Vuls docker stack

An awesome docker stack to scan and report to both on servers and container!
Explore the docs »

View Demo

Table of Contents

• About Vuls
  • Built With
• Getting Started
  • Prerequisites
  • Installation
• Usage

About Vuls

[][]

For a system administrator, having to perform security vulnerability analysis and software updates on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrators to choose not to use the automatic update option provided by their package manager and instead perform updates manually. This leads to the following problems.

System administrators need to constantly monitor NVD (National Vulnerability Database) or similar databases for new vulnerabilities.
It might be impossible for the system administrator to monitor all software if there is a large number of installed packages on the server.
It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

Vuls is a tool created to solve the problems listed above. It has the following characteristics.

Informs users of the vulnerabilities that are related to the system.
Informs users of the servers that are affected.
Vulnerability detection is done automatically to prevent any oversight.
Report is generated on regular basis using CRON or other methods to manage vulnerability.

Scan for any vulnerabilities in Linux/FreeBSD Server

Supports major Linux/FreeBSD such as: Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD, Cloud, on-premise, Docker

High quality scan

Vuls uses Multiple vulnerability databases

• [NVD]
• JVN
• [OVAL]
  • [RedHat]
  • [Debian]
  • [Ubuntu]
  • [SUSE]
  • [OracleLinux]
• [Alpine-secdb]
• [RedHat-SecurityAdvisories]
• [Debian-SecurityBugTracker]
• [Commands](yum, zypper, pkg-audit)
  • [RHSA/ALAS/ELSA/FreeBSD-SA]
• [Exploit-Database]
• [US-CERT]
• [JPCERT]
• [WPVulnDB]
• [Node.js-Security-Working-Group]
• [Ruby-AdvisoryDatabase]
• Safety-DB
• [PHP-SecurityAdvisoriesDatabase]
• [RustSec-AdvisoryDatabase]
• [Changelog]

Getting Started

Prerequisites

Config.toml

Slack

[slack]
hookURL      = "https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXXX/XXXXXXXXXXXXXXXXXXX"
channel      = "#vuls_results"
authUser     = "vuls report"

[servers]
[servers.k8s-master1]
host        = "192.168.1.21"
port        = "22"
user        = "root"
keyPath     = "/root/.ssh/id_rsa"

Usage

Populate the DB

# sudo docker-compose exec db bash
# mysql -u root -p password
create database exploitdb;
create database gost;
create database oval;
exit

# (CVE)
for i in `seq 2002 $(date +"%Y")`; do  sudo docker-compose run --rm cve fetchnvd -dbtype=mysql -dbpath="root:password@tcp(db:3306)/cve?parseTime=true" -years $i;   done

# (JVN)
for i in `seq 1998 $(date +"%Y")`; do sudo docker-compose run --rm cve fetchjvn -dbtype=mysql -dbpath="root:password@tcp(db:3306)/cve?parseTime=true" -years $i; done

# OVAL (RHEL)
sudo docker-compose run --rm oval fetch-redhat -dbtype=mysql -dbpath="root:password@tcp(db:3306)/oval?parseTime=true" 6 7

## gost (RHEL)
sudo docker-compose run --rm gost fetch redhat --dbtype=mysql --dbpath="root:password@tcp(db:3306)/gost?parseTime=true"

## exploitdb
sudo docker-compose run --rm go-exploitdb fetch exploitdb --dbtype=mysql --dbpath="root:password@tcp(db:3306)/exploitdb?parseTime=true"

DB update

# (CVE)
docker-compose run --rm cve fetchnvd -dbtype=mysql -dbpath="root:password@tcp(db:3306)/cve?parseTime=true" -latest
# (JVN)
docker-compose run --rm cve fetchjvn -dbtype=mysql -dbpath="root:password@tcp(db:3306)/cve?parseTime=true" -latest
# OVAL (RHEL)
docker-compose run --rm oval fetch-redhat -dbtype=mysql -dbpath="root:password@tcp(db:3306)/oval?parseTime=true" 6 7
## gost (RHEL)
docker-compose run --rm gost fetch redhat --dbtype=mysql --dbpath="root:password@tcp(db:3306)/gost?parseTime=true"
## expliotdb
docker-compose run --rm go-exploitdb fetch exploitdb --dbtype=mysql --dbpath="root:password@tcp(db:3306)/exploitdb?parseTime=true"

Test theconfigf

docker-compose run --rm vuls configtest -config=./config.toml

Start a Scan

docker-compose run --rm vuls scan -config=./config.toml

Report

docker-compose run --rm vuls report -ignore-unfixed -lang ja -config=./config.toml -cvedb-type=mysql -cvedb-url="root:password@tcp(db:3306)/cve?parseTime=true" -ovaldb-type=mysql -ovaldb-url="root:password@tcp(db:3306)/oval?parseTime=true" -gostdb-type=mysql -gostdb-url="root:password@tcp(db:3306)/gost?parseTime=true" -exploitdb-type=mysql -exploitdb-url="root:password@tcp(db:3306)/exploitdb?parseTime=true"

Use TUI to explore the report

docker-compose run --rm vuls tui -ignore-unfixed -config=./config.toml -cvedb-type=mysql -cvedb-url="root:password@tcp(db:3306)/cve?parseTime=true" 
-ovaldb-type=mysql -ovaldb-url="root:password@tcp(db:3306)/oval?parseTime=true" -gostdb-type=mysql -gostdb-url="root:password@tcp(db:3306)/gost?parseTime=true" -exploitdb-type=mysql -exploitdb-url="root:password@tcp(db:3306)/exploitdb?parseTime=true"