Vuls: VULnerability Scanner


Vuls: VULnerability Scanner

Vuls is an agentless vulnerability scanner for Linux and FreeBSD servers. It makes the job of every system administrator much easier by automatically scanning for vulnerabilities and then informing the system administrator which services and servers are affected.

Vuls: VULnerability Scanner Abstract
Source: Vuls GitHub

Vuls: VULnerabillity Scanner

Vuls automatically scans through many different vulnerability databases including NVD, JVN and OVAL. This makes it easier for system administrators who must overlook servers which are running numerous software’s. After scanning the database, Vuls will generate a report which can be accessed through the GUI or a TUI. Vuls will give details about each vulnerability such as its severity level, description and released fixes. Vuls can also search for Non-OS packages and WordPress core, themes and plugins.

Features:

  • Scan for all vulnerabilities in Linux and FreeBSD servers
  • Vuls ensures a high-quality scan by scanning through multiple vulnerability servers
  • Multiple scan modes are available depending on the resource availability of the server. These range from fast mode to deep mode (Fast Scan, Fast Root Scan, Remote and Local Scan, Server Mode)
  • Dynamic and Static Analysis
  • Scan vulnerability of Non-OS packages such as libraries of programming languages and network devices
  • Scan through WordPress core, themes, plugins

Supported Platforms:

Alpine, Ubuntu, Debian, RHEL, Oracle Linux, CentOS, Amazon Linux, FreeBSD, SUSE Enterprise, Raspbian

Requirements:

  • Docker
  • SQLite3, MySQL, PostgreSQL, Redis
  • git
  • gcc
  • GNU Make
  • go v1.13+ (The latest version is recommended)

Install

Linux Distros

Should work on Fedora based Linux distributions: CentOS, RedHat, Amazon Linux etc (tested on CentOS and Red Hat 7).

Install Docker:

$ sudo systemctl start docker 

Clone Vulsctl and fetch vulnerability databases:

$ git clone https://github.com/vulsio/vulsctl.git 
$ cd vulsctl
$ ./update-all.sh

Prepare config.toml in the same directory:

$ cat $HOME/vulsctl/config.toml
 [servers]
 [servers.hostos]
 host = "52.10.10.10"
 port = "22"
 user = "centos"
 keypath in the Vuls docker container
 keyPath     = "/root/.ssh/id_rsa"

SSH before scanning to add fingerprint to $HOME/.ssh/known_hosts on the Docker host:

$ ssh centos@52.100.100.100 -i ~/.ssh/id_rsa.pem
$ ./scan.sh 
$ ./report.sh 
$ ./tui.sh

Install With Docker

Run the following commands:

$ docker pull vuls/go-cve-dictionary
$ docker run --rm vuls/go-cve-dictionary –v
$ docker pull vuls/goval-dictionary
$ docker run --rm vuls/goval-dictionary –v
$ docker pull vuls/gost
$ docker run --rm vuls/gost -v
$ docker pull vuls/vuls
$ docker run --rm vuls/vuls -v

Usage

Local Scan Mode

Once you deployed Vuls, create a config file:

$ cd $HOME 
$ cat config.toml 

[servers] [servers.localhost] 
host = "localhost" 
port = "local" 

Run the following command to start scan:

$ vuls scan

Reporting

To view one line summary:

$ vuls report -format-one-line-text

To view short summary:

$ vuls report -format-list

Full report:

$ vuls report -format-full-text | less

To run TUI (Terminal Based User Interface):

$ vuls tui
Addition: You can also view in a Graphical User Interface using VulsRepo, which is a GUI for Vuls.

Remote Scan Mode (Ubuntu)

Step 1

Launch new Ubuntu Linux

– Launch a new terminal and SSH to the Remote host.
– To add the remote host’s Host Key to $HOME/.ssh/known_hosts, you need to log in to the remote host through SSH before scanning.

Step 2

Enable to SSH from localhost

– Vuls doesn’t support SSH password authentication. So you have to use SSH key-based authentication. Create a keypair on the localhost then append the public key to authorized_keys on the remote host.

Localhost:

$ ssh-keygen -t rsa

# Copy ~/.ssh/id_rsa.pub to the clipboard. 

Remote Host:

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ touch ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
$ vim ~/.ssh/authorized_keys

# Paste from the clipboard to ~/.ssh/authorized_keys
And also, confirm that the host keys of scan target servers has been registered in the known_hosts of the localhost. To add the remote host’s Host Key to $HOME/.ssh/known_hosts, you need to log in to the remote host through SSH before scanning.

Localhost:

$ ssh ubuntu@172.31.4.82 -i ~/.ssh/id_rsa 

Step 3

Configure (config.toml)
$ cd $HOME
$ cat config.toml
[servers]

[servers.ubuntu]
 host        = "172.31.4.82"
 port        = "22"
 user        = "ubuntu"
 keyPath     = "/home/centos/.ssh/id_rsa"

Check config.toml and settings on the server before scanning:

$ vuls configtest ubuntu

Start scanning:

$ vuls scan ubuntu
… snip …

One Line Summary
================
ubuntu  ubuntu16.04     30 updatable packages

Scan Using Docker

Prepare log directory:

$ cd /path/to/working/dir
$ mkdir go-cve-dictionary-log goval-dictionary-log gost-log go-exploitdb-log

Fetch various Vulnerability Directories:

$ for i in seq 2002 $(date +"%Y"); do \
     docker run --rm -it \
     -v $PWD:/vuls \
     -v $PWD/go-cve-dictionary-log:/var/log/vuls \
     vuls/go-cve-dictionary fetchnvd -years $i; \
   done

 $ docker run --rm -i \
     -v $PWD:/vuls \
     -v $PWD/gost-log:/var/log/gost \
     vuls/gost fetch redhat

 $ docker run --rm -i \
     -v $PWD:/vuls \
     -v $PWD/gost-log:/var/log/gost \
     vuls/gost fetch redhat

 $ docker run --rm -i \
     -v $PWD:/vuls \
     -v $PWD/go-exploitdb-log:/var/log/go-exploitdb \
     vuls/go-exploitdb fetch exploitdb

Create config.toml referring to this.

Configtest:

$ docker run --rm -it\
     -v ~/.ssh:/root/.ssh:ro \
     -v $PWD:/vuls \
     -v $PWD/vuls-log:/var/log/vuls \
     vuls/vuls configtest \
     -config=./config.toml # path to config.toml in docker

Scan:

$ docker run --rm -it \
     -v ~/.ssh:/root/.ssh:ro \
     -v $PWD:/vuls \
     -v $PWD/vuls-log:/var/log/vuls \
     -v /etc/localtime:/etc/localtime:ro \
     -e "TZ=Asia/Tokyo" \
     vuls/vuls scan \
     -config=./config.toml # path to config.toml in docker

If Docker host is Debian or Ubuntu:

$ docker run --rm -it \
     -v ~/.ssh:/root/.ssh:ro \
     -v $PWD:/vuls \
     -v $PWD/vuls-log:/var/log/vuls \
     -v /etc/localtime:/etc/localtime:ro \
     -v /etc/timezone:/etc/timezone:ro \
     vuls/vuls scan \
     -config=./config.toml # path to config.toml in docker
Documentation Box
Download Box