Inspired by https://github.com/FuCrowRabbit/VulsInDockerCompose
Vuls in Docker-Compose
See main docs: https://vuls.io/docs/en/tutorial-docker.html
Step1. Fetch NVD
for i in `seq 2002 $(date +"%Y")`; do \
docker-compose run --rm go-cve-dictionary fetchnvd -years $i; \
done
To fetch JVN(Japanese), See README
Step2. Fetch OVAL (e.g. Ubuntu 20)
docker-compose run --rm goval-dictionary fetch ubuntu 20
To fetch other OVAL, See README
Step3. Fetch gost (e.g. Ubuntu)
docker-compose run --rm gost fetch ubuntu
To fetch Debian security tracker, See Gost README
Step3.5. Fetch go-exploitdb
docker-compose run go-exploitdb fetch exploitdb
To fetch deep go-exploitdb, See this
Step3.6. Fetch go-msfdb
docker-compose run --rm go-msfdb fetch msfdb
Step4. Write Configuration
Create config.toml referring to this.
[cveDict]
type = "sqlite3"
SQLite3Path = "/vuls/cve.sqlite3"
[ovalDict]
type = "sqlite3"
SQLite3Path = "/vuls/oval.sqlite3"
[gost]
type = "sqlite3"
SQLite3Path = "/vuls/gost.sqlite3"
[exploit]
type = "sqlite3"
SQLite3Path = "/vuls/go-exploitdb.sqlite3"
[metasploit]
type = "sqlite3"
SQLite3Path = "/vuls/go-msfdb.sqlite3"
[servers]
[servers.example]
host = "example_host"
user = "example_user"
# if ssh config file exists in .ssh, path to ssh config file in docker
sshConfigPath = "/root/.ssh/config"
# path to ssh private key in docker
keyPath = "/root/.ssh/id_rsa.key"
Configtest
docker-compose run --rm vuls configtest -config=./config.toml
Scan
docker-compose run --rm -e "TZ=Asia/Tokyo" vuls scan -config=./config.toml
Report
docker-compose run --rm vuls report -config=./config.toml -format-list