vuls v0.7 releases: Vulnerability scanner for Linux/FreeBSD

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually. This leads to the following problems.

  • System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) or similar databases.
  • It might be impossible for the system administrator to monitor all the software if there are a large number of software installed in server.
  • It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

Vuls is a tool created to solve the problems listed above. It has the following characteristics.

  • Informs users of the vulnerabilities that are related to the system.
  • Informs users of the servers that are affected.
  • Vulnerability detection is done automatically to prevent any oversight.
  • Report is generated on regular basis using CRON or other methods. to manage vulnerability.

Main Features

  • Scan for any vulnerabilities in Linux/FreeBSD Server
    • Supports Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, FreeBSD and Raspbian
    • Cloud, on-premise, Docker
  • Scan middleware that are not included in OS package management
    • Scan middleware, programming language libraries and framework for vulnerability
    • Support software registered in CPE
  • Agentless architecture
    • User is required to only setup one machine that is connected to other target servers via SSH
  • Nondestructive testing
  • Pre-authorization is not necessary before scanning on AWS
  • Auto-generation of configuration file template
    • Auto-detection of servers set using CIDR, generate configuration file template
  • Email and Slack notification is possible (supports the Japanese language)
  • Scan result is viewable on accessory software, TUI Viewer on the terminal or Web UI (VulsRepo).

Changelog v0.7

New Features

WordPress Vulnerability Scan (core, plugin, theme)

For non-commercial use, you can use this WordPress integration for free.
But for commercial use, You have to send a E-Mail to the WPVulnDB team.
For Details, see the NOTE:

If you are under any doubt if your software is classed as non-commercial and/or would like to inquire about commercial usage of our databases get in touch.

First, you need to register a user and get the API token from your profile page on wpvulndb.com.
And then, check whether the wp command is insatalled on the scan target server.

  • cmdPath: A path of wp-cli on the WordPress server
  • osUser: A OS user of wp-cli on the WordPress server
  • docRoot: A path of document root on the WordPress server
  • wpVulnDBToken: A token of WPVULNDB API
  • ignoreInactive: Ignore plugins or themes which are inactive state

    Scan

    To scan WordPress, execute as below.

    $ vuls scan kusanagi
    

    Vuls collects WordPrss Core version, plugins and themes via wp-cli.

    Reporting

    $ vuls report
    

    Vuls detects vulnerabilities via accessing WPVulnDB.com via HTTP.

More

DEMO

asciicast

Download and Tutorial

Copyright (C) 2016 Future Corporation, Japan

Share