Vulnerability scanner for Linux/FreeBSD, agentless, written in golang. We have a slack team. Join slack team
Abstract
For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually. This leads to the following problems.
The system administrator will have to constantly watch out for any new vulnerabilities in NVD (National Vulnerability Database) or similar databases.
It might be impossible for the system administrator to monitor all the software if there are a large number of software packages installed in the server.
It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.
Vuls is a tool created to solve the problems listed above. It has the following characteristics.
Informs users of the vulnerabilities that are related to the system.
Informs users of the servers that are affected.
Vulnerability detection is done automatically to prevent any oversight.
A report is generated on a regular basis using CRON or other methods. to manage vulnerability.
First, start Vuls in server mode and listen as an HTTP server.
Next, issue a command on the scan target server to collect software information. Then send the result to Vuls Server via HTTP. You receive the scan results as JSON format.
No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target server.
Dynamic Analysis
It is possible to acquire the state of the server by connecting via SSH and executing the command.
Vuls warns when the scan target server was updated the kernel etc. but not restarting it.
Static Analysis
Vuls v0.8.0 can scan Docker images using knqyf263/trivy. Following Registry supported.