Are you looking for the best open source Vulnerability Scanner for your Linux / FreeBSD / WordPress / Network devices or Programming language libraries?. Pause, Vuls has been designed to give a system administrator, having to perform security vulnerability analysis and software update on a daily basis delight and peace of mind.

A vulnerability scanner is a piece of software designed to assess Applications, Computers, Network devices, middleware or programming language libraries for known weaknesses. They are used to discover the weaknesses of a given system, and some go to the extent of providing a fix or steps to close discovered weakness.

Vuls outstanding analysis features comes from its working model:

  • It informs users of the vulnerabilities that are related to the system.
  • Vuls informs users of the servers that are affected by a vulnerability.
  • In Vuls, Vulnerability detection is done automatically to prevent any oversight.
  • A report is generated on a regular basis using CRON or other methods to manage vulnerability.

Vuls has support for the following operating systems: Alpine, Ubuntu, Debian, RHEL, CentOS, Oracle Linux, Amazon Linux, FreeBSD, SUSE Enterprise and Raspbian.

Vuls Scan types

There are three major types of scan available on Vuls.

Fast Scan

  • Scan without root privilege, no dependencies
  • Almost no load on the scan target server
  • Offline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)

Fast Root Scan

  • Scan with root privilege
  • Almost no load on the scan target server
  • Detect processes affected by update using yum-ps (Red Hat, CentOS, Oracle Linux, and Amazon Linux)
  • Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
  • Offline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)

Deep Scan

  • Scan with root privilege
  • Parses the Changelog Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed. By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software it’s possible to create a list of all vulnerabilities that need to be fixed.
  • Sometimes load on the scan target server

The scans can be performed in any of the following modes.

Remote scan Mode: User is required to only setup one machine that is connected to other target servers via SSH

Local scan mode: If you don’t want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.

Server mode:

  • No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target serve.
  • First, start Vuls in server mode and listen as an HTTP server.
  • Start Vuls in server mode and listen as an HTTP server.
  • Next, issue a command on the scan target server to collect software information. Then send the result to Vuls Server via HTTP. You receive the scan results as JSON format.

How to Install Vuls

To easiest mode of running Vuls is in a docker container. You need Docker Engine installed on your Linux distribution before you can proceed. Check out our guide below.

How to Install Docker in Linux

Docker images available on Dockerhub are:

After installation, download Vuls docker images.

$ docker pull vuls/go-cve-dictionary
$ docker pull vuls/goval-dictionary
$ docker pull vuls/gost
$ docker pull vuls/vuls

To confirm versions, use:

$ docker run  --rm  vuls/go-cve-dictionary -v
go-cve-dictionary  3c7cb2e
$ docker run  --rm  vuls/goval-dictionary -v
goval-dictionary v0.1.1 5070051
$ docker run  --rm  vuls/gost -v
gost 39175c0
$ docker run  --rm  vuls/vuls -v
vuls  build-20190221_050916_53f4a29

See detailed Vuls usage guide on the next steps.