The helm-vuls from einyx

Vuls docker stack

An awesome docker stack to scan and report to both on servers and container!
Explore the docs »

View Demo

About Vuls
- Built With
Getting Started
- Prerequisites
- Installation
Usage

About Vuls

[][]

For a system administrator, having to perform security vulnerability analysis and software updates on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrators to choose not to use the automatic update option provided by their package manager and instead perform updates manually. This leads to the following problems.

System administrators need to constantly monitor NVD (National Vulnerability Database) or similar databases for new vulnerabilities.
It might be impossible for the system administrator to monitor all software if there is a large number of installed packages on the server.
It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

Vuls is a tool created to solve the problems listed above. It has the following characteristics.

Informs users of the vulnerabilities that are related to the system.
Informs users of the servers that are affected.
Vulnerability detection is done automatically to prevent any oversight.
Report is generated on regular basis using CRON or other methods to manage vulnerability.

Scan for any vulnerabilities in Linux/FreeBSD Server

Supports major Linux/FreeBSD such as: Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD, Cloud, on-premise, Docker

High quality scan

Vuls uses Multiple vulnerability databases

[NVD]
JVN
[OVAL]
- [RedHat]
- [Debian]
- [Ubuntu]
- [SUSE]
- [OracleLinux]
[Alpine-secdb]
[RedHat-SecurityAdvisories]
[Debian-SecurityBugTracker]
[Commands](yum, zypper, pkg-audit)
- [RHSA/ALAS/ELSA/FreeBSD-SA]
[Exploit-Database]
[US-CERT]
[JPCERT]
[WPVulnDB]
[Node.js-Security-Working-Group]
[Ruby-AdvisoryDatabase]
Safety-DB
[PHP-SecurityAdvisoriesDatabase]
[RustSec-AdvisoryDatabase]
[Changelog]

Getting Started

Prerequisites

Config.toml

Slack

[slack]
hookURL      = "https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXXX/XXXXXXXXXXXXXXXXXXX"
channel      = "#vuls_results"
authUser     = "vuls report"

[servers]
[servers.k8s-master1]
host        = "192.168.1.21"
port        = "22"
user        = "root"
keyPath     = "/root/.ssh/id_rsa"

Usage

Populate the DB

# sudo docker-compose exec db bash
# mysql -u root -p password
create database exploitdb;
create database gost;
create database oval;
exit

# (CVE)
for i in `seq 2002 $(date +"%Y")`; do  sudo docker-compose run --rm cve fetchnvd -dbtype=mysql -dbpath="root:password@tcp(db:3306)/cve?parseTime=true" -years $i;   done

# (JVN)
for i in `seq 1998 $(date +"%Y")`; do sudo docker-compose run --rm cve fetchjvn -dbtype=mysql -dbpath="root:password@tcp(db:3306)/cve?parseTime=true" -years $i; done

# OVAL (RHEL)
sudo docker-compose run --rm oval fetch-redhat -dbtype=mysql -dbpath="root:password@tcp(db:3306)/oval?parseTime=true" 6 7

## gost (RHEL)
sudo docker-compose run --rm gost fetch redhat --dbtype=mysql --dbpath="root:password@tcp(db:3306)/gost?parseTime=true"

## exploitdb
sudo docker-compose run --rm go-exploitdb fetch exploitdb --dbtype=mysql --dbpath="root:password@tcp(db:3306)/exploitdb?parseTime=true"

DB update

# (CVE)
docker-compose run --rm cve fetchnvd -dbtype=mysql -dbpath="root:password@tcp(db:3306)/cve?parseTime=true" -latest
# (JVN)
docker-compose run --rm cve fetchjvn -dbtype=mysql -dbpath="root:password@tcp(db:3306)/cve?parseTime=true" -latest
# OVAL (RHEL)
docker-compose run --rm oval fetch-redhat -dbtype=mysql -dbpath="root:password@tcp(db:3306)/oval?parseTime=true" 6 7
## gost (RHEL)
docker-compose run --rm gost fetch redhat --dbtype=mysql --dbpath="root:password@tcp(db:3306)/gost?parseTime=true"
## expliotdb
docker-compose run --rm go-exploitdb fetch exploitdb --dbtype=mysql --dbpath="root:password@tcp(db:3306)/exploitdb?parseTime=true"

Test theconfigf

docker-compose run --rm vuls configtest -config=./config.toml

Start a Scan

docker-compose run --rm vuls scan -config=./config.toml

Report

docker-compose run --rm vuls report -ignore-unfixed -lang ja -config=./config.toml -cvedb-type=mysql -cvedb-url="root:password@tcp(db:3306)/cve?parseTime=true" -ovaldb-type=mysql -ovaldb-url="root:password@tcp(db:3306)/oval?parseTime=true" -gostdb-type=mysql -gostdb-url="root:password@tcp(db:3306)/gost?parseTime=true" -exploitdb-type=mysql -exploitdb-url="root:password@tcp(db:3306)/exploitdb?parseTime=true"

Use TUI to explore the report

docker-compose run --rm vuls tui -ignore-unfixed -config=./config.toml -cvedb-type=mysql -cvedb-url="root:password@tcp(db:3306)/cve?parseTime=true" 
-ovaldb-type=mysql -ovaldb-url="root:password@tcp(db:3306)/oval?parseTime=true" -gostdb-type=mysql -gostdb-url="root:password@tcp(db:3306)/gost?parseTime=true" -exploitdb-type=mysql -exploitdb-url="root:password@tcp(db:3306)/exploitdb?parseTime=true"

einyx / helm-vuls Goto Github PK

helm-vuls's Introduction

Vuls docker stack

Table of Contents

About Vuls

Scan for any vulnerabilities in Linux/FreeBSD Server

High quality scan

Getting Started

Prerequisites

Config.toml

Slack

Usage

Populate the DB

DB update

Test theconfigf

Start a Scan

Report

Use TUI to explore the report

helm-vuls's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

Recommend Topics

Recommend Org