedora-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-

CentOS 6

-
$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $3}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-

CentOS 7

-
$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $4}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-

Oracle Linux

-
$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/oracle-release`" -H "X-Vuls-OS-Release: `awk '{print $5}' /etc/oracle-release`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-

Amazon Linux

-
$ export VULS_SERVER=[Your Vuls Server]
-$ export AMAZON_LINUX_RELEASE=$(awk '{if ($0 ~ /Amazon\ Linux\ release\ 2023/) for (i=4; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ 2023/) for (i=3; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ release\ 2022/) for (i=4; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ 2022/) for (i=3; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ release\ 2/) printf("%s %s",$4, $5); else if ($0 ~ /Amazon\ Linux\ 2/) for (i=3; i<=NF; i++) printf("%s ", $i); else if (NF==5) print $5}' /etc/system-release)
-# Amazon Linux 1, Amazon Linux 2022, Amazon Linux 2023
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/system-release`" -H "X-Vuls-OS-Release: $AMAZON_LINUX_RELEASE" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-# Amazon Linux 2 : recommendation
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/system-release`" -H "X-Vuls-OS-Release: $AMAZON_LINUX_RELEASE" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`repoquery --all --pkgnarrow=installed --qf="%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{ARCH} %{UI_FROM_REPO}"`" http://${VULS_SERVER}:5515/vuls
-# Amazon Linux 2 : If using only amzn2-core repository. Otherwise, there is a possibility of false positives.
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/system-release`" -H "X-Vuls-OS-Release: $AMAZON_LINUX_RELEASE" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-

Debian

-

X-Vuls-Kernel-Version header is also required.

-
$ export VULS_SERVER=[Your Vuls Server]
-$ export KERNEL_RELEASE=$(uname -r)
-$ export KERNEL_VERSION=$(uname -a | awk '{print $7}')
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: debian" -H "X-Vuls-OS-Release: `cat /etc/debian_version`" -H "X-Vuls-Kernel-Release: ${KERNEL_RELEASE}" -H "X-Vuls-Kernel-Version: ${KERNEL_VERSION}" -H "X-Vuls-Server-Name: `hostname`" --data-binary "$(dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n")" http://${VULS_SERVER}:5515/vuls
-
-

Ubuntu

-
$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `lsb_release -si | awk '{print tolower($1)}'`" -H "X-Vuls-OS-Release: `lsb_release -sr | awk '{print $1}'`" -H "X-Vuls-Kernel-Release: `uname -r`" -H "X-Vuls-Server-Name: `hostname`" --data-binary "$(dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n")" http://${VULS_SERVER}:5515/vuls > $LOCAL_REPORT
-
-

Windows

-
$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: windows" --data-binary "$(systeminfo.exe)" http://${VULS_SERVER}:5515/vuls
-
-

MacOS

-
$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-OS-Family: `sw_vers -productName | tr "A-Z" "a-z" | sed -e "y/ /_/")` -H "X-Vuls-OS-Release: $(sw_vers -productVersion)" --data-binary `while read -d $'\0' f; do echo "Info.plist: ${f}"; (echo -n "CFBundleDisplayName: "; plutil -extract "CFBundleDisplayName" raw ${f} -o -) | paste - -; (echo -n "CFBundleName: "; plutil -extract "CFBundleName" raw ${f} -o -) | paste - -; (echo -n "CFBundleShortVersionString: "; plutil -extract "CFBundleShortVersionString" raw ${f} -o -) | paste - -; (echo -n "CFBundleIdentifier: "; plutil -extract "CFBundleIdentifier" raw ${f} -o -) | paste - -; echo; done < <(find -L /Applications /System/Applications -type f -path "*.app/Contents/Info.plist" -not -path "*.app/**/*.app/*" -print0)` http://${VULS_SERVER}:5515/vuls
-
-

例: スキャン結果をVulsサーバに保存する。

-

Change [Your Vuls Server] to your host name or IP address of the Vuls server.

-

Vuls server

-

Vuls server saves the sent scan results to local.

-
$ vuls server -listen 0.0.0.0:5515 -to-localfile
-
-

Client

-

Log in your target server and execute only one command. X-Vuls-Server-Name header is also required.

-
$ export VULS_SERVER=[Your Vuls Server]
-$ export SERVER_NAME=$(hostname)
-
-# For RHEL
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-Server-Name: ${SERVER_NAME}" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $7}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-# For RedHat/CentOS 6
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-Server-Name: ${SERVER_NAME}" -H "X-Vuls-OS-Family: `awk '{print tolower($1)}' /etc/redhat-release`" -H "X-Vuls-OS-Release: `awk '{print $3}' /etc/redhat-release`" -H "X-Vuls-Kernel-Release: `uname -r`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-# For RedHat/CentOS 7
-$ curl -X POST -H "Content-Type: text/plain" -H "X-Vuls-Server-Name: ${SERVER_NAME}" -H "X-Vuls-OS-Family: `awk -F: '{print $3}' /etc/system-release-cpe`" -H "X-Vuls-OS-Release: `awk -F: '{print $5}' /etc/system-release-cpe`" -H "X-Vuls-Kernel-Release: `uname -r`" --data-binary "`rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"`" http://${VULS_SERVER}:5515/vuls
-
-

例: Vulsエージェントからスキャン結果を集める

-

Vuls agent scans the target servers and sent the scan results to Vuls server.

-

Vuls server

-

Vuls server saves the sent scan results to local.

-
$ vuls server -listen 0.0.0.0:5515 -to-localfile
-
-

Client

-

Install Vuls to the target server. Scan normally and sent the scan results to Vuls server by -to-http option.

-
$ vuls scan
-$ export VULS_SERVER=[Your Vuls Server]
-$ export VULS_HTTP_URL=http://${VULS_SERVER}:5515/vuls
-$ vuls report -to-http
-
-

例: サーバの情報をJSON形式でサーバに送信

-

Vuls server responds the scan result.

-

Vuls server

-

Vuls server saves the sent scan results to local.

-
$ vuls server -listen 0.0.0.0:5515 -to-localfile
-
-

RHEL/CentOS

-
$ cat centos6.json
-{
-  "family": "centos",
-  "release": "6.9",
-  "runningKernel": {
-    "release": "2.6.32-696.6.3.el6.x86_64",
-    "version": "",
-    "rebootRequired": false
-  },
-  "packages": {
-    "ntp": {
-      "name": "ntp",
-      "version": "4.2.6p5",
-      "release": "10.el6.centos.2",
-      "arch": "x86_64"
-    },
-  }
-}
-
-$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: application/json" -d @centos6.json http://${VULS_SERVER}:5515/vuls
-
-

Amazon Linux

-

You need release got by a command such as below.

-
# e.g. "2 (Karoo), 2022 (Amazon Linux), 2023 (Amazon Linux)"
-RELEASE=$(awk '{if ($0 ~ /Amazon\ Linux\ release\ 2023/) for (i=4; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ 2023/) for (i=3; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ release\ 2022/) for (i=4; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ 2022/) for (i=3; i<=NF; i++) printf("%s ", $i); else if ($0 ~ /Amazon\ Linux\ release\ 2/) printf("%s %s",$4, $5); else if ($0 ~ /Amazon\ Linux\ 2/) for (i=3; i<=NF; i++) printf("%s ", $i); else if (NF==5) print $5}' /etc/system-release)
-
-
$ cat amazon2.json
-{
-  "family": "amazon",
-  "release": "2 (Karoo)",
-  "runningKernel": {
-    "release": "4.9.125-linuxkit",
-    "version": ""
-  },
-  "packages": {
-    "system-release": {
-      "name": "system-release",
-      "version": "1:2",
-      "release": "10.amzn2",
-      "arch": "x86_64"
-    }
-  }
-}
-
-$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: application/json" -d @amazon2.json http://${VULS_SERVER}:5515/vuls
-
-

Debian

-

You need srcPackages collected by a command such as dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n"

-
$ cat debian8.json
-{
-  "family": "debian",
-  "release": "8.10",
-  "runningKernel": {
-    "release": "3.16.0-4-amd64",
-    "version": "3.16.51-2",
-    "rebootRequired": false
-  },
-  "packages": {
-    "bind9-host": {
-      "name": "bind9-host",
-      "version": "1:9.9.5.dfsg-9+deb8u15"
-    }
-  },
-  "srcPackages": {
-    "bind9": {
-      "name": "bind9",
-      "version": "1:9.9.5.dfsg-9+deb8u15",
-      "binaryNames": [
-        "bind9-host"
-      ]
-    }
-  }
-}
-
-$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: application/json" -d @debian8.json http://${VULS_SERVER}:5515/vuls
-
-

Ubuntu

-
vagrant@jessie:~$ cat ubuntu1604.json
-{
-  "family": "ubuntu",
-  "release": "16.04",
-  "runningKernel": {
-    "release": "3.16.0-4-amd64",
-    "rebootRequired": false
-  },
-  "packages": {
-    "bind9-host": {
-      "name": "bind9-host",
-      "version": "1:9.9.5.dfsg-9+deb8u15"
-    }
-  },
-  "srcPackages": {
-    "bind9": {
-      "name": "bind9",
-      "version": "1:9.9.5.dfsg-9+deb8u15",
-      "binaryNames": [
-        "bind9-host"
-      ]
-    }
-  }
-}
-
-$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: application/json" -d @ubuntu1604.json http://${VULS_SERVER}:5515/vuls
-
-

SLES

-

You may need to apply the following patch to goval-dictionnary before to fix SLES OVAL fetching: https://github.com/vulsio/goval-dictionary/pull/108

-
$ cat sles12.json
-{
-  "family": "suse.linux.enterprise.server",
-  "release": "12.1",
-  "packages": {
-    "openssl": {
-      "name": "openssl",
-      "version": "1.0.1i-34.1",
-      "arch" : "x86_64"
-    }
-  }
-}
-
-$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: application/json" -d @sles12.json http://${VULS_SERVER}:5515/vuls
-
-

Windows

-
$ cat windows.json
-{
-  "family": "windows",
-  "release": "Windows 10 Version 22H2 for x64-based System",
-  "runningKernel": {
-    "version": "10.0.19045.2546"
-  },
-  "windowsKB": {
-    "applied": [
-      "5020030"
-    ],
-    "unapplied": [
-      "5022834"
-    ]
-  }
-}
-
-$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: application/json" -d @windows.json http://${VULS_SERVER}:5515/vuls
-
-

MacOS

-
$ cat macos.json
-{
-  "family": "macos",
-  "release": "13.4.0",
-  "packages": {
-    "Safari": {
-      "name": "Safari",
-      "version": "16.5",
-      "repository": "com.apple.Safari"
-    }
-  }
-}
-
-$ export VULS_SERVER=[Your Vuls Server]
-$ curl -X POST -H "Content-Type: application/json" -d @macos.json http://${VULS_SERVER}:5515/vuls
-
-
TUIVulsRepo
\ No newline at end of file diff --git a/docs/ja/usage-tui.html b/docs/ja/usage-tui.html deleted file mode 100644 index 18a7fad5..00000000 --- a/docs/ja/usage-tui.html +++ /dev/null @@ -1,179 +0,0 @@ -TUI(Terminal Based Viewer) · Vuls
Edit

TUI(Terminal Based Viewer)

最新のスキャン結果の表示

-
$ vuls tui -h
-tui:
-    tui
-        [-refresh-cve]
-        [-config=/path/to/config.toml]
-        [-cvss-over=7]
-        [-cvss-over=7]
-        [-diff]
-        [-ignore-unscored-cves]
-        [-ignore-unfixed]
-        [-results-dir=/path/to/results]
-        [-log-dir=/path/to/log]
-        [-debug]
-        [-debug-sql]
-        [-quiet]
-        [-no-progress]
-        [-pipe]
-        [-trivy-cachedb-dir=/path/to/dir]
-
-  -config string
-        /path/to/toml (default "/Users/kanbe/go/src/github.com/future-architect/vuls/config.toml")
-  -confidence-over int
-      -confidence-over=40 means reporting Confidence Score 40 and over (default: 80) (default 80)
-  -cvss-over float
-        -cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))
-  -debug
-        debug mode
-  -debug-sql
-        debug SQL
-  -diff
-        Difference between previous result and current result
-  -ignore-unfixed
-        Don't report the unfixed CVEs
-  -ignore-unscored-cves
-        Don't report the unscored CVEs
-  -log-dir string
-        /path/to/log (default "/var/log/vuls")
-  -no-progress
-        Suppress progress bar
-  -pipe
-        Use stdin via PIPE
-  -quiet
-        Quiet mode. No output on stdout
-  -refresh-cve
-        Refresh CVE information in JSON file under results dir
-  -results-dir string
-        /path/to/results (default "/Users/kanbe/go/src/github.com/future-architect/vuls/results")
-  -trivy-cachedb-dir string
-        /path/to/dir (default "/Users/kanbe/Library/Caches/trivy")
-
-
-

report-list

-

キー操作は以下の通り。

- - - - - - - - - - -
キー
TABカーソルのペイン間の移動
上下矢印キーカーソルの上下
Ctrl+j, Ctrl+kカーソルの上下
Ctrl+u, Ctrl+dページの上下
-

For details, see source code

-

以前のスキャン結果の表示

-
    -
  • スキャン結果のリストの表示
    • -
-
$ vuls history
-2016-12-30T10:34:38+09:00 1 servers: u16
-2016-12-28T19:15:19+09:00 1 servers: ama
-2016-12-28T19:10:03+09:00 1 servers: cent6
-
-
    -
  • 2016-12-30T10:34:38+09:00 のスキャン結果の表示
    • -
-
$ vuls tui 2016-12-30T10:34:38+09:00
-
-

Display the previous scan results using peco

-
$ vuls history | peco | vuls tui -pipe
-
-

asciicast

-
ReportServer
\ No newline at end of file diff --git a/docs/ja/usage-windows.html b/docs/ja/usage-windows.html deleted file mode 100644 index 17b2ec9a..00000000 --- a/docs/ja/usage-windows.html +++ /dev/null @@ -1,120 +0,0 @@ -Scan Windows · Vuls
Edit

Scan Windows

Scan Windows

-

Vuls v0.23 supports Windows vulnerability detection.

-

Vuls detects vulnerabilities that are fixed by unapplied KBs or zero-day vulnerabilities for which no KBs have been released.
-Therefore, it is necessary to examine the KB application status of the machine to be detected.
-Vuls uses the Windows Update API and can be configured for Windows Update at [servers.xxx-xxx-xxx-xxx.windows].

-
    -
  • config.toml
    • -
-
[servers]
-
-[servers.127-0-0-1]
-host                = "127.0.0.1"
-port               = "22"
-user               = "root"
-scanMode           = ["fast"]
-scanModules        = ["ospkg"]
-
-[servers.127-0-0-1.windows]
-serverSelection = 3
-cabPath = "/path/to/wsusscn2.cab"
-
-
    -

  • serverSelection: set the server to search for updates. (0: Default, 1: Managed Server (e.g. WSUS), 2: Windows Update, 3: Others)

    • -

  • cabPath: describes the path to the local cab file to be used when serverSelection = 3. The latest Wsusscn2.cab file is available for download at the following location: Download Wsusscn2.cab

    • -
-
Scan Portconfig.toml
\ No newline at end of file diff --git a/docs/ja/vulsrepo.html b/docs/ja/vulsrepo.html deleted file mode 100644 index 0fd2c01a..00000000 --- a/docs/ja/vulsrepo.html +++ /dev/null @@ -1,596 +0,0 @@ -VulsRepo · Vuls
Edit

VulsRepo

注意 usiusi360/vulsrepo はもうメンテナンスされていません。
-メンテンスリポジトリを使用する必要があります。: ishiDACo/vulsrepo

-

VulsRepo is awesome OSS Web UI for Vuls. With VulsRepo you can analyze the scan results like Excel pivot table.

-

vulsrepo

-

オンラインデモ

-

デモページ

-

必須要件

- -

インストール

-

A home folder of vuls is explained as /opt/vuls.

-

Step1. VulsでJSON形式のファイルを出力

-
<br />$ cd /opt/vuls
-$ vuls scan
-$ vuls report -format-json
-
-
-

Output to a JSON files (/opt/vuls/results)

-

Step2. VulsRepoのインストール

-

From now on, executed by a user running the vuls scan.

-
    -
  • GitHubからクローン
    • -
-
$ cd $HOME
-$ git clone https://github.com/ishiDACo/vulsrepo.git
-
-

Step3. vulsrepo-serverの設定を変更

-

Set Path according to your own environment.

-
$ cd $HOME/vulsrepo/server
-$ cp vulsrepo-config.toml.sample vulsrepo-config.toml
-$ vi vulsrepo-config.toml
-[Server]
-rootPath = "/home/vuls-user/vulsrepo"
-resultsPath  = "/opt/vuls/results"
-serverPort  = "5111"
-
-
-
    -
  • ResultsPath に対してシンボリック リンクのパスを設定してはいけない。
    • -
-

Step4. vulsrepo-serverを起動

-
$ pwd
-$HOME/vulsrepo/server
-
-$ ./vulsrepo-server
-2017/08/28 11:04:00 main.go:90: INFO: RootPath Load:  /root/work/vulsrepo
-2017/08/28 11:04:00 main.go:97: INFO: ResultsPath Load:  /opt/vuls/results
-2017/08/28 11:04:00 main.go:66: Start: Listening port: 5111
-
-
-
    -
  • Linux(64 ビット)以外については自分でビルドする必要がある。 「ビルド」セクションを参照すること。
    • -
-

Step5. vulsrepo-serverを常駐起動

-

Case: SystemV (/etc/init.d)

-
    -
  • スタートアップ ファイルをコピーする。環境に合わせて内容を変更する。
    • -
-
$ sudo cp $HOME/vulsrepo/server/scripts/vulsrepo.init /etc/init.d/vulsrepo
-$ sudo chmod 755 /etc/init.d/vulsrepo
-$ sudo vi /etc/systemd/system/init.d/vulsrepo
-
-
    -
  • 自動起動するよう設定する。
    • -
-
$ sudo chkconfig vulsrepo on
-
-
    -
  • vulsrepo-serverを起動する。
    • -
-
$ sudo /etc/init.d/vulsrepo start
-
-
Case: systemd (systemctl)
-
    -
  • スタートアップ ファイルをコピーする。環境に合わせて内容を変更する。
    • -
-
$ sudo cp $HOME/vulsrepo/server/scripts/vulsrepo.service /lib/systemd/system/vulsrepo.service
-$ sudo vi /lib/systemd/system/vulsrepo.service
-
-
    -
  • 自動起動するよう設定する。
    • -
-
$ sudo systemctl enable vulsrepo
-
-
    -
  • 設定が正しいかチェックする。
    • -
-
$ sudo systemctl list-unit-files --type=service | grep vulsrepo
-vulsrepo.service                           enabled
-
-
    -
  • vulsrepo-serverを起動する。
    • -
-
$ sudo systemctl start vulsrepo
-
-

DigestAuth

-

DigestAuth implementation has a lot of problems. It requires multiple authentications on Chrome, Chromium and Firefox. If authentication is required, it's easier to isolate it by using nginx and vulsrepo-server with a proxy.

-

To perform digest authentication, create an authentication file

-
$ ./vulsrepo-server -h
-Usage of ./vulsrepo-server:
-  -c string
-        AuthFile Path (default "/home/vuls-user/.htdigest")
-  -m    make AuthFile
-  -r string
-        realm (default "vulsrepo_local")
-  -u string
-        login user (default "vuls")
-
-ex)
-$ ./vulsrepo-server -m
-Password: ****
-AuthFile Path   :  /home/vuls-user/.htdigest
-realm           :  vulsrepo_local
-login user      :  vuls
-2017/08/28 19:11:59 main.go:96: Create Success
-
-

Edit vulsrepo-config.toml

-
$ vi vulsrepo-config.toml
-[Auth]
-authFilePath = "/home/vuls-user/.htdigest"
-realm = "vulsrepo_local"
-
-
-

Start vulsrepo-server

-

Use SSL

-

Create a self-signed certificate

-
$ openssl genrsa -out key.pem 2048
-$ openssl req -new -x509 -sha256 -key key.pem -out cert.pem -days 3650
-
-

Edit vulsrepo-config.toml

-
$ vi vulsrepo-config.toml
-[Server]
-
-serverSSL = "yes"
-serverCert = "cert.pem"
-serverKey = "key.pem"
-
-

Start vulsrepo-server

-

Build vulsrepo-server

-
    -
  • Linux(64bit)以外は自分でビルドする必要がある。
    • -
  • 事前にgolangをインストールしておくこと。
    • -
-
$ mkdir -p $GOPATH/src/github.com/ishiDACo/
-$ cd $GOPATH/src/github.com/ishiDACo/
-$ git clone https://github.com/ishiDACo/vulsrepo.git
-$ cd vulsrepo/server
-$ go get -u github.com/golang/dep/...
-$ dep ensure
-$ go build -o vulsrepo-server
-
-

使い方

-

VulsRepo の表示

-

Please access the following URL in your browser. If you have JavaScript disabled in your browser, please enable it.

-
http://<server-address>:5111
-
-

表示対象データの選択

-

In the initial state, the data of the most recent day of the scan is selected for display. You can narrow down the target range by date. Select a range from the drop-down list.

-

daterange

-

You can specify any range with Custom Range.

-

daterange-custom

-

You can narrow down the target by server name. You can select more than one.

-

multiselect

-

You can also filter targets by server name and then select and deselect them.

-

multiselect-filter

-

If you want to make a detailed selection, please select the data you want to display in the file selection tree. You can select multiple files. Click Select All to select them all together, or Select None to clear them.

-

Click the Submit button after selecting them.

-

select-file

-

When the data is loaded, the pivot table is shown as follows.

-

filter-off

-

トラブルシューティング: ファイル選択ツリーが出ない

-
    -
  • Make sure that the directory /opt/vuls/results is the correct one to refer to as the output of Vuls.
    • -
  • Vuls の出力結果として参照しているディレクトリに大量のファイルがある場合、ファイル選択ツリーの生成に失敗します。 その場合、不要な *.json ファイルを別のディレクトリに移動するか、VulsRepoを表示する前に削除してください。
    • -
-

トラブルシューティング: ピボットテーブルが出ない

-
    -
  • Make sure that you have not changed the directory name and file name under the results directory.
    • -
  • Do not append / to the resultsPath value. For example, resultsPath = "/opt/vuls/results/" is wrong and resultsPath = "/opt/vuls/results" is the correct setting.
    • -
-

If you try to load a large amount of data, it may fail. Please use the following methods.

-
    -
  • Reduce the selection of the data to be displayed and load it again.
    • -
  • Setting Summary, Cvss Metrics or Affected Processes to OFF in the Setting may solve this problem (see Display setting - Show / Hide the Item).
    • -
-

ピボットテーブル

-

フィルター未適用の初期状態

-

The number of vulnerabilities found by date/time and server/container scanned is shown as a heat map by severity.

-

The healty indicates that no vulnerabilities were found.

-

filter-off

-

フィルターの操作

-
既存フィルターの適用
-

When you change a filter in the pull-down menu, you can apply a pre-defined filter to display a pivot table.

-

select-filter

-
プリセットフィルター
-

There are five available.

- -
01. Graph: CVSS-Severity => ServerName
-

A bar chart stacking the total number of vulnerabilities detected per server and container.

-

The most recent data is selected for a side-by-side comparison of the status of each server and container.

-

filter-01

-
02. Graph: CVSS-Severity => CVSS-Score
-

This bar graph shows the total number of vulnerability detections for each CVSS base score.

-

It is recommended that the most recent data be selected for display.

-

filter-02

-
03. Pivot: Package/CVSS-Severity/CveID/Summary => ServerName
-

A heat map of the packages where the vulnerability was found, the severity, the corresponding CVE IDs, a summary of the vulnerability, and the total number of detections by server and container.

-

It is suitable for comparing the status of each server and container side by side by selecting the most recent data.

-

filter-03

-
04. Pivot: Package/CveID => ScanTime
-

Good for checking whether each CVE ID vulnerability is resolved or newly detected.

-

Suitable for comparing a single server or container over time.

-

filter-04

-
05. Pivot: CveID/PackageInfo => NotFixedYet
-

This is a good time to check if a fixed version is provided in the package that contains each CVE ID vulnerability.

-

You can choose the most recent single server or container to check.

-

filter-05

-
表示項目の追加・削除・並び替え
-

You can change the display items by dragging and dropping them.

-

pivot-item-add-remove-move

-
フィルターの新規保存、上書き保存
-

You can save the filtered items and reorder them. Press the Save button to open the Save Filter Panel.

-
    -
  • To save a new filter, select Save new filter and enter the name of the filter you want.
    • -
  • If you want to overwrite an existing filter, choose Update filter and select the filter you want to overwrite from the pull-down menu.
    • -
  • Press the OK button to save, or the Cancel, x or ESC key to cancel.
    • -
-

You can't overwrite Preset filters.

-

save-filter

-
フィルターの削除
-

Press the Delete button to delete the current filter.

-

The Are you sure to delete? confirmation dialog is displayed. Press the OK button to delete the filter, or the Cancel button to cancel.

-

You can't delete Preset filters.

-

delete-filter

-
フィルターのクリア
-

Pressing the Clear button clears the filter and returns the pivot table display to Unfiltered initial state.

-

clear-filter

-
Print
-

Press the Open print preview button to open print preview window.

-

open-print-preview

-

You can print by pressing the Print button.

-

各項目の説明

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
項目説明
ScanTimeスキャンした日時
ServerNameスキャン対象サーバー名
Containerスキャン対象コンテナ名
CVSS ScoreCVSS Base score of vulnerability, with a maximum of 10.0.
CVSS SeverityVulnerability severity. Red is more severe.
CVSS Score TypeThe source of CVSS Score, CVSS Severity and CVSS Vector. For example, see CVSS Score Type
Platform稼働しているプラットフォーム
FamilyOS
ReleaseOS リリースバージョン
ErrorsVuls Error Messages
WarningsVuls warning messages, which include OS EOL information in Vuls v0.15.x and later.
Diff(Only when Vuls v0.15.8 or later is used to output diff information) + New vulnerabilities found compared to previous scan - Vulnerabilities that are no longer present (or have been addressed) since the last scan
CveIDThe CVE ID assigned to the vulnerability. Click to view Detail panel.
PackagesThe name of the package containing the vulnerability
FixedInThe version of the package that fixed the vulnerability
FixStateStatus of packages against vulnerabilities
NotFixedYetWhether a version of the package that fixes the vulnerability is available.
PackageVerInstalled package version
NewPackageVerLatest Package Version
RepositoryPackage provider's repositories
CweIDIts CVE's CWE - Common Weakness Enumeration. Click on MITRE or JVN to view the appropriate CWE description page in a new window.
VulnType(WordPress only) Vulnerability type provided by WPScan.
Status(WordPress theme and plugin only) Whether a WordPress theme or plugin is active or inactive.
Update(WordPress theme and plugin only) Availability of updates for WordPress themes and plugins.
TitleVulnerability title
SummaryVulnerability Overview
PortScannableWhether the port can be scanned or not. Click to view Package panel.
ProcessThe process ID: process name of the process affected by the vulnerability. Click to view Package panel.
PathThe path of the lock file that led to the vulnerability scan of the library.
MitigationWhether or not information on mitigation measures is available.
CVSSv3(*)CVSS 3.0 Vector
CVSS(*)CVSS 2 Vector
AdvisoryID(Amazon Linux, RedHat, Oracle Linux only) Advisory IDs for supported distributions. Click to open the advisory page in a new window.
CERTWhether there is a USCERT Alert or JPCERT Alert. Click to view the relevant information in a new window.
PoCWhether the exploit code exists. If so, the number of them.
ChangelogWhether or not there is a Changelog. Click to view Package panel.
DetectionMethodVulnerability Detection Methodology
ConfidenceScoreReliability of detection. 100 means high reliability.
PublishedDate the information was released.
Last ModifiedDate the information was last updated.
-
CVSS Score Type
-

Here are some examples.

- - - - - - - - - - - - - -
ValueSource
nvdV3NVD CVSS v3
nvdNVD CVSS v2
jvnV3JVN CVSS v3
jvnJVN CVSS v2
redhat_apiV3RedHat CVSS v3
oracleAdvisoryOracle Linux Errata repository
UnknownUnknown
-

項目ごとのフィルタリング

-

Press the part of the item.

-

Select the items to be displayed by checking or unchecking the checkboxes. Click Select All to select them all together, or Select None to clear them.

-

If you have a lot of candidates, you can refine your selection. The following example shows how to filter by python and select some packages.

-

item-filter

-

Press the Apply button to apply it. Filtered items are shown in italics. To close it without applying it, press the Cancel button.

-

item-filtered

-

ソート

-

The leftmost row is the highest priority for sorting.

- - - - - - - - - - - - - - - -
項目Ascending/descending order
CVSS Scoredescending order
CVSS SeverityUnknown, Critical, High, Important, Medium, Moderate, Low, Negligible, Unimportant, Pending, Not Vulnerable
CVSSv3(*)descending order
CVSS(*)descending order
CERTdescending order
PoCdescending order
Publisheddescending order
Last Modifieddescending order
Otherascending order
-

The order of ascending and descending is fixed and cannot be switched.

-

TSV Export

-

You can render TSV data by setting the renderer to TSV Export. The displayed data can be copied to the clipboard. You can also download the data as a TSV file by pressing the Download TSV button.

-

tsv-export

-

Other pivot table operations

-

You can change the renderer, the unit of aggregation, and the sort order of rows and columns of aggregate values.

-

See pivottable wiki and PivotTable.js Examples.

-

pivot-table-misc

-

ヘッダー上ボタン

-

Re-selecting the data to be displayed

-

Press button at the top left of the screen to display the file selection tree. Press again to close the tree.

-

Press this button to select the data to be displayed.

-

hamburger

-

Display setting

-

Press the wrench button in the upper right corner of the screen to open the Display Settings Panel.

-

The settings are applied by pressing x or clicking outside the panel frame or pressing the ESC key to close the panel.

-

pivot-table-setting

-
Show / Hide the Item
-

Set the items to be displayed in the Pivot table. Because the data of Summary, CVSS Metrics and Affected Processes(PortScannable, Process) is very large, an error may occur if the number of vulnerabilities is large. In this case, setting OFF may improve the situation.

-
Attention CweId
-

If any of the following is applicable to the CweId of the pivot table, the CWE ID will be marked with a caution symbol by setting it to ON.

- -

cweid

-
Priority
-

Set the data to be displayed with priority in the pivot table.The default is NVD data.

-

You can swap priorities by dragging and dropping blocks. You can also swap what you want to show and what you want to hide. In the following example, the priority of JVN and Ubuntu is raised so that Japanese and Ubuntu information is shown first. We also move amazon, oracle to the Hide side to hide information about Amazon Linux and Oracle Linux.

-

priority

-

Share filter and display settings

-

Filters and display settings are stored in the Local Storage of each browser, not on the server side. Therefore, if more than one person needs the same filter and display settings, you will need to share them with others.

-
Sender's Operation
-
    -
  1. Click the `
    2. -
-
  • コピーボタンを押して設定内容を含む URL をクリップボードにコピーします。
    • -
  • コピーした URL を何らかの方法で他の人に渡します。
    • -
  • x` を押すか、パネル枠外をクリックしてパネルを閉じてください。 -

    share-setting

    -
    Recipient's Operation
    -
      -
    1. ブラウザでコピーした URL にアクセスしてください。
      2. -
    2. 必要に応じて URL をブックマークしてください。ブックマークから VulsRepo を開くことで次回以降も同じ設定で表示できます。
      3. -
    3. 表示対象データを選択すると、ピボットテーブル は同様の設定で表示できます。
      4. -
    4. 必要に応じて、 フィルターの新規保存、上書き保存 してください。
      5. -
    -

    詳細パネル

    -

    Detailed information is divided into Main tab and Package tab. The initial view is Main tab. Click on the tabs to switch the display to suit your needs.

    -

    To close the panel, press x on the top right corner of the panel, or click outside the panel frame, or press ESC key.

    -

    detail-tab

    -

    Main tab

    -

    detail-main

    -
    CVSS Detail section
    -

    This section shows the basic score and severity, summary of the vulnerability, and the date the information was last updated, as provided by each organization and distributor.

    -

    Clicking each type opens the page provided by the organization or distributor in a new window.

    -

    See the tooltip of ? tooltips for basic score and severity categories.

    -
    CVSS Vector radar chart
    -

    It shows the value of each evaluation item calculated by NVD, JVN, and RedHat in a radar chart. You can switch between the CVSS v2 and CVSS v3.x charts by clicking the Cvss v2 tab or the Cvss v3.x tab. The initial display is CVSS v3.x.

    -

    You can control to show or hide the chart by clicking the NVD v3.x, JVN v3.x, or RehHat v3.x. In the following example, the chart of NVD v3.1 and RehHat v3.0 is hidden.

    -

    cvss-chart

    -
    Mitigation section
    -

    This section will appear if information on mitigation measures is available. Click on the header to open and close the section.

    -

    mitigation

    -
    CweID section
    -

    By clicking on MITRE and JVN, a new window will open with the appropriate CWE details Display the description page.

    -

    If CweID is ranked in one of the following categories, the rank will be displayed as a badge. Clicking on a badge will take you to a new window for each piece of information.

    - -
    Links section
    -

    Open the following page in a new window.

    - - - - - - - - - - - - - - -
    ItemLink
    MITREThe corresponding CVE page provided by MITRE
    CveDetailsThe corresponding CVE page provided by CVE Details
    CVSS Calculator V2Common Vulnerability Scoring System Calculator Version 2 page from NIST
    CVSS Calculator V3Common Vulnerability Scoring System Calculator Version 3.0 page from NIST
    CVSS Calculator V3 (JVN)Common Vulnerability Scoring System Version 3.0 Calculator page provided by JVN.
    Amazon(Amazon Linux only) Amazon Linux Security Advisories, Amazon Linux2 Security Advisories, Amazon Linux2022 Security Advisories, Amazon Linux2023 Security Advisories
    RedHat Network(RedHat only) Red Hat Product Errata
    OracleLinux Errata(Oracle Linux only) Unbreakable Linux Network
    -

    CVSS Calculator is useful for calculating severity, including Environmental Metrics.

    -
    USCERT / JPCERT Alert section
    -

    If there is USCERT Alert or JPCERT Alert, USCERT / JPCERT Alert section appears. Click on the header to open and close the section. Shows links to USCERT Alert and JPCERT Alert. Clicking on them will open the page in a new window.

    -

    cert-alert

    -
    Exploits section
    -

    Exploits section is displayed if there is information on Exploit Codes or Metasploit Modules. Click on the header to open and close the section. Displays links for each Exploit Codes and Metasploit Modules. Clicking on them will open the page in a new window.

    -

    exploits

    -
    References section
    -

    Click on the header to open and close the section. Displays the reference information provided by each information organization and distributor. Clicking on them will open the page in a new window.

    -

    You can filter by tags. Clicking on a tag toggles it on and off. The default is Show All. You can open and close the display for each information source. Click on the button. The default is open.

    -

    references

    -

    Package tab

    -

    Here is a list of packages that contain vulnerabilities. Click each PackageName to open the Package panel.

    -

    package

    -

    Package panel

    -

    To close the panel, click outside the panel frame or press the ESC key.

    -

    changelog

    -

    Affected Processes

    -

    If there are processes affected by the vulnerability, they will be shown. Lists the process ID, process name, IP address and port.

    -

    affected-processes

    -

    Changelog

    -

    View the package changelog.

    -

    The changelog description is highlighted in orange if the corresponding CVE ID is present. Any other CVE IDs are highlighted in light blue.

    -

    URL parameters

    -

    You can filter the target data and display it immediately by specifying the date, server and filter by URL parameters. If you already know the period, server and filter you want to view, you can specify these parameters in the URL when you open VulsRepo, saving you the trouble of manually selecting them each time.

    -

    The following parameters can be specified.

    - - - - - - - - - - - - -
    ParameterPurposeValue
    serverTarget server (container)For all, all. If more than one, concatenate them with +. ex)foo.json, foo.json+bar.json+baz@foo.json
    daterangeDate Rangetoday, yesterday, last7days, last30days, thismonth, lastmonth or alldays
    datefromDate Range from (*)YYYY-MM-DD format ex)2020-11-01
    datetoDate Range to (*)YYYY-MM-DD format ex)2021-01-23
    timeSpecific date and timeISO8601 format ex) 2020-02-04T01:25:11Z or 2021-01-25T12:34:56+09:00
    filterSpecifying a filterFilter name. If not specified, no filter ex) 01.%20Graph:%20CVSS-Severity%20=>%20ServerName
    -

    (*) datefrom and dateto must be specified as a set.

    -

    Priority of date-related parameters

    -

    High daterange > datefrom and dateto > time Low

    -

    If none of these are specified, the latest date will be set.

    -

    Examples

    -

    Here are some examples.

    -
    localhost.json of the latest date
    -

    http://<server-address>:5111/?server=localhost.json

    -
    localhost.json and raspberry10.json for the last 30 days
    -

    http://<server-address>:5111/?daterange=last30days&server=localhost.json+raspberry10.json

    -
    All servers (containers) from 2020-09-18 to 2020-11-16
    -

    http://<server-address>:5111/?datefrom=2020-09-18&dateto=2020-11-16&server=all

    -
    localhost.json on 2020-02-04T01:25:11Z
    -

    http://<server-address>:5111/?time=2020-02-04T01:25:11Z&server=localhost.json

    -
    localhost.json and vulsrepo@localhost.json on 2020-02-04T01:25:11Z
    -

    http://<server-address>:5111/?time=2020-02-04T01:25:11Z&server=localhost.json+vulsrepo@localhost.json

    -
    localhost.json on 2020-02-04T01:25:11Z with 01. Graph: CVSS-Severity => ServerName filter
    -

    http://<server-address>:5111/?time=2020-02-04T01:25:11Z&server=localhost.json&filter=01.%20Graph:%20CVSS-Severity%20=%3E%20ServerName

    -
    localhost.json on 2020-02-04T01:25:11Z with 02. Graph: CVSS-Severity => CVSS-Score filter
    -

    http://<server-address>:5111/?time=2020-02-04T01:25:11Z&server=localhost.json&filter=02.%20Graph:%20CVSS-Severity%20=%3E%20CVSS-Score

    -
    localhost.json on 2020-02-04T01:25:11Z with 03. Pivot: Package/CVSS-Severity/CveID/Summary => ServerName filter
    -

    http://<server-address>:5111/?time=2020-02-04T01:25:11Z&server=localhost.json&filter=03.%20Pivot:%20Package/CVSS-Severity/CveID/Summary%20=%3E%20ServerName

    -
    localhost.json on 2020-02-04T01:25:11Z with 04. Pivot: Package/CveID => ScanTime filter
    -

    http://<server-address>:5111/?time=2020-02-04T01:25:11Z&server=localhost.json&filter=04.%20Pivot:%20Package/CveID%20=%3E%20ScanTime

    -
    localhost.json on 2020-02-04T01:25:11Z with 05. Pivot: CveID/PackageInfo => NotFixedYet filter
    -

    http://<server-address>:5111/?time=2020-02-04T01:25:11Z&server=localhost.json&filter=05.%20Pivot:%20CveID/PackageInfo%20=%3E%20NotFixedYet

    -

    FAQ

    -
      -
    • Why does not Total of Vuls and VulsRepo result match ?
      • -
    -

    Vuls aggregates the number of CveIDs included in the host. However, VulsRepo counts Packages related to CveID as one case. If more than one package is associated with one CveID, Total will increase more than Vuls.

    -

    count

    -

    ギャラリー

    -

    image image image image image

    -
    • ServerContribute
    \ No newline at end of file diff --git a/ja/help-with-translations.html b/ja/help-with-translations.html index ae5e3da6..a648f964 100644 --- a/ja/help-with-translations.html +++ b/ja/help-with-translations.html @@ -1,4 +1,4 @@ -Vuls · Agentless Vulnerability Scanner for Linux/FreeBSD