Vuls is an agentless, free, and open-source vulnerability scanner that can be run anywhere. You can run Vuls on Cloud, on-premise, and Docker, and supports major distributions. Vuls supports multiple vulnerability databases such as NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA.
With Vuls, you can scan multiple operating systems using multiple methods. You can scan the locals of your host, and you can scan remote hosts/servers via SSH. It also provides multiple scanning methods, a fast scan that does not require root privileges and a deep scan that requires root privileges. Vuls can scan multiple target servers at once. When the scan is finished, you can send the result via Email and Slack.
In this guide, we'll show you how to install Vuls Vulnerability Scanner on Ubuntu 24.04 server. You'll be installing Vuls, generating CVE databases, and scanning Ubuntu/Debian via local and remote scans.
Prerequisites
To start with this guide, make sure you have the following:
- An Ubuntu 24.04 server
- A non-root user with root privileges
- Additional Ubuntu/Debian machine for remote scan via Vuls
Installing dependencies
Before installing Vuls, you must ensure Golang is installed on your system. As for now, the latest version of Vuls requires the latest Golang, so you need to install Golang manually by downloading the binary package.
First, run the command below to update your Ubuntu package index and install dependencies such as 'sqlite3', 'git', 'make', and 'gcc'.
sudo apt update
sudo apt install sqlite3 git debian-goodies gcc make wget -y
After dependencies are installed, you need to install Golang on your system. In this example, you'll be the latest version of Golang through manual binary installation.
Select your Golang version with the following. So for example Golang 1.23.2:
export latest_version=1.23.2
Run the 'wget' command below to download Golang and extract it to the '/usr/local' directory with the 'tar' command.
wget https://dl.google.com/go/go$latest_version.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go$latest_version.linux-amd64.tar.gz
Once Golang is installed, log in to your user and create a new 'go' directory within the home directory.
su - arvd
mkdir $HOME/go
Next, create a new env file '/etc/profile.d/go-env.sh' with the 'nano' editor.
sudo nano /etc/profile.d/go-env.sh
Paste the following configuration to set up PATH for Golang.
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
Save and exit the file when done.
Now make the '/etc/profile.d/go-env.sh' executable and load it to your current session with the 'source' command.
sudo chmod +x /etc/profile.d/go-env.sh
source /etc/profile.d/go-env.sh
Lastly, check the binary file for 'go' and check its version with the following:
which go
go version
As you can see below, Golang '1.23.2' is installed in the '/usr/local/go/bin/go'.
Installing Vuls and Vuls dictionaries
After Golang is installed, you'll be compiling and installing Vuls and its components for building CVE databases in sqlite3 format. Below are some Vuls components that you'll be installing:
- 'go-cve-dictionary' is used for building the NVD (National Vulnerabilities Database)
- 'goval-dictionary' for building the OVAL database which contains CVE for most Linux distributions such as Debian, Ubuntu, and RedHat
- 'go-exploitdb' for searching exploit from exploitdb databases
- 'go-msfdb' for searching CVEs within the Metasploit databases
- 'go-kev' for building a local copy of KEV (Known Exploited Vulnerabilities) which provided by CISA
- 'go-cti' that will be used for building CVE database from CTI (Cyber Threat Intelligence)
First, run the command below to create new log directories and change the ownership to your user such as 'arvd'.
sudo mkdir /var/log/{vuls,go-exploitdb,go-msfdb,go-kev,go-cti}
sudo chown arvd /var/log/{vuls,go-exploitdb,go-msfdb,go-kev,go-cti}
sudo chmod 700 /var/log/{vuls,go-exploitdb,go-msfdb,go-kev,go-cti}
Create a new directory '$GOPATH/src/github.com/vulsio' with the following:
mkdir -p $GOPATH/src/github.com/vulsio
Move to the '$GOPATH/src/github.com/vulsio' directory, download the source code of the 'go-cve-dictionary' tool via 'git', and then compile and install it.
cd $GOPATH/src/github.com/vulsio
git clone https://github.com/vulsio/go-cve-dictionary.git
cd go-cve-dictionary; make install
Now run the command below to download, compile, and install the 'goval-dictionary' tool.
cd $GOPATH/src/github.com/vulsio
git clone https://github.com/vulsio/goval-dictionary.git
cd goval-dictionary; make install
After 'goval-dictionary' is installed, move to the next tool for installing the 'go-exploitdb' tool.
cd $GOPATH/src/github.com/vulsio
git clone https://github.com/vulsio/go-exploitdb.git
cd go-exploitdb; make install
ln -s $GOPATH/src/github.com/vulsio/go-exploitdb/go-exploitdb.sqlite3 $HOME/go-exploitdb.sqlite3
Next, run the command below to install and compile the 'go-msfdb' tool.
cd $GOPATH/src/github.com/vulsio
git clone https://github.com/vulsio/go-msfdb.git
cd go-msfdb; make install
After that, install the 'go-kev' tool for building CVE databases for KEV (Known Exploited Vulnerabilities) by CIS by CISA.
cd $GOPATH/src/github.com/vulsio
git clone https://github.com/vulsio/go-kev.git
cd go-kev; make install
ln -s $GOPATH/src/github.com/vulsio/go-kev/go-kev.sqlite3 $HOME/go-kev.sqlite3
And then install the 'go-cti' tool that will be used for building CVEs from CTI (Cyber Threat Intelligence).
cd $GOPATH/src/github.com/vulsio
git clone https://github.com/vulsio/go-cti.git
cd go-cti; make install
ln -s $GOPATH/src/github.com/vulsio/go-cti/go-cti.sqlite3 $HOME/go-cti.sqlite3
Next, run the command below to download, compile, and install 'vuls' to your Ubuntu machine.
mkdir -p $GOPATH/src/github.com/future-architect
cd $GOPATH/src/github.com/future-architect
git clone https://github.com/future-architect/vuls.git
cd vuls; make install
When everything is installed, the binary file for each tool will be available in the '$GOPATH/bin' directory. Run the command below to check that directory.
ls $GOPATH/bin/
You can see below binary file for 'vuls', 'go-cve-dictionary', 'goval-dictionary', 'go-exploitdb', 'go-msfdb', 'go-kev' and 'go-cti'.
Lastly, you can also check the 'vuls' command below. This will show you the help message for 'vuls'.
vuls help
Downloading CVEs (Common Vulnerabilities and Exposure) databases
In this example, you'll be downloading CVE databases for:
- NVD (National Vulnerabilities Database) via 'go-cve-dictionary'
- OVAL (Open Vulnerability and Assessment Language) for Ubuntu 24.04 via 'goval-dictionary'
- ExploitDB databases via 'go-exploitdb'
- Metasploit databases via 'go-msfdb'
- KEV (Known Exploited Vulnerabilities) catalog by CISA via 'go-kev'
- MITRE ATT&CK and CAPEC databases via 'go-cti'
Go to your home directory with the following:
cd $HOME
Now run the command below to download and build CVE (Common Vulnerabilities and Exposures) databases.
go-cve-dictionary fetch nvd
goval-dictionary fetch ubuntu 24.04
go-exploitdb fetch exploitdb
go-msfdb fetch msfdb
go-kev fetch kevuln
go-cti fetch threat
After the process is complete, your CVE databases will be available in your home directory with the format '.sqlite3'. Verify the list of databases with the following:
ls -ah *.sqlite3
Scanning local machine with Vuls
Now that you've installed Vuls and its components including CVEs databases. In this section, you'll scan your local Ubuntu machine with Vuls.
Within your home directory, create a new file 'config.toml' with the 'nano' editor.
nano config.toml
Insert the configuration below to set up scanning for localhost with the mode 'fast.
[servers]
[servers.localhost]
host = "localhost"
port = "local"
scanMode = [ "fast" ]
#scanMode = ["fast", "fast-root", "deep", "offline"]
Save the file and exit the editor.
Now run the 'vuls' command below to verify the 'config.toml' file.
vuls configtest
If you've proper configuration, you'll see an output like the following:
Next, scan localhost with the 'vuls scan' command below.
sudo vuls scan
You can see below the scan process is complete.
To get details of the scanning report, use the 'vuls tui' command below. This will show you the terminal user interface of the Vuls report.
sudo vuls tui
You can press 'CTRL+c' to exit from the Vuls TUI.
Scanning remote server with Vuls
In this section, you'll learn how to set up a remote scan with Vuls. So you'll be scanning the remote system through SSH with Vuls. In this example, you'll scan the target server Debian 12 with the IP address '192.168.10.10' and the user is 'alice'.
First, run the command below to download the OVAL database for Debian 12.
goval-dictionary fetch debian 12
Now generate SSH public and private keys, and then upload it to the target server with the 'ssh-copy-id' command.
ssh-keygen -t ed25519
ssh-copy-id alice@192.168.10.10
Connect to the target server '192.168.10.10', and then update the package index and install dependencies such as 'debian-goodies' and 'reboot-notifier'.
ssh alice@192.168.10.10
sudo apt update && sudo apt install debian-goodies reboot-notifier -y
Type 'exit' to log out from the target server.
Next, open the Vuls configuration 'config.toml' using the 'nano' editor.
nano ~/config.toml
Insert the configuration below to add the target server details. In this case, the new target server will be named 'debian12' with the IP address '192.168.10.10' and the authentication via SSH key.
[servers.debian12]
host = "192.168.10.10"
port = "22"
user = "alice"
keyPath = "~/.ssh/id_ed25519"
scanMode = [ "fast-root" ] # "fast", "fast-root" or "deep"
Save the file and exit the editor.
Now run the 'vuls' command below to verify your configuration. Make sure you have the correct and proper configuration.
vuls configtest
After that, scan the remote 'debian12' server with the command below.
vuls scan debian12
You can see below the remote scan via Vuls is complete.
Conclusion
Congratulations! You've completed the installation of the Vuls Vulnerability Scanner on the Ubuntu 24.04 server. You've also learned how to generate CVE databases with Vuls, scanning local and remote servers with Vuls. From here, you can now integrate Vuls with another scanner such as NMAP for port scanning, or you can also install Vulsrepo for the graphical and web-based interface.