search

future-architect / vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
https://vuls.io/
GNU General Public License v3.0
10.98k stars 1.16k forks source link

Vulsctl - Quickest Vuls setup #1742

Closed Mettthew closed 1 year ago

Mettthew commented 1 year ago

Hello everyone,

I am not very experienced in these things but I tried to download Vuls using the quick guide to download vulsctl, but I am experiencing some problems, but these are about the fact that I don't understand much about it, I don't think they are very difficult to solve, but I ask you if you can help me.

To perform the installation, I ran through the part of the documentation where Quickest Vuls setup is indicated, following the different steps indicated:

Setup Docker sudo systemctl start docker

Clone Vulsctl git clone https://github.com/vulsio/vulsctl.git cd vulsctl

Fetch Vulnerability Databases cd docker ./update-all.sh

This is now specified in the documentation: Prepare the config.toml in the vulsctl install directory similar to the configuration below.

So I created the config.toml file in the vulsctl directory configured as follows:

[servers] [servers.localhost] host = "127.0.0.1" port = "local" scanMode = ["fast"]

But when I run inside the Docker folder "scan.sh I get the following error:

Using default tag: latest latest: Pulling from vuls/vuls Digest: sha256:ba5f2b812a73548c3cc9949a033319018fe26da74578c3a4aade81b18f06cb05 Status: Image is up to date for vuls/vuls:latest docker.io/vuls/vuls:latest [Sep 25 16:27:48] INFO [localhost] vuls-v0.24.0-build-20230925_075439_1832b4e [Sep 25 16:27:48] ERROR [localhost] Error loading /vuls/config.toml If you update Vuls and get this error, there may be incompatible changes in config.toml Please check config.toml template : https://vuls.io/docs/en/usage-settings.html open /vuls/config.toml: no such file or directory

I don't know exactly what I should do because it doesn't seem to find the file in the Vuls directory, but the directory where I have the config.toml file is vulsctl.

Another question I'd like to ask is related to using Vuls, because from what I've seen I would have to specify for scanning Hosts other than local other information in the config.toml file, but can I scan an ip address (that I reach locally) without specifying a port to do a general scan?

I ask this question because I am studying for university different vulnerability scanners to scan a metasploitable sandbox target and I would like to compare the results of the different scans to return a single result

MaineK00n commented 1 year ago

@Mettthew, sorry for the delay in replying.

scan.sh is implemented like this and mounts PWD to /vuls inside the container. Therefore, you need to prepare config.toml in the working directory where scan.sh is executed. If you run scan.sh in the docker directory, config.toml is also required in the docker directory. https://github.com/vulsio/vulsctl/blob/master/docker/scan.sh

Regarding your second question, there is a remote scan function via SSH. Please refer to the tutorial below. When performing a remote scan using a docker container, please note that SSH must be able to be communicated from the docker container to the target. https://vuls.io/docs/en/tutorial-remote-scan.html