Vuls

适用于 Linux、FreeBSD、容器映像、运行容器、WordPress、编程语言库、网络设备的无代理漏洞扫描器。(Agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries, Network devices)

Github星跟踪图

Vuls:VULnerability Scanner

用于 Linux/FreeBSD 的漏洞扫描器,无代理,用 golang 编写。我们有一个 slack 团队。 加入 slack 团队 Twitter: @vuls_en


摘要

对于系统管理员来说,必须每天执行安全漏洞分析和软件更新可能是一种负担。为了避免生产环境中的停机, 系统管理员通常选择不使用包管理器提供的自动更新选项,而是手动执行更新。这导致了以下问题。

  • 系统管理员将不得不时刻警惕 NVD(国家漏洞数据库)或类似数据库中的任何新漏洞。
  • 如果服务器中安装了大量软件,系统管理员可能无法监控所有软件。
  • 执行分析以确定受新漏洞影响的服务器代价昂贵。在分析过程中可能会忽略一两台服务器。

Vuls 是为解决上述问题而创建的工具。它具有以下特点。

  • 通知用户与系统相关的漏洞。
  • 通知受影响的服务器的用户。
  • 自动完成漏洞检测以防止任何疏漏。
  • 使用 CRON 或其他方法定期生成报告。管理漏洞。

主要功能

扫描 Linux/FreeBSD Server 中的任何漏洞

支持主要 Linux/FreeBSD

  • Alpine, Amazon Linux, CentOS, Debian, Oracle Linux, Raspbian, RHEL, SUSE Enterprise Linux, and Ubuntu
  • FreeBSD
  • Cloud, on-premise, Docker Container and Docker Image

高质量扫描

Vuls 使用多个漏洞数据库

扫描模式

Fast Scan(快速扫描)

  • 无root权限扫描, 没有依赖关系
  • 扫描目标服务器几乎没有负载
  • 离线模式扫描,没有互联网接入。 (CentOS, Debian, Oracle Linux, Red Hat, 和 Ubuntu)

Fast Root Scan(快速根扫描)

  • 使用 root 权限扫描
  • 扫描目标服务器几乎没有负载
  • 使用 yum-ps 检测受更新影响的进程 (Amazon Linux, CentOS, Oracle Linux, 和 RedHat)
  • 使用 debian-goodies 的 checkrestart 检测之前更新但尚未重新启动的进程 (Debian 和 Ubuntu)
  • 离线模式扫描,没有互联网接入。 (CentOS, Debian, Oracle Linux, Red Hat, 和 Ubuntu)

Remote, Local scan mode, Server mode(远程扫描和本地扫描,服务器模式)

Remote scan mode(远程扫描)

  • 用户只需设置一台通过 SSH 连接到其他目标服务器的计算机即可

Local scan mode

  • 如果您不希望中央 Vuls 服务器通过 SSH 连接到每台服务器,则可以在本地扫描模式下使用 Vuls。

Server mode(服务器模式)

  • 首先,以服务器模式启动 Vuls 并作为 HTTP 服务器侦听。
  • 接下来,在 scan 目标服务器上发出一个命令来收集软件信息。然后通过 HTTP 将结果发送到 Vuls 服务器。您将以 JSON 格式接收扫描结果。
  • 不需要 SSH,不需要扫描器。只在扫描目标服务器上发出 Linux 命令目录。

动态分析

  • 可以通过 SSH 连接并执行命令来获取服务器的状态。
  • Vuls 会在扫描目标服务器更新内核时发出警告,但不会重新启动它。

静态分析

Vuls v0.8.0 可以使用 knqyf263/trivy 扫描 Docker 映像。以下 Registry 支持。irst edition: vz edited at 2019.08.20)

  • ECR
  • GCR
  • Local Image(本地映像)

有关详细信息,请参阅扫描 docker 映像

扫描非 OS 软件包的漏洞

  • 编程语言库
  • 自编译软件
  • 网络设备

Vuls 有一些检测漏洞的选项

扫描 WordPress 核心、主题、插件

MISC

  • 非破坏性测试
  • 在AWS上扫描之前,无需预先授权
    • Vuls适用于持续集成,因为测试可以每天运行。这使您可以非常快速地找到漏洞。
  • 自动生成配置文件模板
    • 使用 CIDR 自动检测服务器,生成配置文件模板
  • 可以使用 Email 和 Slack 通知(支持日语)
  • 扫描结果可在辅助软件、终端中的 TUI Viewer 或 Web UI(VulsRepo)中查看。

Vuls 不做的事

Vuls 不会更新易受攻击的包。

文档

更多信息,如安装,教程,使用,请访问 vuls.io日本語翻訳ドキュメント

作者

kotakanbe (@kotakanbe) 创造了 vuls,并且 这些优秀的人 做出了贡献。

版本历史

请参阅 CHANGELOG

许可

GPL-3.0。请参阅 LICENSE.

(First edition: vz edited at 2019.08.20)

主要指标

概览
名称与所有者future-architect/vuls
主编程语言Go
编程语言Makefile (语言数: 3)
平台BSD, Docker, Linux
许可证GNU General Public License v3.0
所有者活动
创建于2016-03-27 02:29:09
推送于2024-11-01 06:53:07
最后一次提交2024-11-01 15:53:06
发布数122
最新版本名称v0.27.0 (发布于 )
第一版名称v0.1.0 (发布于 )
用户参与
星数11k
关注者数326
派生数1.2k
提交数1.6k
已启用问题?
问题数598
打开的问题数70
拉请求数1100
打开的拉请求数7
关闭的拉请求数349
项目设置
已启用Wiki?
已存档?
是复刻?
已锁定?
是镜像?
是私有?

Vuls: VULnerability Scanner

Slack
License
Go Report Card
Contributors

Vuls-logo

Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go.
We have a slack team. Join slack team
Twitter: @vuls_en

Vuls-Abstract

Vulsrepo

asciicast

Vuls-slack


Abstract

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden.
To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually.
This leads to the following problems.

  • The system administrator will have to constantly watch out for any new vulnerabilities in NVD (National Vulnerability Database) or similar databases.
  • It might be impossible for the system administrator to monitor all the software if there are a large number of software packages installed in the server.
  • It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

Vuls is a tool created to solve the problems listed above. It has the following characteristics.

  • Informs users of the vulnerabilities that are related to the system.
  • Informs users of the servers that are affected.
  • Vulnerability detection is done automatically to prevent any oversight.
  • A report is generated on a regular basis using CRON or other methods. to manage vulnerability.

Vuls-Motivation


Main Features

Scan for any vulnerabilities in Linux/FreeBSD/Windows/macOS

Supports major Linux/FreeBSD/Windows/macOS

  • Alpine, Amazon Linux, CentOS, AlmaLinux, Rocky Linux, Debian, Oracle Linux, Raspbian, RHEL, openSUSE, openSUSE Leap, SUSE Enterprise Linux, Fedora, and Ubuntu
  • FreeBSD
  • Windows
  • macOS
  • Cloud, on-premise, Running Docker Container

High-quality scan

Scan mode

Fast Scan

  • Scan without root privilege, no dependencies
  • Almost no load on the scan target server
  • Offline mode scan with no internet access. (CentOS, Alma Linux, Rocky Linux, Debian, Oracle Linux, Red Hat, Fedora, and Ubuntu)

Fast Root Scan

  • Scan with root privilege
  • Almost no load on the scan target server
  • Detect processes affected by update using yum-ps (Amazon Linux, CentOS, Alma Linux, Rocky Linux, Oracle Linux, Fedora, and RedHat)
  • Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
  • Offline mode scan with no internet access. (CentOS, Alma Linux, Rocky Linux, Debian, Oracle Linux, Red Hat, Fedora, and Ubuntu)

Remote, Local scan mode, Server mode

Remote scan mode

  • User is required to only set up one machine that is connected to other target servers via SSH

Local scan mode

  • If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.

Server mode

  • First, start Vuls in server mode and listen as an HTTP server.
  • Next, issue a command on the scan target server to collect software information. Then send the result to Vuls Server via HTTP. You receive the scan results as JSON format.
  • No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target server.

Dynamic Analysis

  • It is possible to acquire the state of the server by connecting via SSH and executing the command.
  • Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

Scan vulnerabilities of non-OS-packages

  • Libraries of programming language
  • Self-compiled software
  • Network Devices

Vuls has some options to detect the vulnerabilities

Scan WordPress core, themes, plugins

MISC

  • Nondestructive testing
  • Pre-authorization is NOT necessary before scanning on AWS
    • Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
  • Auto-generation of configuration file template
    • Auto-detection of servers set using CIDR, generate configuration file template
  • Email and Slack notification is possible (supports Japanese language)
  • Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI (VulsRepo).

What Vuls Doesn't Do

  • Vuls doesn't update the vulnerable packages.

Document

For more information such as Installation, Tutorial, Usage, visit vuls.io
日本語翻訳ドキュメント


Authors

kotakanbe (@kotakanbe) created vuls and these fine people have contributed.

Contribute

see vulsdoc


Sponsors

Tines is no-code automation for security teams. Build powerful, reliable workflows without a development team.
SAKURA internet Inc. is an Internet company founded in 1996. We provide cloud computing services such as "Sakura's Shared Server", "Sakura's VPS", and "Sakura's Cloud" to meet the needs of a wide range of customers, from individuals and corporations to the education and public sectors, using its own data centers in Japan. Based on the philosophy of "changing what you want to do into what you can do," we offer DX solutions for all fields.

License

Please see LICENSE.