vuls - Go语言编写的LinuxFreeBSD漏洞扫描器.zip

# Vuls: VULnerability Scanner [](http://goo.gl/forms/xm5KFo35tu) [](https://github.com/future-architect/vuls/blob/master/LICENSE) [](https://goreportcard.com/report/github.com/future-architect/vuls) [](https://github.com/future-architect/vuls/graphs/contributors)  Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. [Join slack team](https://join.slack.com/t/vuls-github/shared_invite/zt-1fculjwj4-6nex2JNE7DpOSiKZ1ztDFw) Twitter: [@vuls_en](https://twitter.com/vuls_en)   [](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck)  ---- ## Abstract For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually. This leads to the following problems. - The system administrator will have to constantly watch out for any new vulnerabilities in NVD (National Vulnerability Database) or similar databases. - It might be impossible for the system administrator to monitor all the software if there are a large number of software packages installed in the server. - It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there. Vuls is a tool created to solve the problems listed above. It has the following characteristics. - Informs users of the vulnerabilities that are related to the system. - Informs users of the servers that are affected. - Vulnerability detection is done automatically to prevent any oversight. - A report is generated on a regular basis using CRON or other methods. to manage vulnerability.  ---- ## Main Features ### Scan for any vulnerabilities in Linux/FreeBSD Server [Supports major Linux/FreeBSD/Windows](https://vuls.io/docs/en/supported-os.html) - Alpine, Amazon Linux, CentOS, AlmaLinux, Rocky Linux, Debian, Oracle Linux, Raspbian, RHEL, openSUSE, openSUSE Leap, SUSE Enterprise Linux, Fedora, and Ubuntu - FreeBSD - Windows - Cloud, on-premise, Running Docker Container ### High-quality scan - Vulnerability Database - [NVD](https://nvd.nist.gov/) - [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/) - OVAL - [Red Hat](https://www.redhat.com/security/data/oval/) - [Debian](https://www.debian.org/security/oval/) - [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/) - [SUSE](http://ftp.suse.com/pub/projects/security/oval/) - [Oracle Linux](https://linux.oracle.com/security/oval/) - Security Advisory - [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/) - [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/) - [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/) - [Ubuntu CVE Tracker](https://people.canonical.com/~ubuntu-security/cve/) - [Microsoft CVRF](https://api.msrc.microsoft.com/cvrf/v2.0/swagger/index) - Commands(yum, zypper, pkg-audit) - RHSA / ALAS / ELSA / FreeBSD-SA - Changelog - PoC, Exploit - [Exploit Database](https://www.exploit-db.com/) - [Metasploit-Framework modules](https://www.rapid7.com/db/?q=&type=metasploit) - [qazbnm456/awesome-cve-poc](https://github.com/qazbnm456/awesome-cve-poc) - [nomi-sec/PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) - [gmatuz/inthewilddb](https://github.com/gmatuz/inthewilddb) - CERT - [US-CERT](https://www.us-cert.gov/ncas/alerts) - [JPCERT](http://www.jpcert.or.jp/at/2019.html) - CISA(Cybersecurity & Infrastructure Security Agency) - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) - Cyber Threat Intelligence(MITRE ATT&CK and CAPEC) - [mitre/cti](https://github.com/mitre/cti) - Libraries - [aquasecurity/vuln-list](https://github.com/aquasecurity/vuln-list) - WordPress - [wpscan](https://wpscan.com/api) ### Scan mode [Fast Scan](https://vuls.io/docs/en/architecture-fast-scan.html) - Scan without root privilege, no dependencies - Almost no load on the scan target server - Offline mode scan with no internet access. (CentOS, Alma Linux, Rocky Linux, Debian, Oracle Linux, Red Hat, Fedora, and Ubuntu) [Fast Root Scan](https://vuls.io/docs/en/architecture-fast-root-scan.html) - Scan with root privilege - Almost no load on the scan target server - Detect processes affected by update using yum-ps (Amazon Linux, CentOS, Alma Linux, Rocky Linux, Oracle Linux, Fedora, and RedHat) - Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu) - Offline mode scan with no internet access. (CentOS, Alma Linux, Rocky Linux, Debian, Oracle Linux, Red Hat, Fedora, and Ubuntu) ### [Remote, Local scan mode, Server mode](https://vuls.io/docs/en/architecture-remote-local.html) [Remote scan mode](https://vuls.io/docs/en/architecture-remote-scan.html) - User is required to only set up one machine that is connected to other target servers via SSH [Local scan mode](https://vuls.io/docs/en/architecture-local-scan.html) - If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode. [Server mode](https://vuls.io/docs/en/usage-server.html) - First, start Vuls in server mode and listen as an HTTP server. - Next, issue a command on the scan target server to collect software information. Then send the result to Vuls Server via HTTP. You receive the scan results as JSON format. - No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target server. ### **Dynamic** Analysis - It is possible to acquire the state of the server by connecting via SSH and executing the command. - Vuls warns when the scan target server was updated the kernel etc. but not restarting it. ### Scan vulnerabilities of non-OS-packages - Libraries of programming language - Self-compiled software - Network Devices Vuls has some options to detect the vulnerabilities - [Lockfile based Scan](https://vuls.io/docs/en/usage-scan-non-os-packages.html#library-vulns-scan) - [GitHub Integration](https://vuls.io/docs/en/usage-scan-non-os-packages.html#usage-integrate-with-github-security-alerts) - [Common Platform Enumeration (CPE) based Scan](https://vuls.io/docs/en/usage-scan-non-os-packages.html#cpe-scan) - [OWASP Dependency Check Integration](https://vuls.io/docs/en/usage-scan-non-os-packages.html#usage-integrate-with-owasp-dependency-check-to-automatic-update-when-the-libraries-are-updated-experimental) ## Scan WordPress core, themes, plugins - [Scan WordPress](https://vuls.io/docs/en/usage-scan-wordpress.html) ## MISC - Nondestructive testing - Pre-authorization is *NOT* necessary before scanning on AWS - Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly. - Auto-generation of configuration file template - Auto-detection of servers set using CIDR, generate configuration file template - Email and Slack notification is possible (supports Japanese language) - Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI ([VulsRepo](https://github.com/ishiDACo/vulsrepo)). ---- ## What