Vuls: Open-source agentless vulnerability scanner

It was created to solve the daily problems admins face when trying to keep servers secure.

Many administrators choose not to use automatic software updates because they want to avoid downtime in production. Instead, they update systems manually. This creates challenges. Admins must watch databases like the National Vulnerability Database (NVD) for new threats. When there are many packages installed, tracking all of them becomes almost impossible. Analyzing which servers are affected takes time and costs money. It’s also easy to miss something by accident.

Vuls makes this easier. It automatically checks for vulnerabilities linked to your system and tells you which servers are at risk. It runs regular scans and creates reports using CRON or other scheduling tools. This way, admins can manage vulnerabilities without having to monitor everything by hand.

Main features

Vuls offers different ways to scan systems depending on your needs. Here’s how it works:

Fast Scan

• Scans without needing root access and no extra software.
• Puts almost no load on the server it scans.
• Can run offline without internet access on Red Hat, Fedora, CentOS, AlmaLinux, Rocky Linux, Oracle Linux, Ubuntu, and Debian systems.

Fast Root Scan

• Scans with root access for deeper checking.
• Still very light on the target server’s resources.
• Detects running processes that need updates using tools like yum-ps (for Red Hat-based systems) and checkrestart (for Debian and Ubuntu).
• Also works offline without internet access for major Linux distributions.

Deep Scan

• Works the same as Fast Root Scan for now, offering detailed scanning with minimal impact.

Scan Modes

• Remote Scan Mode: Set up Vuls on one machine and scan other servers remotely over SSH.
• Local Scan Mode: Run Vuls directly on each server if you don’t want to use SSH connections.
• Server Mode: No SSH needed. Start Vuls in server mode as an HTTP server. Collect software information on each target server and send it to Vuls over HTTP. Scan results come back in JSON format.

Dynamic Analysis

• Vuls can connect to servers via SSH and check the real-time state.
• It warns about processes that were updated but have not restarted yet.
• It can detect processes that could be affected by updates before they cause problems.

Middleware and Library Scanning

• Vuls can also scan middleware and libraries that are not installed through the OS package manager.
• It looks for vulnerabilities in software, frameworks, and libraries based on CPE (Common Platform Enumeration) records.

Support and download

Vuls is a versatile, agentless vulnerability scanner designed to support a broad spectrum of operating systems and deployment environments. It offers compatibility with numerous Linux distributions, including Alpine (3.3 and later), Ubuntu (14.04 through 24.04), Debian (8 through 12), Red Hat Enterprise Linux (RHEL 5 through 9), Fedora (32 through 39), Oracle Linux (5 through 7), CentOS (6 through 8, including Stream 8 and 9), AlmaLinux (8 and 9), Rocky Linux (8 and 9), Amazon Linux (all versions), openSUSE (Tumbleweed), openSUSE Leap (15.2 and 15.3), SUSE Linux Enterprise (11 through 15), and Raspbian (Jessie, Stretch, Buster).

Beyond Linux, Vuls extends its support to FreeBSD (versions 10 and 11), Windows (both client and server editions), and macOS (including macOS X, macOS X Server, and macOS Server). This extensive OS compatibility ensures that Vuls can be utilized across diverse system architectures, whether in cloud-based environments, on-premises infrastructures, or within Docker containers.

Vuls is available for free on GitHub.

Credits: HelpNetSecurity.com