Vuls – Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go

Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.Twitter: @vuls_enDEMOAbstractFor a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems.System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) or similar databases.It might be impossible for the system administrator to monitor all the software if there are a large number of software installed in server.It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.Vuls is a tool created to solve the problems listed above. It has the following characteristics.Informs users of the vulnerabilities that are related to the system.Informs users of the servers that are affected.Vulnerability detection is done automatically to prevent any oversight.Report is generated on regular basis using CRON or other methods. to manage vulnerability.Main FeaturesScan for any vulnerabilities in Linux/FreeBSD ServerSupports major Linux/FreeBSDAlpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSDCloud, on-premise, DockerHigh quality scanVuls uses Multiple vulnerability databasesNVDJVN(Japanese)OVALRedHatDebianUbuntuSUSEOracle LinuxAlpine-secdbRed Hat Security AdvisoriesDebian Security Bug TrackerCommands(yum, zypper, pkg-audit)RHSA/ALAS/ELSA/FreeBSD-SAExploit DatabaseChangelogFast scan and Deep scanFast ScanScan without root privilege, no dependenciesAlmost no load on the scan target serverOffline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)Fast Root ScanScan with root privilegeAlmost no load on the scan target serverDetect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux)Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian)Deep ScanScan with root privilegeParses the ChangelogChangelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed. By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software it’s possible to create a list of all vulnerabilities that need to be fixed.Sometimes load on the scan target serverRemote scan and Local scanRemote ScanUser is required to only setup one machine that is connected to other target servers via SSHLocal ScanIf you don’t want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.Dynamic AnalysisIt is possible to acquire the state of the server by connecting via SSH and executing the command.Vuls warns when the scan target server was updated the kernel etc. but not restarting it.Scan middleware that are not included in OS package managementScan middleware, programming language libraries and framework for vulnerabilitySupport software registered in CPEMISCNondestructive testingPre-authorization is NOT necessary before scanning on AWSVuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.Auto generation of configuration file templateAuto detection of servers set using CIDR, generate configuration file templateEmail and Slack notification is possible (supports Japanese language)Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI (VulsRepo).What Vuls Doesn’t DoVuls doesn’t update the vulnerable packages.Authorskotakanbe (@kotakanbe) created vuls and these fine people have contributed.Change LogPlease see CHANGELOG.Download Vuls