Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

---

Vuls Vulnerability Scanner

Abstract

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually. This leads to the following problems.

• The system administrator will have to constantly watch out for any new vulnerabilities in NVD (National Vulnerability Database) or similar databases.
• It might be impossible for the system administrator to monitor all the software if there are a large number of software packages installed in the server.
• It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

Vuls is a tool created to solve the problems listed above. It has the following characteristics.

• Informs users of the vulnerabilities that are related to the system.
• Informs users of the servers that are affected.
• Vulnerability detection is done automatically to prevent any oversight.
• A report is generated on a regular basis using CRON or other methods. to manage vulnerability.

Main Features

Scan for any vulnerabilities in Linux/FreeBSD Server

Supports major Linux/FreeBSD

• Alpine, Amazon Linux, CentOS, Debian, Oracle Linux, Raspbian, RHEL, SUSE Enterprise Linux, and Ubuntu
• FreeBSD
• Cloud, on-premise, Running Docker Container

High-quality scan

• Vulnerability Database
  • NVD
  • JVN(Japanese)
• OVAL
  • Red Hat
  • Debian
  • Ubuntu
  • SUSE
  • Oracle Linux
• Security Advisory
  • Alpine-secdb
  • Red Hat Security Advisories
  • Debian Security Bug Tracker
• Commands(yum, zypper, pkg-audit)
  • RHSA / ALAS / ELSA / FreeBSD-SA
  • Changelog
• PoC, Exploit
  • Exploit Database
  • Metasploit-Framework modules
• CERT
  • US-CERT
  • JPCERT
• Libraries
  • Node.js Security Working Group
  • Ruby Advisory Database
  • Safety DB(Python)
  • PHP Security Advisories Database
  • RustSec Advisory Database
• WordPress
  • wpscan

Scan mode

Fast Scan

• Scan without root privilege, no dependencies
• Almost no load on the scan target server
• Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)

Fast Root Scan

• Scan with root privilege
• Almost no load on the scan target server
• Detect processes affected by update using yum-ps (Amazon Linux, CentOS, Oracle Linux, and RedHat)
• Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
• Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)

Remote, Local scan mode, Server mode

Remote scan mode

• User is required to only set up one machine that is connected to other target servers via SSH

Local scan mode

• If you don’t want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.

Server mode

• First, start Vuls in server mode and listen as an HTTP server.
• Next, issue a command on the scan target server to collect software information. Then send the result to Vuls Server via HTTP. You receive the scan results as JSON format.
• No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target server.

Dynamic Analysis

• It is possible to acquire the state of the server by connecting via SSH and executing the command.
• Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

Scan vulnerabilities of non-OS-packages

• Libraries of programming language
• Self-compiled software
• Network Devices

Vuls has some options to detect the vulnerabilities

• Lockfile based Scan
• GitHub Integration
• Common Platform Enumeration (CPE) based Scan
• OWASP Dependency Check Integration

Scan WordPress core, themes, plugins

• Scan WordPress

MISC

• Nondestructive testing
• Pre-authorization is NOT necessary before scanning on AWS
  • Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
• Auto-generation of configuration file template
  • Auto-detection of servers set using CIDR, generate configuration file template
• Email and Slack notification is possible (supports Japanese language)
• Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI (VulsRepo).

---

What Vuls Doesn’t Do

• Vuls doesn’t update the vulnerable packages.

---

Document

For more information such as Installation, Tutorial, Usage, visit vuls.io

---

Authors

kotakanbe (@kotakanbe) created vuls and these fine people have contributed.

Contribute

see vulsdoc

---

Stargazers over time

---