Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
Clone or download
kotakanbe fix(report): overdetection for Red Hat/CentOS with redis backend (#748)
fix(report): miss detection for Red Hat/CentOS with redis backend
Latest commit 7db0561 Dec 6, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Change GitHub templates Jul 19, 2018
alert add alert data to result json (#747) Dec 5, 2018
cache v0.5.0 (no backwards compatibility) (#478) Aug 27, 2018
commands fix(report): fix cvedb-url, add -cvedb-type=http (#734) Nov 16, 2018
config fix(report): fix cvedb-url, add -cvedb-type=http (#734) Nov 16, 2018
contrib/owasp-dependency-check/parser v0.5.0 (no backwards compatibility) (#478) Aug 27, 2018
cwe v0.5.0 (no backwards compatibility) (#478) Aug 27, 2018
exploit export exploit func (#744) Nov 30, 2018
gost fix(report): fix cvedb-url, add -cvedb-type=http (#734) Nov 16, 2018
img Support Alpine Linux #194 (#545) Dec 1, 2017
models add alert data to result json (#747) Dec 5, 2018
oval fix(report): fix cvedb-url, add -cvedb-type=http (#734) Nov 16, 2018
report add alert data to result json (#747) Dec 5, 2018
scan feat(scan): get repository name of updatable pkgs for debian/ubuntu (#… Nov 26, 2018
server v0.5.0 (no backwards compatibility) (#478) Aug 27, 2018
setup/docker Remove old Dockerfile (#684) Jul 12, 2018
util v0.5.0 (no backwards compatibility) (#478) Aug 27, 2018
.dockerignore Refactor Dockerfile (#683) Jul 12, 2018
.gitignore v0.5.0 (no backwards compatibility) (#478) Aug 27, 2018
.goreleaser.yml Fix .goreleaser.yml Oct 19, 2017
.travis.yml Bump Go versions and use '.x' to always get latest patch versions (#724) Oct 29, 2018
CHANGELOG.md Support Alpine Linux #194 (#545) Dec 1, 2017
Dockerfile Refactor Dockerfile (#683) Jul 12, 2018
GNUmakefile update pkg (#723) Oct 18, 2018
Gopkg.lock fix(report): overdetection for Red Hat/CentOS with redis backend (#748) Dec 6, 2018
Gopkg.toml fix(report): fix cvedb-url, add -cvedb-type=http (#734) Nov 16, 2018
LICENSE change copyright (#677) Jul 17, 2018
NOTICE change copyright (#677) Jul 17, 2018
README.md Display exploit codes information for each detected CVE-IDs (#729) Nov 3, 2018
main.go v0.5.0 (no backwards compatibility) (#478) Aug 27, 2018

README.md

Vuls: VULnerability Scanner

Slack License Build Status Go Report Card

Vuls-logo

Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.
We have a slack team. Join slack team
Twitter: @vuls_en

Vuls-Abstract

Vulsrepo

asciicast

Vuls-slack


Abstract

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems.

  • System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) or similar databases.
  • It might be impossible for the system administrator to monitor all the software if there are a large number of software installed in server.
  • It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

Vuls is a tool created to solve the problems listed above. It has the following characteristics.

  • Informs users of the vulnerabilities that are related to the system.
  • Informs users of the servers that are affected.
  • Vulnerability detection is done automatically to prevent any oversight.
  • Report is generated on regular basis using CRON or other methods. to manage vulnerability.

Vuls-Motivation


Main Features

Scan for any vulnerabilities in Linux/FreeBSD Server

Supports major Linux/FreeBSD

  • Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD
  • Cloud, on-premise, Docker

High quality scan

Vuls uses Multiple vulnerability databases

Fast scan and Deep scan

Fast Scan

  • Scan without root privilege, no dependencies
  • Almost no load on the scan target server
  • Offline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)

Fast Root Scan

  • Scan with root privilege
  • Almost no load on the scan target server
  • Detect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux)
  • Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
  • Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian)

Deep Scan

  • Scan with root privilege
  • Parses the Changelog
    Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed. By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software it's possible to create a list of all vulnerabilities that need to be fixed.
  • Sometimes load on the scan target server

Remote scan and Local scan

Remote Scan

  • User is required to only setup one machine that is connected to other target servers via SSH

Local Scan

  • If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.

Dynamic Analysis

  • It is possible to acquire the state of the server by connecting via SSH and executing the command.
  • Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

Scan middleware that are not included in OS package management

  • Scan middleware, programming language libraries and framework for vulnerability
  • Support software registered in CPE

MISC

  • Nondestructive testing
  • Pre-authorization is NOT necessary before scanning on AWS
    • Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
  • Auto generation of configuration file template
    • Auto detection of servers set using CIDR, generate configuration file template
  • Email and Slack notification is possible (supports Japanese language)
  • Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI (VulsRepo).

What Vuls Doesn't Do

  • Vuls doesn't update the vulnerable packages.

Document

For more information such as Installation, Tutorial, Usage, visit vuls.io
日本語翻訳ドキュメント


Authors

kotakanbe (@kotakanbe) created vuls and these fine people have contributed.


Change Log

Please see CHANGELOG.


Stargazers over time

Stargazers over time


License

Please see LICENSE.