If you need to scan the machines on your network for vulnerabilities and are looking for one of the easiest options available, Vuls is a great way to go.
Vuls allows you to scan multiple operating systems using multiple methods, such as a fast scan and a deep scan. One of the nice things about Vuls is that it’s agentless, so you don’t have to worry about installing agents on every machine you need to scan. Vuls uses several vulnerability databases, such as NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA, and Changelog — so you can be sure if there’s a vulnerability, Vuls will catch it.
With Vuls, you can do both local and remote scanning. All remote scanning is done via SSH, so any targets will have to accept incoming SSH connections for it to work.
Let me walk you through the process of installing Vuls. I’ll demonstrate on an instance of Ubuntu Server 22.04. I’ll demonstrate two different methods of installing Vuls.
What You’ll Need
To get Vuls up and running, you’ll need a running instance of Linux and a user with sudo privileges. As I mentioned earlier, I’ll demonstrate this on an instance of Ubuntu Server 22.04. Both methods of installation will work.
The Best Installation Method
This method takes a bit more time, but it will give you the most up-to-date version of Vuls.
The first thing you’ll want to do is run an update/upgrade of your system. Remember, if the kernel is upgraded, you’ll need to reboot so the changes will take effect, which means you’ll want to do this at a time when a reboot is possible.
Run the update and upgrade with the command:
sudo apt-get update && sudo apt-get upgrade -y
When that finishes, install the necessary dependencies with:
sudo apt-get install debian-goodies reboot-notifier -y
When the above command is completed, download the installer script with:
wget https://raw.githubusercontent.com/vulsio/vulsctl/master/install-host/install.sh
Give the installer script executable permissions with:
chmod u+x install.sh
Run the installer with:
sudo ./install.sh
You will be prompted to accept the installation. When that happens, type “y” and hit Enter on your keyboard. The installation will take roughly 2 to 5 minutes to finish.
When the installation completes, verify it was successful with the command:
vuls help
You should be presented with the contents of the help file.
An Easier Installation Method
As I mentioned earlier, this installation method won’t install the most up-to-date version of Vuls but it certainly is easier because there’s a version of Vuls found in the standard repository. To run this installation, go back to your terminal window and issue the command:
sudo apt-get install vuls -y
Allow the installation to complete, and you’re ready to move on.
Configuring Vuls
The first thing you want to do is create a new directory for Vuls with the command:
sudo mkdir /opt/vuls
Change into that directory with the following:
cd /opt/vuls
Create the configuration file with:
sudo nano config.toml
Paste the following into the new file:
[cveDict] type = "sqlite3" SQLite3Path = "/opt/vuls/cve.sqlite3" [ovalDict] type = "sqlite3" SQLite3Path = "/opt/vuls/oval.sqlite3" [gost] type = "sqlite3" SQLite3Path = "/opt/vuls/gost.sqlite3" [metasploit] type = "sqlite3" SQLite3Path = "/opt/vuls/go-msfdb.sqlite3" [servers] [servers.localhost] host = "localhost" port = "local" scanMode = [ "fast-root" ] #scanMode = ["fast", "fast-root", "deep", "offline"]
Run the configuration test with:
sudo vuls configtest
If the configuration is good to go, you’ll see something like this in the output:
[Nov 13 17:48:14] INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode [Nov 13 17:48:14] INFO [localhost] Scannable servers are below... localhost
Creating a CVE Database
Now, we need to create a CVE database. Make sure you’re in the /opt/vuls directory and then run the following commands:
sudo gost fetch debian --dbpath /opt/vuls/gost.sqlite3 sudo go-cve-dictionary fetch nvd --dbpath /opt/vuls/cve.sqlite3 sudo goval-dictionary fetch debian 12 --dbpath /opt/vuls/oval.sqlite3 sudo go-msfdb fetch msfdb --dbpath /opt/vuls/go-msfdb.sqlite3
You should now see several files with the .sqlite3 extension.
Running Your First Scan
Let’s run a vulnerability scan on localhost with the command:
sudo vuls scan localhost
After the scan completes, you can then view the results with the command:
sudo vuls tui
You will see a multi-pane window that displays any discovered vulnerabilities.
Scanning Specific Distributions
Let’s say you have a RHEL 9 server at IP address 192.168.1.100 and you want to scan it with Vuls. To do that, you first have to download the OVAL CVE database specific to RHEL 9 with the command:
sudo goval-dictionary fetch redhat 9 --dbpath /opt/vuls/oval.sqlite3
Because Vuls uses SSH and depends on SSH key authentication, you’ll need to then generate an SSH key with:
ssh-keygen
Copy the key to the server with:
ssh-copy-id USERNAME@192.168.1.100
Replace the text USERNAME above with a username on the remote server.
We then need to edit the Vuls configuration file, so open it with:
sudo nano /opt/vuls/config.toml
At the bottom of the file, add the following:
[servers.rhel] host = "192.168.10.100" port = "22" user = "USERNAME" keyPath = "/home/USERNAME/.ssh/id_rsa" scanMode = [ "fast-root" ] # "fast", "fast-root" or "deep"
Make sure to replace the IP address with the IP address of your remote server and USERNAME with the actual username on the remote machine.
Save and close the file.
Once again, run the configuration test with:
sudo vuls configtest
You should see no errors.
To run the remote scan, issue this command in the /opt/vuls directory:
sudo vuls scan rhel
When the scan finishes, view the results using the sudo vuls tui command.
And that’s all there is to installing the Vuls vulnerability scanner on Ubuntu Server 22.04. Give this tool a try and see if it doesn’t help you uncover vulnerabilities on the machines connected to your LAN.
The post Vuls: A Free, Open Source Vulnerability Scanner for Linux appeared first on The New Stack.