How to Use Vuls as a Vulnerability Scanner on Ubuntu 22.04

How to Use Vuls as a Vulnerability Scanner on Ubuntu 22.04

Want to learn how to use Vuls as a vulnerability scanner on Ubuntu 22.04 and other versions? This tutorial will show you how to set up this tool and do your first scan.

Vuls is a free, open-source, and agent-less vulnerability scanner for Linux and FreeBSD systems. It allows high-quality scans based on information from vulnerability databases like NVD, JVN, OVAL, etc. Vuls supports remote and local scans, which we will learn more about later.

Prerequisites

Before we go into the detailed steps, let’s have a look at the requirements for installing Vuls on Ubuntu.

  • Root access(or sudo)
  • Ubuntu 22.04 running on a server
  • Go programming language and necessary packages installed

How to Use Vuls as a Vulnerability Scanner on Ubuntu 22.04

Once you have all the prerequisites in place, it’s time to move to the necessary steps to install and use Vuls. But since this is a beginner tutorial, we will cover the steps of installing Go and other packages you will need to set up Vuls.

Update Your System

Since we will be installing new things on the device, you should update it. Use the following commands:

$ sudo apt-get update
$ sudo apt-get upgrade

Install necessary tools and packages

To install the dependencies, you need some tools and packages on your system. You can install all of them with this command:

$ sudo apt install sqlite git debian-goodies gcc make wget

Output:

Installing packages on Ubuntu

As you can see from the screenshot above, some of the tools were already installed in your case. It should be the same for you. If not, then the command will automatically install them. We will be using sqlite as a database for storing information.

Install Go

Now install Go on your Ubuntu machine with this command:

$ sudo snap install go --classic

Output:

Installing go on Ubuntu

To code in Go, you must set up some environment variables. First, open /etc/profile in nano. Use this command:

$ sudo nano /etc/profile

Now append these two lines at the end of the file:

$ export GOPATH=$HOME/go
$ export PATH=$PATH:$GOPATH/bin:/snap/bin
Go environment variables

Save the file with “Ctrl + O” and exit using “Ctrl + X”. After that, reload the environment variables with this command:

$ source /etc/profile

Install and Run go-cve-dictionary

We will use this tool to build a local copy of the National Vulnerabilities Database(NVD) and JVN. This will help you fetch security vulnerability information by querying from the database.

Create a directory so that you can clone the tool repository. Use this command:

$ sudo mkdir -p $GOPATH/src/github.com/vulsio

Next, go to this new directory with this command:

$ cd $GOPATH/src/github.com/vulsio

Clone the repo in this directory. Run the following command:

$ sudo git clone https://github.com/vulsio/go-cve-dictionary.git

Output:

installing go-cve-dictionary

Go into the package directory with this command:

$ cd go-cve-dictionary

Install the tool by running this command:

$ sudo make install

Output:

installing go-cve-dictionary

We want it to be accessible on the whole system. So copy it to /usr/local/bin. Run this command:

$ sudo cp $GOPATH/bin/go-cve-dictionary /usr/local/bin

When the installation finishes, create a directory to store the log output using this command:

$ sudo mkdir /var/log/vuls

Now create a workspace where you will do all the scanning stuff. Create it with this command:

$ sudo mkdir /usr/share/vuls-ws

We will fetch all the vulnerability info from this directory. For that, we’re going to use this command:

$ go-cve-dictionary fetch nvd --dbpath /usr/share/vuls-ws/cve.sqlite3

Install and Run goval-dictionary

This Go package creates a local copy of Open Vulnerability and Assessment Language (OVAL). It works just like go-cve-dictionary. Let’s now install it.

We will first clone the repo to where we cloned the previous package. So go to the correct directory using this command:

$ cd $GOPATH/src/github.com/vulsio

Now clone the repo. Run this command:

$ sudo git clone https://github.com/vulsio/goval-dictionary.git

Output:

installing goval-dictionary

Move forward into the package directory by running this command:

$ cd goval-dictionary

Use the following command to compile and install the tool:

$ sudo make install

Output:

installing goval-dictionary

Again, we will make it available throughout the system. Copy it to /usr/local/bin with the following command:

$ sudo cp $GOPATH/bin/goval-dictionary /usr/local/bin

Finally, issue this command to fetch OVAL data:

$ sudo goval-dictionary fetch ubuntu --dbpath=/usr/share/vuls-ws/oval.sqlite3 22

Install and Configure gost

We will use this Go package to create a local copy of the Security Tracker (Red Hat/Debian).

This is installed and configured in the same way we did the previous two. Run the below commands one by one:

$ cd $GOPATH/src/github.com/vulsio
$ sudo git clone https://github.com/vulsio/gost.git

$ cd gost

$ make install

$ sudo cp $GOPATH/bin/gost /usr/local/bin

$ sudo mkdir /var/log/gost

Now to fetch data, use this command:

$ gost fetch ubuntu --dbpath=/usr/share/vuls-ws/gost.sqlite3

Install and Configure Vuls

Now that you have all the requirements set up, it’s time to start installing Vuls in your system. Make a new directory and then clone the Vuls repo in it. Run the below commands:

$ sudo mkdir -p $GOPATH/src/github.com/future-architect
$ cd $GOPATH/src/github.com/future-architect
$ sudo git clone https://github.com/future-architect/vuls.git

Output:

installing vuls

After that, go into the /vuls directory and compile and install it with these commands:

$ cd vuls
$ sudo make install

Output:

Installing vuls

Make it available in the whole system by copying it to /usr/local/bin by running this command:

$ sudo cp $GOPATH/bin/vuls /usr/local/bin

The next step is to create a configuration file for Vuls. Go back to the workspace directory using this command:

$ cd /usr/share/vuls-ws

Create and open the file in nano using this command:

$ sudo nano config.toml

Enter the below configuration:

[cveDict]

type = "sqlite3"

SQLite3Path = "/usr/share/vuls-ws/cve.sqlite3"

[ovalDict]

type = "sqlite3"

SQLite3Path = "/usr/share/vuls-ws/oval.sqlite3"

[gost]

type = "sqlite3"

SQLite3Path = "/usr/share/vuls-ws/gost.sqlite3"

[servers]

[servers.localhost]

host = "localhost"

port = "local"

scanMode = [ "fast" ]

#scanMode = ["fast", "fast-root", "deep", "offline"]
Vuls config.toml

Save the file and exit.

To test the config file, you can try this command:

$ sudo vuls configtest

Output:

Vuls configtest

Use Vuls to Scan Your Ubuntu System

Vuls have a lot of scanning modes such as Remote scan, Local scan, One-liner scan, Fast scan, and CPE scan. You can refer to the Vuls docs to learn more about each.

A Local Scan mode allows you to scanf a target machine without connecting via SSH. To run a local scan, simply issue the below command:

$ sudo vuls scan

Output:

Vuls as a vulnerability scanner on Ubuntu

You can generate a summary or the full report. But a convenient way to check the scan report is to use their Terminal-Based User Interface(TUI). For that, use this command:

$ vuls tui

Final Thoughts

This tutorial teaches you how to install, configure, and run vulnerability scans with Vuls on Ubuntu 22.04. If you’d like to take it to the next level, you can configure it to target multiple targets, automatic scanning, and reporting via social media.

We tried to cover everything in depth so that you can set it up easily on your device. If you’re facing any errors following this tutorial, let us know in the comments.

If this guide helped you, please share it.

Related Posts