Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Overview

Vuls: VULnerability Scanner

Slack License Build Status Go Report Card Contributors

Vuls-logo

Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_en

Vuls-Abstract

Vulsrepo

asciicast

Vuls-slack


Abstract

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually. This leads to the following problems.

  • The system administrator will have to constantly watch out for any new vulnerabilities in NVD (National Vulnerability Database) or similar databases.
  • It might be impossible for the system administrator to monitor all the software if there are a large number of software packages installed in the server.
  • It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

Vuls is a tool created to solve the problems listed above. It has the following characteristics.

  • Informs users of the vulnerabilities that are related to the system.
  • Informs users of the servers that are affected.
  • Vulnerability detection is done automatically to prevent any oversight.
  • A report is generated on a regular basis using CRON or other methods. to manage vulnerability.

Vuls-Motivation


Main Features

Scan for any vulnerabilities in Linux/FreeBSD Server

Supports major Linux/FreeBSD

  • Alpine, Amazon Linux, CentOS, Debian, Oracle Linux, Raspbian, RHEL, SUSE Enterprise Linux, and Ubuntu
  • FreeBSD
  • Cloud, on-premise, Running Docker Container

High-quality scan

Scan mode

Fast Scan

  • Scan without root privilege, no dependencies
  • Almost no load on the scan target server
  • Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)

Fast Root Scan

  • Scan with root privilege
  • Almost no load on the scan target server
  • Detect processes affected by update using yum-ps (Amazon Linux, CentOS, Oracle Linux, and RedHat)
  • Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
  • Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)

Remote, Local scan mode, Server mode

Remote scan mode

  • User is required to only set up one machine that is connected to other target servers via SSH

Local scan mode

  • If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.

Server mode

  • First, start Vuls in server mode and listen as an HTTP server.
  • Next, issue a command on the scan target server to collect software information. Then send the result to Vuls Server via HTTP. You receive the scan results as JSON format.
  • No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target server.

Dynamic Analysis

  • It is possible to acquire the state of the server by connecting via SSH and executing the command.
  • Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

Scan vulnerabilities of non-OS-packages

  • Libraries of programming language
  • Self-compiled software
  • Network Devices

Vuls has some options to detect the vulnerabilities

Scan WordPress core, themes, plugins

MISC

  • Nondestructive testing
  • Pre-authorization is NOT necessary before scanning on AWS
    • Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
  • Auto-generation of configuration file template
    • Auto-detection of servers set using CIDR, generate configuration file template
  • Email and Slack notification is possible (supports Japanese language)
  • Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI (VulsRepo).

What Vuls Doesn't Do

  • Vuls doesn't update the vulnerable packages.

Document

For more information such as Installation, Tutorial, Usage, visit vuls.io
日本語翻訳ドキュメント


Authors

kotakanbe (@kotakanbe) created vuls and these fine people have contributed.

Contribute

see vulsdoc


Stargazers over time

Stargazers over time

-----;

License

Please see LICENSE.

Comments
  • I got a error output as the description when running the scan.sh

    I got a error output as the description when running the scan.sh

    The executed command: #./update-all.sh ... #./scan.sh Using default tag: latest latest: Pulling from vuls/vuls Digest: sha256:3aba376c0bab1adc59a84b8ec59ace3e050b7438e1d4dd29855e4002dd5d9ef6 Status: Image is up to date for vuls/vuls:latest [Feb 25 10:23:54] INFO [localhost] vuls-v0.15.9-build-20210225_011640_518f4dc [Feb 25 10:23:54] INFO [localhost] Validating config... [Feb 25 10:23:54] INFO [localhost] Detecting Server/Container OS... [Feb 25 10:23:54] INFO [localhost] Detecting OS of servers... [Feb 25 10:23:54] ERROR [localhost] Failed to configtest: Failed to init servers. err: github.com/future-architect/vuls/scanner.Scanner.Configtest /go/src/github.com/future-architect/vuls/scanner/serverapi.go:101

    • No scannable host OS: github.com/future-architect/vuls/scanner.Scanner.initServers /go/src/github.com/future-architect/vuls/scanner/serverapi.go:229

    #cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core)

    Did I miss something so that it couldn't detect the server distro? Thanks.

    question 
    opened by ZhixiongChi 17
  • WordPress Vulnerability Scan (core, plugin, theme)

    WordPress Vulnerability Scan (core, plugin, theme)

    https://wpvulndb.com/api provides vulnerability information. wp command can get WordPress core, plugin and theme version. It seems to be able to detect using this version information and vulnerability database.

    WP core version

    wp core version --path=/home/kusanagi/yokota/DocumentRoot/
    4.9.6
    

    Which plugin installed

    [[email protected]~]# wp plugin list --path=/home/hoge/wp/DocumentRoot/ --format=json | jq "."
    [
      {
        "name": "akismet",
        "status": "inactive",
        "update": "none",
        "version": "4.0.8"
      },
      {
        "name": "bootstrap-for-contact-form-7",
        "status": "active",
        "update": "none",
        "version": "1.4.8"
      },
      {
        "name": "contact-form-7",
        "status": "active",
        "update": "available",
        "version": "5.0.2"
      },
      {
        "name": "dentist-cpt",
        "status": "active",
        "update": "none",
        "version": "1.0"
      },
      {
        "name": "hello",
        "status": "inactive",
        "update": "none",
        "version": "1.7"
      },
      {
        "name": "insta-gallery",
        "status": "active",
        "update": "available",
        "version": "1.6.1"
      },
      {
        "name": "translatepress-multilingual",
        "status": "inactive",
        "update": "available",
        "version": "1.2.5"
      },
      {
        "name": "unyson",
        "status": "active",
        "update": "available",
        "version": "2.7.18"
      },
      {
        "name": "wp-multibyte-patch",
        "status": "inactive",
        "update": "none",
        "version": "2.8.1"
      },
      {
        "name": "kusanagi-wp-configure",
        "status": "must-use",
        "update": "none",
        "version": "0.7"
      },
      {
        "name": "wp-kusanagi",
        "status": "must-use",
        "update": "none",
        "version": "1.0.24"
      }
    ]
    

    Which theme installed

    [[email protected] ~]# wp theme list --path=/home/hoge/wp/DocumentRoot/ --format=js
    on | jq "."
    [
      {
        "name": "dentist_wp",
        "status": "active",
        "update": "none",
        "version": "1.6.6"
      },
      {
        "name": "twentyfifteen",
        "status": "inactive",
        "update": "none",
        "version": "2.0"
      },
      {
        "name": "twentyseventeen",
        "status": "inactive",
        "update": "none",
        "version": "1.6"
      },
      {
        "name": "twentysixteen",
        "status": "inactive",
        "update": "none",
        "version": "1.5"
      }
    ]
    
    

    Vulnerability Database

    https://wpvulndb.com/api

    curl -H "Authorization: Token token=API_TOKEN" https://wpvulndb.com/api/v3/plugins/eshop
    JSON response (prettified)
    
    {
      "eshop": {
        "latest_version": "6.3.14",
        "last_updated": "2015-09-10T09:16:00.000Z",
        "popular": false,
        "vulnerabilities": [
          {
            "id": 7004,
            "title": "eShop - wp-admin/admin.php Multiple Parameter XSS",
            "created_at": "2014-08-01T10:59:06.000Z",
            "updated_at": "2015-05-15T13:48:24.000Z",
            "published_date": null,
            "references": {
              "url": [
                "http://seclists.org/bugtraq/2011/Aug/52",
                "http://www.htbridge.ch/advisory/multiple_xss_in_eshop_for_wordpress.html"
              ],
              "secunia": [
                "45553"
              ]
            },
            "vuln_type": "XSS",
            "fixed_in": "6.2.9"
          },
          {
            "id": 7967,
            "title": "eShop <= 6.3.11 - Remote Code Execution",
            "created_at": "2015-05-06T20:33:09.000Z",
            "updated_at": "2015-07-04T19:10:12.000Z",
            "published_date": "2015-05-06T00:00:00.000Z",
            "references": {
              "url": [
                "http://packetstormsecurity.com/files/131783/",
                "https://plugins.trac.wordpress.org/changeset/1170942/eshop"
              ],
              "cve": [
                "2015-3421"
              ]
            },
            "vuln_type": "RCE",
            "fixed_in": "6.3.12"
          },
          {
            "id": 8180,
            "title": "eShop <= 6.3.13 - Reflected Cross-Site Scripting (XSS) & CSRF",
            "created_at": "2015-09-09T20:36:51.000Z",
            "updated_at": "2015-09-09T20:36:51.000Z",
            "published_date": "2015-09-09T00:00:00.000Z",
            "references": {
              "url": [
                "http://packetstormsecurity.com/files/133480/"
              ]
            },
            "vuln_type": "XSS",
            "fixed_in": null
          }
        ]
      }
    }
    
    opened by kotakanbe 17
  • Ubuntu failed to scan vulnerable packages

    Ubuntu failed to scan vulnerable packages

    [Oct  6 14:27:33] DEBUG [x-x-x-x] SSHResult: servername: x-x-x-x, cmd: set -o pipefail; sudo -S LANG=en_US.UTF-8 apt-get upgrade --dry-run, exitstatus: 0, stdout: ^MReading package lists... 0%^MReading package lists... 100%^MReading package lists... Done
    ^MBuilding dependency tree... 0%^MBuilding dependency tree... 0%^MBuilding dependency tree... 50%^MBuilding dependency tree... 50%^MBuilding dependency tree       
    ^MReading state information... 0%^MReading state information... 0%^MReading state information... Done
    ^MCalculating upgrade... 0%^MCalculating upgrade... 50%^MCalculating upgrade... Done
    The following packages were automatically installed and are no longer required:
      linux-headers-3.19.0-65 linux-headers-3.19.0-65-generic linux-headers-4.4.0-34 linux-headers-4.4.0-34-generic linux-image-3.19.0-65-generic linux-image-3.19.0-66-generic linux-image-4.4.0-34-generic linux-image-extra-3.19.0-65-generic
      linux-image-extra-4.4.0-34-generic linux-image-generic-lts-vivid
    Use 'sudo apt autoremove' to remove them.
    The following packages will be upgraded:
      initramfs-tools initramfs-tools-bin initramfs-tools-core klibc-utils libklibc ntp ntpdate
    7 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
    Inst ntp [1:4.2.8p4+dfsg-3ubuntu5.1] (1:4.2.8p4+dfsg-3ubuntu5.3 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
    Inst ntpdate [1:4.2.8p4+dfsg-3ubuntu5.1] (1:4.2.8p4+dfsg-3ubuntu5.3 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
    Inst klibc-utils [2.0.4-8ubuntu1.16.04.1] (2.0.4-8ubuntu1.16.04.2 Ubuntu:16.04/xenial-updates [amd64]) []
    Inst initramfs-tools [0.122ubuntu8.1] (0.122ubuntu8.3 Ubuntu:16.04/xenial-updates [all]) []
    Inst initramfs-tools-core [0.122ubuntu8.1] (0.122ubuntu8.3 Ubuntu:16.04/xenial-updates [all]) []
    Inst initramfs-tools-bin [0.122ubuntu8.1] (0.122ubuntu8.3 Ubuntu:16.04/xenial-updates [amd64]) []
    Inst libklibc [2.0.4-8ubuntu1.16.04.1] (2.0.4-8ubuntu1.16.04.2 Ubuntu:16.04/xenial-updates [amd64])
    Conf ntp (1:4.2.8p4+dfsg-3ubuntu5.3 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
    Conf ntpdate (1:4.2.8p4+dfsg-3ubuntu5.3 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
    Conf libklibc (2.0.4-8ubuntu1.16.04.2 Ubuntu:16.04/xenial-updates [amd64])
    Conf klibc-utils (2.0.4-8ubuntu1.16.04.2 Ubuntu:16.04/xenial-updates [amd64])
    Conf initramfs-tools-bin (0.122ubuntu8.3 Ubuntu:16.04/xenial-updates [amd64])
    Conf initramfs-tools-core (0.122ubuntu8.3 Ubuntu:16.04/xenial-updates [all])
    Conf initramfs-tools (0.122ubuntu8.3 Ubuntu:16.04/xenial-updates [all])
    , stderr: , err: %!s(<nil>)
    [Oct  6 14:27:33] ERROR [x-x-x-x] Failed to scan vulnerable packages
    

    I have tested on both 16.04 and 14.04 with the same results. I can provide any other information required.

    Cheers Will

    bug 
    opened by william20111 16
  • Support Alpine Linux

    Support Alpine Linux

    Alpine linux is becoming a large part of the Docker and VM community due to its small disk/memory footprint and security standards.

    https://alpinelinux.org/

    It would be nice to see support for this as a scan target. It uses its own package manager, apk.

    enhancement P/RWelcome 
    opened by olds463 15
  • Freebsd jails

    Freebsd jails

    What did you implement:

    sort of closes #453

    How did you implement it:

    Started to read up on the code tonight and tried to fiddle with it and get it to work with FreeBSD jails.

    I basically copied the code for lxc and changed it to match how jails work. And in a very simple case with four jails running on a host it seems to work just fine.

    # ./vuls scan
    [Aug  2 00:11:57]  INFO [localhost] Start scanning
    [Aug  2 00:11:57]  INFO [localhost] config: /usr/local/etc/vuls/config.toml
    [Aug  2 00:11:57]  INFO [localhost] Validating config...
    [Aug  2 00:11:57]  INFO [localhost] Detecting Server/Container OS... 
    [Aug  2 00:11:57]  INFO [localhost] Detecting OS of servers... 
    [Aug  2 00:12:03]  INFO [localhost] (1/1) Detected: core: FreeBSD 11.1-RELEASE
    [Aug  2 00:12:03]  INFO [localhost] Detecting OS of containers... 
    [Aug  2 00:12:17]  INFO [localhost] Detected: [email protected]: FreeBSD 11.1-RELEASE
    [Aug  2 00:12:17]  INFO [localhost] Detected: [email protected]: FreeBSD 11.1-RELEASE
    [Aug  2 00:12:17]  INFO [localhost] Detecting Platforms... 
    [Aug  2 00:12:19]  INFO [localhost] (1/3) core is running on other
    [Aug  2 00:12:19]  INFO [localhost] (2/3) system on core is running on aws
    [Aug  2 00:12:19]  INFO [localhost] (3/3) ap on core is running on aws
    [Aug  2 00:12:19]  INFO [localhost] Scanning vulnerabilities... 
    [Aug  2 00:12:19]  INFO [localhost] Scanning vulnerable OS packages...
    

    Is this ready for review?: NO
    Is it a breaking change?: NO

    opened by ankerstal 13
  • x509: certificate signed by unknown authority

    x509: certificate signed by unknown authority

    Environment

    Ubuntu 16.04

    Vuls

    Hash : vuls v0.1.7 46f9674

    Go

    • Go version: not installed?

    Current Output

    Addition Details

    Vuls is working with "report-json" but is unable to send the report via E-Mail. My Mailserver is using Starttls and a Testmail from my Vuls Server to the Mailserver via "mail" command is working.

    I think the issue could be solved if I can somewhere add a certificate verify ignore flag.

    Expected Behavior

    Send Report via E-Mail

    Actual Behavior

    "Failed to report, err: Failed to send emails: x509: certificate signed by unknown authority"

    enhancement P/RWelcome 
    opened by Klar 13
  • too many SQL variables

    too many SQL variables

    while working with docker ./report.sh and /tui.sh aren't generating the expected output but:

    [Aug 30 09:30:07] ERROR [localhost] Failed to fill with CVE: Failed to fetch CVE. err: too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables; too many SQL variables

    bug 
    opened by vgiuffredi 12
  • wrong version comparison on alpine packages

    wrong version comparison on alpine packages

    What did you do? (required. The issue will be closed when not provided.)

    Installed jq on alpine 3.11.3 The installed package is 1.6-r0 and scanned this alpine

    What did you expect to happen?

    The expected result is that the jq is not vulnerable

    What happened instead?

    in the report we see that jq is vulnerable to CVE-2016-4074

    I did some investigation and it seems the problem in the go-rpm-version

    package main import ( "fmt" rpmver "github.com/knqyf263/go-rpm-version" ) func ver_func() { vera := rpmver.NewVersion("1.6-r0") verb := rpmver.NewVersion("1.6_rc1-r0") fmt.Printf("installed %s < Fixed %s %v\n", vera, verb, vera.LessThan(verb)) } func main() { ver_func() } gives: installed 1.6-r0 < Fixed 1.6_rc1-r0 true

    bug 
    opened by wagdez 12
  • Panic on packet scan

    Panic on packet scan

    goroutine 534 [running]:
    panic(0xae3440, 0xc8206f89b0)
        /usr/local/go/src/runtime/panic.go:481 +0x3e6
    github.com/future-architect/vuls/scan.parallelSSHExec.func1(0xe7c660, 0xc820010c60, 0x7f19c96fb000, 0xc8201054a0)
        /go/src/github.com/future-architect/vuls/scan/sshutil.go:80 +0x37d
    created by github.com/future-architect/vuls/scan.parallelSSHExec
        /go/src/github.com/future-architect/vuls/scan/sshutil.go:84 +0x166
    

    I saw this on my latest scan, if it helps

    bug 
    opened by theonlydoo 12
  • OS detection get unsuccessful in first run

    OS detection get unsuccessful in first run

    What did you do? (required. The issue will be closed when not provided.)

    vuls scan ubuntu

    What did you expect to happen?

    Complete scan successfully in first attempt (run)

    What happened instead?

    Couldn't determine OS of server. the step timeout. Or, we can cancel whole thing with ctrl+c and then again run same command "vuls scan ubuntu" and everything is fine 2nd time.

    • Current Output freeze in line " INFO [localhost] Detecting OS of servers... " Please re-run the command using -debug and provide the output below.

    when used --debug, the working is normal and fine sometimes. log below:

    $ vuls scan -debug ubuntu [Aug 21 09:11:01] INFO [localhost] Start scanning [Aug 21 09:11:01] INFO [localhost] config: /home/ubuntu/config.toml [Aug 21 09:11:01] DEBUG [localhost] { "logpoint": config.ServerInfo{ ServerName: “ubuntu”, User: "vuls", Host: “xyz”, Port: "22", KeyPath: "/home/ubuntu/vuls_keys/id_rsa_vuls_az", KeyPassword: "", CpeNames: []string{}, DependencyCheckXMLPath: "", Containers: config.Containers{ Type: "", Includes: []string{}, Excludes: []string{}, }, IgnoreCves: []string{}, Optional: [][]interface {}{}, Enablerepo: []string{}, Type: "", LogMsgAnsiColor: "\x1b[33m", Container: config.Container{ ContainerID: "", Name: "", Image: "", }, Distro: config.Distro{ Family: "", Release: "", }, IPv4Addrs: []string{}, IPv6Addrs: []string{}, }, } [Aug 21 09:11:01] INFO [localhost] Validating config... [Aug 21 09:11:01] INFO [localhost] Detecting Server/Container OS... [Aug 21 09:11:01] INFO [localhost] Detecting OS of servers... [Aug 21 09:11:01] DEBUG [localhost] Executing... ls /etc/debian_version [Aug 21 09:16:01] ERROR [localhost] Timed out while detecting servers [Aug 21 09:16:01] ERROR [localhost] (1/1) Timed out: ubuntu [Aug 21 09:16:01] ERROR [localhost] Failed to init servers: No scannable servers

    Steps to reproduce the behaviour

    uncertain. vuls scan ubuntu

    Configuration (MUST fill this out):

    • Go version (go version): go version go1.10.3 linux/amd64
    • Go environment (go env):

    GOARCH="amd64" GOBIN="" GOCACHE="/home/ubuntu/.cache/go-build" GOEXE="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOOS="linux" GOPATH="/home/ubuntu/go" GORACE="" GOROOT="/usr/local/go" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64" GCCGO="gccgo" CC="gcc" CXX="g++" CGO_ENABLED="1" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build834591688=/tmp/go-build -gno-record-gcc-switches"

    • Vuls environment:

    Hash : ____ vuls v0.4.2 fe582ac

    To check the commit hash of HEAD $ vuls -v

    or

    $ cd $GOPATH/src/github.com/future-architect/vuls $ git rev-parse --short HEAD

    • config.toml:

    • command:

    vuls scan ubuntu

    opened by thinksabin 11
  • CentOS invalid  YumRepo  vuls result 「0 CVEs」

    CentOS invalid YumRepo vuls result 「0 CVEs」

    vuls version: vuls v0.2.0 5581a5c

    CentOSにて不正なyumリポジトリを定義されていると、yum --changelog updateの結果に以下のようなエラーが出力されることがあります

    Error: Package: erlang-observer-18.3.4.4-1.el7.x86_64 (CentOS-cloud-mirror_mitaka)
               Requires: erlang-kernel(x86-64) = 18.3.4.4-1.el7
               Removing: erlang-kernel-18.0-1.el7.centos.x86_64 (@erlang)
    

    このエラーが発生すると一切changelogが出力されない為にvuls結果が「0CVEs」となり、脆弱性無しと判断されております

    scan_server-001 centos7.1.1503  0 CVEs  545 updatable packages
    

    上記により、少しでも脆弱性チェックされるように以下のように改造してみました ChangeLogを解析中に「Error: Package: 」を検出した場合、()内のリポジトリ名を不正リポジトリとして 再度「yum --changelog update」する際に、disablerepoを設定 「yum --disablerepo=CentOS-cloud-mirror_mitaka, --changelog update」

    diff --git a/scan/redhat.go b/scan/redhat.go
    index 0d0bbbe..dad8c9e 100644
    --- a/scan/redhat.go
    +++ b/scan/redhat.go
    @@ -279,17 +279,29 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (models.VulnInfos, er
                    CveIDs   []string
            }
    
    -       allChangelog, err := o.getAllChangelog(packInfoList)
    -       if err != nil {
    -               o.log.Errorf("Failed to getAllchangelog. err: %s", err)
    -               return nil, err
    -       }
    -
    -       // { packageName: changelog-lines }
    +       err_repos := make(map[string]bool)
            var rpm2changelog map[string]*string
    -       rpm2changelog, err = o.parseAllChangelog(allChangelog)
    -       if err != nil {
    -               return nil, fmt.Errorf("Failed to parseAllChangelog. err: %s", err)
    +
    +       for cnt := 0; cnt <= 1; cnt++ {
    +               allChangelog, err := o.getAllChangelog(packInfoList, err_repos)
    +               if err != nil {
    +                       o.log.Errorf("Failed to getAllchangelog. err: %s", err)
    +                       return nil, err
    +               }
    +
    +               // { packageName: changelog-lines }
    +               err_repos = make(map[string]bool)
    +               rpm2changelog, err = o.parseAllChangelog(allChangelog, err_repos)
    +               if err != nil {
    +                       return nil, fmt.Errorf("Failed to parseAllChangelog. err: %s", err)
    +               }
    +               if len(err_repos) == 0 {
    +                       o.log.Debugf("All Success Repo")
    +                       break
    +               }
    +               for err_repo, _ := range err_repos {
    +                       o.log.Errorf("Failed to Repo: %s", err_repo)
    +               }
            }
    
            var results []PackInfoCveIDs
    @@ -452,7 +464,7 @@ func (o *redhat) getChangelogCVELines(rpm2changelog map[string]*string, packInfo
            return retLine
     }
    
    -func (o *redhat) parseAllChangelog(allChangelog string) (map[string]*string, error) {
    +func (o *redhat) parseAllChangelog(allChangelog string, err_repos map[string]bool) (map[string]*string, error) {
            var majorVersion int
            var err error
            if o.Distro.Family == "centos" {
    @@ -466,6 +478,20 @@ func (o *redhat) parseAllChangelog(allChangelog string) (map[string]*string, err
            tmpline := ""
            var lines []string
            var prev, now bool
    +
    +       var changelogErrorPattern = regexp.MustCompile(`^Error: Package: `)
    +       for i := range orglines {
    +               if changelogErrorPattern.MatchString(orglines[i]) {
    +                       o.log.Debugf("ErrorLine: %s", orglines[i])
    +                       temp := o.regexpReplace(orglines[i], `.*\(`, "")
    +                       err_repos[o.regexpReplace(temp, `\).*`, "")] = true
    +               }
    +       }
    +       if len(err_repos) != 0 {
    +               o.log.Debugf("Disable Repos: %s", err_repos)
    +               return nil, nil
    +       }
    +
            for i := range orglines {
                    if majorVersion == 5 {
                            /* for CentOS5 (yum-util < 1.1.20) */
    @@ -531,7 +557,7 @@ func (o *redhat) parseAllChangelog(allChangelog string) (map[string]*string, err
     }
    
     // CentOS
    -func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout string, err error) {
    +func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList, err_repos map[string]bool) (stdout string, err error) {
            packageNames := ""
            for _, packInfo := range packInfoList {
                    packageNames += fmt.Sprintf("%s ", packInfo.Name)
    @@ -550,6 +576,14 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st
                    yumopts += " --skip-broken"
            }
    
    +       if len(err_repos) != 0 {
    +               yumopts += " --disablerepo="
    +               for err_repo, _ := range err_repos {
    +                       yumopts += err_repo + ","
    +               }
    +       }
    +       o.log.Debugf("yumopts: %s", yumopts)
    +
            // yum update --changelog doesn't have --color option.
            command += fmt.Sprintf(" LANGUAGE=en_US.UTF-8 yum %s --changelog update ", yumopts) + packageNames
    

    結果として、「72CVEs」となり、脆弱性有りとして認識可能となっております

    実行ログには
    [Feb 27 17:26:56]  WARN [scan_server-001] Not found the package in rpm -qa. candidate: python2-traceback2--
    [Feb 27 17:26:56]  WARN [scan_server-001] Not found the package in rpm -qa. candidate: python2-urllib3--
    [Feb 27 17:27:40] ERROR [scan_server-001] Failed to Repo: CentOS-cloud-mirror_mitaka
    [Feb 27 17:28:25]  INFO [scan_server-001] (1/581) Scanned MySQL-python-1.2.3-11.el7 -> 1.2.5-1.el7 : []
    [Feb 27 17:28:25]  INFO [scan_server-001] (2/581) Scanned abrt-2.1.11-22.el7.centos.0.1 -> 2.1.11-45.el7.centos : []
    
    と出力となり
    
    vuls結果は
    scan_server-001 centos7.1.1503  72 CVEs 545 updatable packages
    

    最後に 実際に本エラーの回収案はどのように検討されておりますでしょうか? エラーパッケージを検出したら、その時点でvulsを異常終了させるなど

    P/RWelcome 
    opened by yas-ysd 11
  • chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.0

    chore(deps): bump github.com/aquasecurity/trivy from 0.31.3 to 0.32.0

    Bumps github.com/aquasecurity/trivy from 0.31.3 to 0.32.0.

    Release notes

    Sourced from github.com/aquasecurity/trivy's releases.

    v0.32.0

    Changelog

    • 585985ed docs: add Rekor SBOM attestation scanning (#2893)
    • d30fa00a chore: narrow the owner scope (#2894)
    • 38c1513a fix: remove a patch number from the recommendation link (#2891)
    • ba29ce64 fix: enable parsing of UUID-only rekor entry ID (#2887)
    • 018eda61 docs(sbom): add SPDX scanning (#2885)
    • 20f1e599 docs: restructure docs and add tutorials (#2883)
    • 192fd78c feat(sbom): scan sbom attestation in the rekor record (#2699)
    • 597836c3 feat(k8s): support outdated-api (#2877)
    • 6c7bd67c chore(deps): bump github.com/moby/buildkit from 0.10.3 to 0.10.4 (#2815)
    • 41270434 fix(c): support revisions in Conan parser (#2878)
    • b677d7e2 feat: dynamic links support for scan results (#2838)
    • 8e03bbb4 chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 (#2818)
    • 27005c7d docs: update archlinux commands (#2876)
    • b6e394dc feat(secret): add line from dockerfile where secret was added to secret result (#2780)
    • 9f6680a1 feat(sbom): Add unmarshal for spdx (#2868)
    • db0aaf18 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#2827)
    • bb3220c3 fix: revert asff arn and add documentation (#2852)
    • c51f2b82 docs: batch-import-findings limit (#2851)
    • 552732b5 chore(deps): bump golang from 1.19.0 to 1.19.1 (#2872)
    • 3165c376 feat(sbom): Add marshal for spdx (#2867)
    • dac2b4a2 build: checkout before setting up Go (#2873)
    • 39f83afe chore: bump Go to 1.19 (#2861)
    • 0ce95830 docs: azure doc and trivy (#2869)
    • 2f379616 fix: Scan tarr'd dependencies (#2857)
    • db14ef3c chore(helm): helm test with ingress (#2630)
    • acb65d56 feat(report): add secrets to sarif format (#2820)
    • a18cd7c0 chore(deps): bump azure/setup-helm from 1.1 to 3.3 (#2807)
    • 2de903ca refactor: add a new interface for initializing analyzers (#2835)
    • 63c3b8ed chore(deps): bump github.com/aws/aws-sdk-go from 1.44.77 to 1.44.92 (#2840)
    • 6717665a fix: update ProductArn with account id (#2782)
    • 41a84967 feat(helm): make cache TTL configurable (#2798)
    • 0f1f2c1b build(): Sign releaser artifacts, not only container manifests (#2789)
    • b389a6f4 chore: improve doc about azure devops (#2795)
    • 9ef9fce5 chore(deps): bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#2804)
    • 7b3225d0 chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.16.11 to 1.16.14 (#2828)
    • 37733edc chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts (#2825)
    • 44d7e8dd docs: don't push patch versions (#2824)
    • 4839075c feat: add support for conan.lock file (#2779)
    • 6b4ddaae feat: cache merged layers
    • a18f398a chore(deps): bump helm/chart-testing-action from 2.2.1 to 2.3.0 (#2805)
    • 4dcce140 chore(deps): bump actions/cache from 3.0.5 to 3.0.8 (#2806)
    • db454471 chore(deps): bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 (#2811)
    • a246d0f2 chore(deps): bump github.com/aquasecurity/table from 1.7.2 to 1.8.0 (#2810)
    • 1800017a chore(deps): bump github.com/samber/lo from 1.27.0 to 1.27.1 (#2808)
    • 218e41a4 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.22.0 to 2.23.0 (#2814)
    • a000adee feat: add support for gradle.lockfile (#2759)
    • 43113bc0 chore(mod): updates wazero to 1.0.0-pre.1 #2791
    • 5f0bf144 feat: move file patterns to a global level to be able to use it on any analyzer (#2539)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • chore(deps): bump github.com/aws/aws-sdk-go from 1.44.77 to 1.44.100

    chore(deps): bump github.com/aws/aws-sdk-go from 1.44.77 to 1.44.100

    Bumps github.com/aws/aws-sdk-go from 1.44.77 to 1.44.100.

    Release notes

    Sourced from github.com/aws/aws-sdk-go's releases.

    Release v1.44.100 (2022-09-16)

    Service Client Updates

    • service/codestar-notifications: Updates service API and documentation
    • service/ecs: Updates service documentation
      • This release supports new task definition sizes.

    Release v1.44.99 (2022-09-15)

    Service Client Updates

    • service/dynamodb: Updates service API, documentation, waiters, paginators, and examples
      • Increased DynamoDB transaction limit from 25 to 100.
    • service/ec2: Updates service API and documentation
      • This feature allows customers to create tags for vpc-endpoint-connections and vpc-endpoint-service-permissions.
    • service/sagemaker: Updates service API and documentation
      • Amazon SageMaker Automatic Model Tuning now supports specifying Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to stop underperforming hyperparameter configurations early.

    Release v1.44.98 (2022-09-14)

    Service Client Updates

    • service/amplifyuibuilder: Updates service API, documentation, and paginators
    • service/ec2: Updates service API and documentation
      • This update introduces API operations to manage and create local gateway route tables, CoIP pools, and VIF group associations.

    Release v1.44.97 (2022-09-13)

    Service Client Updates

    • service/customer-profiles: Updates service API and documentation
    • service/drs: Updates service API and documentation
    • service/ec2: Updates service API and documentation
      • Two new features for local gateway route tables: support for static routes targeting Elastic Network Interfaces and direct VPC routing.
    • service/evidently: Updates service API and documentation
    • service/kendra: Updates service API and documentation
      • This release enables our customer to choose the option of Sharepoint 2019 for the on-premise Sharepoint connector.
    • service/transfer: Updates service API and documentation
      • This release introduces the ability to have multiple server host keys for any of your Transfer Family servers that use the SFTP protocol.

    Release v1.44.96 (2022-09-12)

    Service Client Updates

    • service/eks: Updates service API and documentation

    Release v1.44.95 (2022-09-09)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • fix(report): send report to each slack channel

    fix(report): send report to each slack channel

    If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

    What did you implement:

    fix vuls report not send to each server name's channel. (when slack's channel is "${servername}" in configuration file)

    Type of change

    • [x] Bug fix (non-breaking change which fixes an issue)

    How Has This Been Tested?

    • set to slack's channel is "${servername}"
    • vuls report -to-slack

    Checklist:

    You don't have to satisfy all of the following.

    • [ ] Write tests
    • [ ] Write documentation
    • [x] Check that there aren't other open pull requests for the same issue/feature
    • [x] Format your source code by make fmt
    • [x] Pass the test by make test
    • [ ] Provide verification config / commands
    • [x] Enable "Allow edits from maintainers" for this PR
    • [x] Update the messages below

    Is this ready for review?: YES

    Reference

    opened by tomofumi0003 0
  • feat(wp): support csh, no sudo scan

    feat(wp): support csh, no sudo scan

    What did you implement:

    Support for environments where sudo cannot be used or when the shell is csh, so that users of the following rental servers can use WordPress scan. https://help.sakura.ad.jp/rs/2251/?article_anchor=js-nav-3

    Type of change

    • [x] New feature (non-breaking change which adds functionality)
    • [x] This change requires a documentation update

    How Has This Been Tested?

    Setup

    $ pwd 
    /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress
    $ vagrant up
    $ vagrant ssh-config
    Host default
      HostName 127.0.0.1
      User vagrant
      Port 2222
      UserKnownHostsFile /dev/null
      StrictHostKeyChecking no
      PasswordAuthentication no
      IdentityFile /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key
      IdentitiesOnly yes
      LogLevel FATAL
    $ ssh -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -p 2222 [email protected]
    

    When sudo can be used(ServerInfo.User's Shell is ash)

    config.toml

    [servers.wordpress]
    host                = "127.0.0.1"
    port               = "2222"
    user               = "root"
    keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
    scanMode           = ["fast"]
    scanModules = ["wordpress"]
    
    [servers.wordpress.wordpress]
    cmdPath     = "/usr/local/bin/wp"
    osUser      = "vuls"
    docRoot     = "/var/www/html"
    noSudo      = false
    

    before

    $ vuls scan --debug
    [Sep  6 13:20:42]  INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
    ...
    [Sep  6 13:20:43]  INFO [localhost] (1/1) wordpress is running on other
    [Sep  6 13:20:43]  INFO [wordpress] Scanning WordPress...
    [Sep  6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
    [Sep  6 13:20:43] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
    [Sep  6 13:20:43] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp theme list --path=/var/www/html --format=json --allow-root 2>/dev/null
    [Sep  6 13:20:45] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp theme list --path=/var/www/html --format=json --allow-root 2>/dev/null
      exitstatus: 0
      stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:20:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp plugin list --path=/var/www/html --format=json --allow-root 2>/dev/null
    [Sep  6 13:20:45] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp plugin list --path=/var/www/html --format=json --allow-root 2>/dev/null
      exitstatus: 0
      stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
      stderr: 
      err: %!s(<nil>)
    
    
    Scan Summary
    ================
    wordpress	ubuntu20.04	0 installed	6 WordPress pkgs
    

    after

    $ vuls scan --debug
    [Sep  6 13:21:43]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
    ...
    [Sep  6 13:21:45]  INFO [localhost] (1/1) wordpress is running on other
    [Sep  6 13:21:45] DEBUG [wordpress] Executing... printenv SHELL
    [Sep  6 13:21:45] DEBUG [wordpress] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
      exitstatus: 0
      stdout: /bin/bash
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:21:45]  INFO [wordpress] Scanning WordPress...
    [Sep  6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
    [Sep  6 13:21:45] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
    [Sep  6 13:21:45] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp theme list --format=json --path=/var/www/html --allow-root 2>/dev/null
    [Sep  6 13:21:46] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp theme list --format=json --path=/var/www/html --allow-root 2>/dev/null
      exitstatus: 0
      stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:21:46] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp plugin list --format=json --path=/var/www/html --allow-root 2>/dev/null
    [Sep  6 13:21:47] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp plugin list --format=json --path=/var/www/html --allow-root 2>/dev/null
      exitstatus: 0
      stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
      stderr: 
      err: %!s(<nil>)
    
    
    Scan Summary
    ================
    wordpress	ubuntu20.04	0 installed	6 WordPress pkgs
    

    When sudo cannot be used(ServerInfo.User == ServerInfo.WordPress.OSUser, ServerInfo.User's Shell is csh)

    config.toml

    [servers.wordpress]
    host                = "127.0.0.1"
    port               = "2222"
    user               = "vuls"
    keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
    scanMode           = ["fast"]
    scanModules = ["wordpress"]
    
    [servers.wordpress.wordpress]
    cmdPath     = "/usr/local/bin/wp"
    osUser      = "vuls"
    docRoot     = "/var/www/html"
    noSudo      = true
    

    before

    $ vuls scan --debug
    [Sep  6 13:23:32]  INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
    ...
    [Sep  6 13:23:32]  INFO [localhost] (1/1) wordpress is running on other
    [Sep  6 13:23:32]  INFO [wordpress] Scanning WordPress...
    [Sep  6 13:23:32] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
    [Sep  6 13:23:32] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
      exitstatus: 1
      stdout: vuls is not in the sudoers file.  This incident will be reported.
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:23:32] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
        github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
            /home/mainek00n/go/src/github.com/future-architect/vuls/scanner/scanner.go:883
      - Failed to exec `sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root`. Check the OS user, command path of wp-cli, DocRoot and permission: &config.WordPressConf{OSUser:"vuls", DocRoot:"/var/www/html", CmdPath:"/usr/local/bin/wp"}:
        github.com/future-architect/vuls/scanner.(*base).scanWordPress
            /home/mainek00n/go/src/github.com/future-architect/vuls/scanner/base.go:793]
    
    
    Scan Summary
    ================
    wordpress	Error		Use configtest subcommand or scan with --debug to view the details
    

    after

    $ vuls scan --debug
    [Sep  6 13:24:24]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
    ...
    [Sep  6 13:24:24]  INFO [localhost] (1/1) wordpress is running on other
    [Sep  6 13:24:24] DEBUG [wordpress] Executing... printenv SHELL
    [Sep  6 13:24:24] DEBUG [wordpress] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
      exitstatus: 0
      stdout: /usr/bin/csh
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:24:24]  INFO [wordpress] Scanning WordPress...
    [Sep  6 13:24:24] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html
    [Sep  6 13:24:24] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:24:24] DEBUG [localhost] Executing... ( /usr/local/bin/wp core version --path=/var/www/html > /dev/tty ) >& /dev/null
    [Sep  6 13:24:24] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp core version --path=/var/www/html > /dev/tty ) >& /dev/null
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:24:24] DEBUG [localhost] Executing... ( /usr/local/bin/wp theme list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
    [Sep  6 13:24:26] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp theme list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
      exitstatus: 0
      stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:24:26] DEBUG [localhost] Executing... ( /usr/local/bin/wp plugin list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
    [Sep  6 13:24:26] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp plugin list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
      exitstatus: 0
      stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
      stderr: 
      err: %!s(<nil>)
    
    
    Scan Summary
    ================
    wordpress	ubuntu20.04	0 installed	6 WordPress pkgs
    

    after(ServerInfo.User's Shell is bash)

    config.toml

    [servers.wordpress]
    host                = "127.0.0.1"
    port               = "2222"
    user               = "vagrant"
    keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
    scanMode           = ["fast"]
    scanModules = ["wordpress"]
    
    [servers.wordpress.wordpress]
    cmdPath     = "/usr/local/bin/wp"
    osUser      = "vagrant"
    docRoot     = "/var/www/html"
    noSudo      = true
    
    $ vuls scan --debug
    [Sep  6 13:27:53]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
    ...
    [Sep  6 13:27:56]  INFO [localhost] (1/1) wordpress is running on other
    [Sep  6 13:27:56] DEBUG [wordpress] Executing... printenv SHELL
    [Sep  6 13:27:56] DEBUG [wordpress] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
      exitstatus: 0
      stdout: /bin/bash
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:27:56]  INFO [wordpress] Scanning WordPress...
    [Sep  6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html
    [Sep  6 13:27:56] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html 2>/dev/null
    [Sep  6 13:27:56] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html 2>/dev/null
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp theme list --format=json --path=/var/www/html 2>/dev/null
    [Sep  6 13:27:58] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp theme list --format=json --path=/var/www/html 2>/dev/null
      exitstatus: 0
      stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:27:58] DEBUG [localhost] Executing... /usr/local/bin/wp plugin list --format=json --path=/var/www/html 2>/dev/null
    [Sep  6 13:27:58] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp plugin list --format=json --path=/var/www/html 2>/dev/null
      exitstatus: 0
      stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
      stderr: 
      err: %!s(<nil>)
    
    
    Scan Summary
    ================
    wordpress	ubuntu20.04	0 installed	6 WordPress pkgs
    

    When sudo cannot be used(ServerInfo.User != ServerInfo.WordPress.OSUser, ServerInfo.User's Shell is bash)

    setup only for this case

    $ ssh -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -p 2222 [email protected] apt-get purge -y sudo
    

    config.toml

    [servers.wordpress]
    host                = "127.0.0.1"
    port               = "2222"
    user               = "root"
    keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
    scanMode           = ["fast"]
    scanModules = ["wordpress"]
    
    [servers.wordpress.wordpress]
    cmdPath     = "/usr/local/bin/wp"
    osUser      = "vagrant"
    docRoot     = "/var/www/html"
    noSudo      = true
    

    before

    $ vuls scan --debug
    [Sep  6 13:35:08]  INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
    ...
    [Sep  6 13:35:10]  INFO [localhost] (1/1) wordpress is running on other
    [Sep  6 13:35:10]  INFO [wordpress] Scanning WordPress...
    [Sep  6 13:35:10] DEBUG [localhost] Executing... sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
    [Sep  6 13:35:10] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
      exitstatus: 127
      stdout: bash: sudo: command not found
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:35:10] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
        github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
            /home/mainek00n/go/src/github.com/future-architect/vuls/scanner/scanner.go:883
      - Failed to exec `sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root`. Check the OS user, command path of wp-cli, DocRoot and permission: &config.WordPressConf{OSUser:"vagrant", DocRoot:"/var/www/html", CmdPath:"/usr/local/bin/wp"}:
        github.com/future-architect/vuls/scanner.(*base).scanWordPress
            /home/mainek00n/go/src/github.com/future-architect/vuls/scanner/base.go:793]
    
    
    Scan Summary
    ================
    wordpress	Error		Use configtest subcommand or scan with --debug to view the details
    

    after

    $ vuls scan --debug
    [Sep  6 13:37:33]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
    ...
    [Sep  6 13:37:35]  INFO [localhost] (1/1) wordpress is running on other
    [Sep  6 13:37:35] DEBUG [wordpress] Executing... printenv SHELL
    [Sep  6 13:37:35] DEBUG [wordpress] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
      exitstatus: 0
      stdout: /bin/bash
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:37:35]  INFO [wordpress] Scanning WordPress...
    [Sep  6 13:37:35] DEBUG [wordpress] Executing... timeout 2 su vagrant -c exit
    [Sep  6 13:37:35] DEBUG [wordpress] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; timeout 2 su vagrant -c exit
      exitstatus: 0
      stdout: 
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html'
    [Sep  6 13:37:35] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html'
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html' 2>/dev/null
    [Sep  6 13:37:35] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html' 2>/dev/null
      exitstatus: 0
      stdout: 6.0.2
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp theme list --format=json --path=/var/www/html' 2>/dev/null
    [Sep  6 13:37:37] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp theme list --format=json --path=/var/www/html' 2>/dev/null
      exitstatus: 0
      stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:37:37] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp plugin list --format=json --path=/var/www/html' 2>/dev/null
    [Sep  6 13:37:37] DEBUG [localhost] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp plugin list --format=json --path=/var/www/html' 2>/dev/null
      exitstatus: 0
      stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
      stderr: 
      err: %!s(<nil>)
    
    
    Scan Summary
    ================
    wordpress	ubuntu20.04	0 installed	6 WordPress pkgs
    

    after(If the Switch User requires a Password)

    config.toml

    [servers.wordpress]
    host                = "127.0.0.1"
    port               = "2222"
    user               = "vagrant"
    keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
    scanMode           = ["fast"]
    scanModules = ["wordpress"]
    
    [servers.wordpress.wordpress]
    cmdPath     = "/usr/local/bin/wp"
    osUser      = "vuls"
    docRoot     = "/var/www/html"
    noSudo      = true
    
    $ vuls scan --debug
    [Sep  6 13:38:55]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
    ...
    [Sep  6 13:38:57]  INFO [localhost] (1/1) wordpress is running on other
    [Sep  6 13:38:57] DEBUG [wordpress] Executing... printenv SHELL
    [Sep  6 13:38:57] DEBUG [wordpress] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
      exitstatus: 0
      stdout: /bin/bash
    
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:38:57]  INFO [wordpress] Scanning WordPress...
    [Sep  6 13:38:57] DEBUG [wordpress] Executing... timeout 2 su vuls -c exit
    [Sep  6 13:38:59] DEBUG [wordpress] execResult: servername: wordpress
      cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; timeout 2 su vuls -c exit
      exitstatus: 124
      stdout: 
      stderr: 
      err: %!s(<nil>)
    [Sep  6 13:38:59] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
        github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
            /home/mainek00n/github/github.com/MaineK00n/vuls/scanner/scanner.go:883
      - Failed to switch user without password. err: please configure to switch users without password:
        github.com/future-architect/vuls/scanner.(*base).scanWordPress
            /home/mainek00n/github/github.com/MaineK00n/vuls/scanner/base.go:829]
    
    
    Scan Summary
    ================
    wordpress	Error		Use configtest subcommand or scan with --debug to view the details
    

    Checklist:

    You don't have to satisfy all of the following.

    • [ ] Write tests
    • [x] Write documentation
    • [x] Check that there aren't other open pull requests for the same issue/feature
    • [x] Format your source code by make fmt
    • [x] Pass the test by make test
    • [x] Provide verification config / commands
    • [x] Enable "Allow edits from maintainers" for this PR
    • [x] Update the messages below

    Is this ready for review?: YES

    Reference

    • https://github.com/vulsdoc/vuls/pull/214
    opened by kurita0 9
  • chore(deps): update go-exploitdb

    chore(deps): update go-exploitdb

    What did you implement:

    awesomepoc has been removed from go-exploitdb.

    If there is awesomepoc data in the DB, it will be displayed.

    Type of change

    • [x] This change requires a documentation update

    How Has This Been Tested?

    Checklist:

    You don't have to satisfy all of the following.

    • [ ] Write tests
    • [x] Write documentation
    • [x] Check that there aren't other open pull requests for the same issue/feature
    • [x] Format your source code by make fmt
    • [x] Pass the test by make test
    • [ ] Provide verification config / commands
    • [x] Enable "Allow edits from maintainers" for this PR
    • [ ] Update the messages below

    Is this ready for review?: NO

    Reference

    • https://github.com/vulsio/go-exploitdb/pull/101
    • https://github.com/vulsio/vulsctl/pull/65
    opened by MaineK00n 0
  • Potentially bad TLS connection settings

    Potentially bad TLS connection settings

    reporter/email.go

    image

    Insecure TLS connection settings configuration. Refer to the occurrence to determine the specific misconfiguration Our systems detect the following configurations:

    • InsecureSkipVerify set to true in TLS config -- https://golang.org/pkg/crypto/tls/#Config
    • MinVersion or MaxVersion too low.
    • Bad cipher suite used.

    Before making changes, consult this compatibility document: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

    Discussion 
    opened by raheel0x01 1
Releases(v0.20.3)
Owner
Future Corp
Future's official open source repositories
Future Corp
A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems. Easily install the

null 0 Dec 24, 2021
GONET-Scanner - Golang network scanner with arp discovery and own parser

GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U

Luis Javier 60 Sep 24, 2022
Super Java Vulnerability Scanner

XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点

4ra1n 116 Dec 30, 2021
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

null 0 Dec 13, 2021
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Frank Hübner 12 Sep 17, 2022
log4jshell vulnerability scanner for bug bounty

log4shell-looker a log4jshell vulnerability scanner for bug bounty (Written in G

Ravro 19 Sep 1, 2022
Yet another log4j vulnerability scanner

k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav

Athanasios Kostopoulos 3 Dec 19, 2021
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a

chenk 22 Aug 28, 2022
Gbu-scanner - Go Blog Updates (Scanner service)

Go Blog Updates - Scanner This service scans go blog (go.dev) and publishes new posts to message broker (rabbitmq). It uses mongodb as a storage for a

null 1 Jan 10, 2022
null 1k Sep 22, 2022
Network scanner for Netbox IPAM with VRF support

Installation git clone https://github.com/axxyhtrx/netbox-rollcall.git cd netbox-rollcall Pre-requirements Create config.yaml file in a root of the pr

Anatoly Kolpakov 5 Sep 21, 2022
androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.

androidqf androidqf (Android Quick Forensics) is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the

Nex 139 Sep 13, 2022
A CLI tool that can be used to disrupt wireless connectivity in your area by jamming all the wireless devices connected to multiple access points.

sig-716i A CLI tool written in Go that can be used to disrupt wireless connectivity in the area accessible to your wireless interface. This tool scans

Narasimha Prasanna HN 74 Sep 13, 2022
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

dw1 140 Aug 28, 2022
A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

dw1 814 Sep 24, 2022
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •

ProjectDiscovery 10k Sep 28, 2022
The Go Vulnerability Database

The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the

Go 438 Sep 21, 2022
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

GuidePoint Security, LLC 2 Apr 13, 2022
🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators

TrojanSourceFinder TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an atta

Ariary 44 Sep 28, 2022