Skip to content
Agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries, Network devices
Go Other
  1. Go 99.9%
  2. Other 0.1%
Branch: master
Clone or download

Latest commit

sadayuki-matsuno and kotakanbe add trivy parser (#981)
* add trivy parser

* fix test

* format

* add title and summary

* add trivy parse command

* add uploader

* set args by env

* add README

* add err check

* fix

* fix

* fix

* fix test

* update trivy

* refactor

* delete require uuid

* delete uuid from trivy parser

Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
Latest commit d18e7a7 May 29, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github add a github actions config (#985) May 27, 2020
cache add a github actions config (#985) May 27, 2020
commands add -wp-ignore-inactive flag which ignores inactive plugin or themes (#… May 29, 2020
config add trivy parser (#981) May 29, 2020
contrib add trivy parser (#981) May 29, 2020
cwe refactor(lint): fix lint warnings (#967) Apr 27, 2020
errof Implement Vuls's own error code (#812) May 15, 2019
exploit fix(report): ignore exploits of no-cve-id vulns (#906) Sep 13, 2019
github add a github actions config (#985) May 27, 2020
gost add a github actions config (#985) May 27, 2020
img Add news to readme Apr 8, 2019
libmanager update trivy, and unsupport image scanning feature (#971) May 8, 2020
models add a github actions config (#985) May 27, 2020
oval add a github actions config (#985) May 27, 2020
report add trivy parser (#981) May 29, 2020
scan add a github actions config (#985) May 27, 2020
server add a github actions config (#985) May 27, 2020
setup/docker Remove old Dockerfile (#684) Jul 12, 2018
util add a github actions config (#985) May 27, 2020
wordpress add -wp-ignore-inactive flag which ignores inactive plugin or themes (#… May 29, 2020
.dockerignore Refactor Dockerfile (#683) Jul 12, 2018
.gitignore add trivy parser (#981) May 29, 2020
.golangci.yml fix .golangci.yml May 27, 2020
.goreleaser.yml fix .golangci.yml May 27, 2020
CHANGELOG.md Support Alpine Linux #194 (#545) Dec 1, 2017
Dockerfile fix(docker): add git to image (#905) Sep 12, 2019
GNUmakefile add trivy parser (#981) May 29, 2020
LICENSE Change GPL v3 to AGPL v3 because of aquasecurity/trivy dependency (#897) Sep 9, 2019
NOTICE change copyright (#677) Jul 17, 2018
README.md update trivy, and unsupport image scanning feature (#971) May 8, 2020
go.mod add trivy parser (#981) May 29, 2020
go.sum add trivy parser (#981) May 29, 2020
main.go Change GPL v3 to AGPL v3 because of aquasecurity/trivy dependency (#897) Sep 9, 2019

README.md

Vuls: VULnerability Scanner

Slack License Build Status Go Report Card Contributors

Vuls-logo

Vulnerability scanner for Linux/FreeBSD, agentless, written in golang. We have a slack team. Join slack team Twitter: @vuls_en

Vuls-Abstract

Vulsrepo

asciicast

Vuls-slack


NEWS

Version Main Feature Date
v0.8.0 secret Coming soon
v0.7.0 WordPress Vulnerability Scan 2019/Apr/8
v0.6.3 GitHub Integration 2019/Feb/20
v0.6.2 Add US-CERT/JPCERT Alerts as VulnSrc 2019/Jan/23
v0.6.1 BugFix 2018/Nov/16
v0.6.0 Add ExploitDB as VulnSrc 2018/Nov/3
v0.5.0 Scan accuracy improvement 2018/Aug/27

Abstract

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually. This leads to the following problems.

  • The system administrator will have to constantly watch out for any new vulnerabilities in NVD (National Vulnerability Database) or similar databases.
  • It might be impossible for the system administrator to monitor all the software if there are a large number of software packages installed in the server.
  • It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

Vuls is a tool created to solve the problems listed above. It has the following characteristics.

  • Informs users of the vulnerabilities that are related to the system.
  • Informs users of the servers that are affected.
  • Vulnerability detection is done automatically to prevent any oversight.
  • A report is generated on a regular basis using CRON or other methods. to manage vulnerability.

Vuls-Motivation


Main Features

Scan for any vulnerabilities in Linux/FreeBSD Server

Supports major Linux/FreeBSD

  • Alpine, Amazon Linux, CentOS, Debian, Oracle Linux, Raspbian, RHEL, SUSE Enterprise Linux, and Ubuntu
  • FreeBSD
  • Cloud, on-premise, Docker Container and Docker Image

High-quality scan

Vuls uses multiple vulnerability databases

Scan mode

Fast Scan

  • Scan without root privilege, no dependencies
  • Almost no load on the scan target server
  • Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)

Fast Root Scan

  • Scan with root privilege
  • Almost no load on the scan target server
  • Detect processes affected by update using yum-ps (Amazon Linux, CentOS, Oracle Linux, and RedHat)
  • Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
  • Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)

Remote, Local scan mode, Server mode

Remote scan mode

  • User is required to only set up one machine that is connected to other target servers via SSH

Local scan mode

  • If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.

Server mode

  • First, start Vuls in server mode and listen as an HTTP server.
  • Next, issue a command on the scan target server to collect software information. Then send the result to Vuls Server via HTTP. You receive the scan results as JSON format.
  • No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target server.

Dynamic Analysis

  • It is possible to acquire the state of the server by connecting via SSH and executing the command.
  • Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

Static Analysis

Image scan function is no longer supported from Vuls v0.9.5. Use Trivy directry

Vuls v0.8.0 can scan Docker images using knqyf263/trivy. Following Registry supported.

  • ECR
  • GCR
  • Local Image

For details, see Scan docker image

Scan vulnerabilities of non-OS-packages

  • Libraries of programming language
  • Self-compiled software
  • Network Devices

Vuls has some options to detect the vulnerabilities

Scan WordPress core, themes, plugins

MISC

  • Nondestructive testing
  • Pre-authorization is NOT necessary before scanning on AWS
    • Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
  • Auto-generation of configuration file template
    • Auto-detection of servers set using CIDR, generate configuration file template
  • Email and Slack notification is possible (supports Japanese language)
  • Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI (VulsRepo).

What Vuls Doesn't Do

  • Vuls doesn't update the vulnerable packages.

Document

For more information such as Installation, Tutorial, Usage, visit vuls.io 日本語翻訳ドキュメント


Authors

kotakanbe (@kotakanbe) created vuls and these fine people have contributed.


Change Log

Please see CHANGELOG.


Stargazers over time

Stargazers over time

-----;

License

Please see LICENSE.

You can’t perform that action at this time.