Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Stage:v0.5.0
Branches Tags
Stage:master Stage:MaineK00n/trivy-to-vuls-cvssv4.0 Stage:MaineK00n/al2023-kernel-livepatch Stage:nightly Stage:collect-selfbulid-jar Stage:detect-pkg-deps
Stage:v0.26.0 Stage:v0.26.0-rc2 Stage:v0.26.0-alpha3 Stage:v0.25.4 Stage:v0.25.3 Stage:v0.25.2 Stage:v0.25.1 Stage:v0.25.1-beta2 Stage:v0.25.1-beta1 Stage:v0.25.0 Stage:v0.24.9 Stage:v0.24.8 Stage:v0.24.7 Stage:v0.24.6 Stage:v0.24.5 Stage:v0.24.4 Stage:v0.24.3 Stage:v0.24.2 Stage:v0.24.1 Stage:v0.24.0 Stage:v0.23.4 Stage:v0.23.3 Stage:v0.23.2 Stage:v0.23.1 Stage:v0.23.0 Stage:v0.22.2 Stage:v0.22.1 Stage:v0.23.0-beta Stage:v0.22.0 Stage:v0.21.1 Stage:v0.21.0 Stage:v0.20.5 Stage:v0.20.4 Stage:v0.20.3 Stage:v0.20.2 Stage:v0.20.1 Stage:v0.20.0 Stage:v0.19.8 Stage:v0.19.7 Stage:v0.19.6 Stage:v0.19.5 Stage:v0.19.4 Stage:v0.19.3 Stage:v0.19.2 Stage:v0.19.1 Stage:v0.19.0 Stage:v0.18.1 Stage:v0.18.0 Stage:v0.17.1 Stage:v0.17.0 Stage:v0.16.0 Stage:v0.15.14 Stage:v0.15.13 Stage:v0.15.12 Stage:v0.15.11 Stage:v0.15.10 Stage:v0.15.9 Stage:v0.15.8 Stage:v0.15.7 Stage:v0.15.6 Stage:v0.15.5 Stage:v0.15.4 Stage:v0.15.3 Stage:v0.15.2 Stage:v0.15.1 Stage:v0.15.0 Stage:v0.14.1 Stage:v0.14.0 Stage:v0.13.9 Stage:v0.13.8 Stage:v0.13.7 Stage:v0.13.6 Stage:v0.13.5 Stage:v0.13.4 Stage:v0.13.3 Stage:v0.13.2 Stage:v0.13.1 Stage:v0.13.0 Stage:v0.12.3 Stage:v0.12.2 Stage:v0.12.1 Stage:v0.12.0 Stage:v0.11.3 Stage:v0.11.2 Stage:v0.11.1 Stage:v0.11.0 Stage:v0.10.0 Stage:v0.9.8 Stage:v0.9.7 Stage:v0.9.6 Stage:v0.9.5 Stage:v0.9.4 Stage:v0.9.3 Stage:v0.9.2 Stage:v0.9.1 Stage:v0.9.0 Stage:v0.8.5 Stage:v0.8.4 Stage:v0.8.3 Stage:v0.8.2 Stage:v0.8.1 Stage:v0.8.0 Stage:v0.7.0 Stage:v0.6.3 Stage:v0.6.2 Stage:v0.6.1 Stage:v0.6.0 Stage:v0.5.0 Stage:v0.4.2 Stage:v0.4.1 Stage:v0.4.0 Stage:v0.3.0 Stage:v0.2.0 Stage:v0.1.7 Stage:v0.1.6 Stage:v0.1.5 Stage:v0.1.4 Stage:v0.1.3 Stage:v0.1.2 Stage:v0.1.1 Stage:v0.1.0
..
compare: Stage:v0.6.2
Branches Tags
Stage:master Stage:MaineK00n/trivy-to-vuls-cvssv4.0 Stage:MaineK00n/al2023-kernel-livepatch Stage:nightly Stage:collect-selfbulid-jar Stage:detect-pkg-deps
Stage:v0.26.0 Stage:v0.26.0-rc2 Stage:v0.26.0-alpha3 Stage:v0.25.4 Stage:v0.25.3 Stage:v0.25.2 Stage:v0.25.1 Stage:v0.25.1-beta2 Stage:v0.25.1-beta1 Stage:v0.25.0 Stage:v0.24.9 Stage:v0.24.8 Stage:v0.24.7 Stage:v0.24.6 Stage:v0.24.5 Stage:v0.24.4 Stage:v0.24.3 Stage:v0.24.2 Stage:v0.24.1 Stage:v0.24.0 Stage:v0.23.4 Stage:v0.23.3 Stage:v0.23.2 Stage:v0.23.1 Stage:v0.23.0 Stage:v0.22.2 Stage:v0.22.1 Stage:v0.23.0-beta Stage:v0.22.0 Stage:v0.21.1 Stage:v0.21.0 Stage:v0.20.5 Stage:v0.20.4 Stage:v0.20.3 Stage:v0.20.2 Stage:v0.20.1 Stage:v0.20.0 Stage:v0.19.8 Stage:v0.19.7 Stage:v0.19.6 Stage:v0.19.5 Stage:v0.19.4 Stage:v0.19.3 Stage:v0.19.2 Stage:v0.19.1 Stage:v0.19.0 Stage:v0.18.1 Stage:v0.18.0 Stage:v0.17.1 Stage:v0.17.0 Stage:v0.16.0 Stage:v0.15.14 Stage:v0.15.13 Stage:v0.15.12 Stage:v0.15.11 Stage:v0.15.10 Stage:v0.15.9 Stage:v0.15.8 Stage:v0.15.7 Stage:v0.15.6 Stage:v0.15.5 Stage:v0.15.4 Stage:v0.15.3 Stage:v0.15.2 Stage:v0.15.1 Stage:v0.15.0 Stage:v0.14.1 Stage:v0.14.0 Stage:v0.13.9 Stage:v0.13.8 Stage:v0.13.7 Stage:v0.13.6 Stage:v0.13.5 Stage:v0.13.4 Stage:v0.13.3 Stage:v0.13.2 Stage:v0.13.1 Stage:v0.13.0 Stage:v0.12.3 Stage:v0.12.2 Stage:v0.12.1 Stage:v0.12.0 Stage:v0.11.3 Stage:v0.11.2 Stage:v0.11.1 Stage:v0.11.0 Stage:v0.10.0 Stage:v0.9.8 Stage:v0.9.7 Stage:v0.9.6 Stage:v0.9.5 Stage:v0.9.4 Stage:v0.9.3 Stage:v0.9.2 Stage:v0.9.1 Stage:v0.9.0 Stage:v0.8.5 Stage:v0.8.4 Stage:v0.8.3 Stage:v0.8.2 Stage:v0.8.1 Stage:v0.8.0 Stage:v0.7.0 Stage:v0.6.3 Stage:v0.6.2 Stage:v0.6.1 Stage:v0.6.0 Stage:v0.5.0 Stage:v0.4.2 Stage:v0.4.1 Stage:v0.4.0 Stage:v0.3.0 Stage:v0.2.0 Stage:v0.1.7 Stage:v0.1.6 Stage:v0.1.5 Stage:v0.1.4 Stage:v0.1.3 Stage:v0.1.2 Stage:v0.1.1 Stage:v0.1.0

42 Commits
v0.5.0 ... v0.6.2

Author SHA1 Message Date
kota kanbe
3178c1e326 Merge branch 'master' of https://github.com/future-architect/vuls 
* 'master' of https://github.com/future-architect/vuls:
  Add Telegram support (#762)
 2019-01-23 00:25:54 +09:00
kota kanbe
321d68e03a Bump up version 2019-01-23 00:25:02 +09:00
Yao Ding
3d8753c621 Add Telegram support (#762) 
* add telegram support

* format message

* remove debug print

* fix linting error

* add telegram to discover; group message by 10

* use chatID instead of channel

* apply refactor

* remove reduntant space
 2019-01-23 00:19:16 +09:00
Tomoya Amachi
967c56909d add ScannedIPv4Addrs and ScannedIPv6Addrs (#764) 2019-01-19 22:19:06 +09:00
Takayuki Ushida
7c4831d2d1 add build time (#763) 2019-01-18 13:13:50 +09:00
Shigechika AIKAWA
4b49e11a33 add(report) -format-list option to -to-email (#761) 2019-01-17 16:31:04 +09:00
Kota Kanbe
d84a6a8627 fix(oracle): vuls report returns different result each time in the case of Oracle Linux (#759) 
https://github.com/kotakanbe/goval-dictionary/pull/56
 2019-01-12 23:11:06 +09:00
sadayuki-matsuno
63b7f4a8db delete paperr (#758) 2019-01-12 22:40:56 +09:00
yahharo
ca2160264a Remove ThreadTimeStamp from message struct (#756) 
- If `thread_ts` valus sent as empty string ("") to Slack, it returns error `invalid_thread_ts`
- When API try to send, it use `slack.PostMessageParameters`, not use `message`
 2018-12-25 12:27:53 +09:00
Kota Kanbe
7842594f53 fix(scan): OS detection ssh timeout in first run #699 (#753) 2018-12-20 13:59:54 +09:00
Kota Kanbe
7db056102c fix(report): overdetection for Red Hat/CentOS with redis backend (#748) 
fix(report): miss detection for Red Hat/CentOS with redis backend
 2018-12-06 15:29:28 +09:00
Tomoya Amachi
a5a800fa0a add alert data to result json (#747) 
* add alert data to result json

* delete omitempty from AlertDict
 2018-12-05 15:38:23 +09:00
Tomoya Amachi
9147ec148d Beautify alert (#746) 
* update dep

* to make easy edit alert data manually

* fix alert data bug
 2018-12-05 12:30:04 +09:00
sadayuki-matsuno
b3260588c6 fix(gost) update pkg to incorporate the latest gost (#745) 2018-12-04 17:33:31 +09:00
sadayuki-matsuno
7d31328271 export exploit func (#744) 2018-11-30 16:53:51 +09:00
Kota Kanbe
6e82981ee3 feat(report): Display CERT information to reports (#741) 
* fix(tui): show JPCERT Alert URL in TUI

* feat(tui): show `!` when the CVE-ID corresponds to USCERT or JPCERT alert

* feat(report): display cert alert info to stdout report

* fix(report): Display CVEs detected by CPEs with -ignore-unfixed flag
 2018-11-30 15:41:59 +09:00
Tomoya Amachi
9d7b115bb5 add JPCERT and USCERT alert dictionary (#740) 
* add alert dictionary

* fix for sider review

* fix for sider review
 2018-11-30 14:17:17 +09:00
Kota Kanbe
8eae5002a3 fix(report): return both scores of gost and oval (#739) 2018-11-29 12:17:19 +09:00
Kota Kanbe
31bd6c0371 feat(scan): get repository name of updatable pkgs for debian/ubuntu (#738) 2018-11-26 12:02:52 +09:00
Kota Kanbe
7585f9d537 fix(report): fix cvedb-url, add -cvedb-type=http (#734) 
* fix(report): fix cvedb-url, add -cvedb-type=http

* feat(report): support go-exploitdb server mode

* update deps

* implement tui

* fix server mode

* fix(tui): default value of cvedb-type to ""

* update deps
 2018-11-16 21:22:18 +09:00
sadayuki-matsuno
76037cdf72 fix new cve contents (#735) 2018-11-15 13:43:06 +09:00
sadayuki-matsuno
98c5421edc fix exploit db (#733) 2018-11-12 17:36:53 +09:00
Kota Kanbe
e63fc7e3f5 fix(report): nil pointer in deep scan mode #728 (#732) 2018-11-10 12:36:12 +09:00
sadayuki-matsuno
6ed9cf3fb4 add scan mode (#731) 2018-11-05 15:35:50 +09:00
sadayuki-matsuno
9865eab2c0 Display exploit codes information for each detected CVE-IDs (#729) 
* add exploit

* bug fix while loading config in TUI, display in format-full-text

* fix readme
 2018-11-03 16:36:59 +09:00
Kota Kanbe
678e72a8b6 fix(gost): a bug of parseCwe (#726) 2018-10-29 21:21:20 +09:00
sadayuki-matsuno
ec41899089 check cve_contents init (#725) 
check cve_contents init to avoid nil pointer
 2018-10-29 16:27:54 +09:00
Harald Nordgren
b2d913cc21 Bump Go versions and use '.x' to always get latest patch versions (#724) 2018-10-29 16:26:20 +09:00
sadayuki-matsuno
bc86c24e6a update pkg (#723) 
* update pkg

* change lint url
 2018-10-18 13:37:17 +09:00
sadayuki-matsuno
87a77dd95c update pkgs (#720) 2018-10-10 17:43:26 +09:00
sadayuki-matsuno
e8188f3432 add ms gost (#718) 
* add ms gost

* change gost branch
 2018-10-05 12:45:26 +09:00
Kota Kanbe
50506be546 [WIP] feat(report): show repository of affected pkgs (#713) 
feat(report): show repository of affected pkgs
 2018-10-04 16:01:55 +09:00
Iskander (Alex) Sharipov
4ded028258 config: remove commented-out code from tomlloader (#714) 
Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>
 2018-10-04 12:37:58 +09:00
Iskander (Alex) Sharipov
6da8b3c4a1 commands: simplify s[:] to s (#715) 
If s is a slice, then `s[:]` is identical to just `s`.

Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>
 2018-10-04 12:37:31 +09:00
Iskander (Alex) Sharipov
d5c92cbcb3 report: simplify x = x <op> y to x <op>= y (#716) 
Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>
 2018-10-04 12:35:02 +09:00
sadayuki-matsuno
ed5f98d6f0 change syslog pkg (#717) 2018-10-04 12:34:23 +09:00
Kota Kanbe
f854b8f908 fix(report): fix an error while loading cveDict.type in config.toml (#711) 2018-10-02 09:27:34 +09:00
Shigechika AIKAWA
de7a6159d4 remove table.SetHeaderColor codes (#709) 
table.SetHeaderColor does not need in case of formatFullPlainText().
 2018-09-25 10:31:22 +09:00
Kota Kanbe
6090a34037 fix(cpe): update deps to avoid parsing err of cpeNames (#708) 2018-09-13 13:42:04 +09:00
Kota Kanbe
f566745479 fix(config): a DB URL error 'does not validate as url' #705 (#706) 2018-09-11 09:19:24 +09:00
kota kanbe
153234b623 update readme 2018-08-29 22:39:05 +09:00
Kota Kanbe
ac510d21ff fix(scan): fix err msg when unable to connect via SSH (#702) 2018-08-29 10:48:32 +09:00
50 changed files with 6186 additions and 487 deletions
Expand all files Collapse all files

2
.travis.yml
View File

@@ -1,7 +1,7 @@
language: go
go:
- "1.11"
- "1.11.x"
after_success:
- test -n "$TRAVIS_TAG" && curl -sL https://git.io/goreleaser | bash

5
GNUmakefile
View File

@@ -18,8 +18,9 @@ SRCS = $(shell git ls-files '*.go')
PKGS = $(shell go list ./...)
VERSION := $(shell git describe --tags --abbrev=0)
REVISION := $(shell git rev-parse --short HEAD)
BUILDTIME := $(shell date "+%Y%m%d_%H%M%S")
LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' \
-X 'github.com/future-architect/vuls/config.Revision=$(REVISION)'
-X 'github.com/future-architect/vuls/config.Revision=$(BUILDTIME)_$(REVISION)'
all: dep build
@@ -39,7 +40,7 @@ install: main.go dep pretest
lint:
@ go get -v github.com/golang/lint/golint
@ go get -v golang.org/x/lint/golint
golint $(PKGS)
vet:

431
Gopkg.lock generated
View File

@@ -2,18 +2,26 @@
[[projects]]
digest = "1:46ea9487304f4b3c787f54483ecb13a338d686dcd670db0ab1a112ed0ae2128e"
digest = "1:b92928b73320648b38c93cacb9082c0fe3f8ac3383ad9bd537eef62c380e0e7a"
name = "contrib.go.opencensus.io/exporter/ocagent"
packages = ["."]
pruneopts = "UT"
revision = "00af367e65149ff1f2f4b93bbfbb84fd9297170d"
version = "v0.2.0"
[[projects]]
digest = "1:a90dbfc07d4cf47b5f113a2d52227e0b098592b22c0bd7afd731f6cb8bd9d55c"
name = "github.com/Azure/azure-sdk-for-go"
packages = [
"storage",
"version",
]
pruneopts = "UT"
revision = "4e8cbbfb1aeab140cd0fa97fd16b64ee18c3ca6a"
version = "v19.1.0"
revision = "1951233eb944a49aa5f7278cba8e3e32a8c958af"
version = "v24.0.0"
[[projects]]
digest = "1:327b9226c8ea5f1cd9952ba859bb7c335cab40fd8781c4a790ef259b0c5fbc40"
digest = "1:e6c692a2dd5f978216331f2ab41b45dfdf01d5b2a74c596a9f69bcef77b7d67b"
name = "github.com/Azure/go-autorest"
packages = [
"autorest",
@@ -21,19 +29,27 @@
"autorest/azure",
"autorest/date",
"logger",
"version",
"tracing",
]
pruneopts = "UT"
revision = "39013ecb48eaf6ced3f4e3e1d95515140ce6b3cf"
version = "v10.15.2"
revision = "be17756531f50014397912b7aa557ec335e39b98"
version = "v11.3.0"
[[projects]]
digest = "1:b16fbfbcc20645cb419f78325bb2e85ec729b338e996a228124d68931a6f2a37"
digest = "1:9f3b30d9f8e0d7040f729b82dcbc8f0dead820a133b3147ce355fc451f32d761"
name = "github.com/BurntSushi/toml"
packages = ["."]
pruneopts = "UT"
revision = "b26d9c308763d68093482582cea63d69be07a0f0"
version = "v0.3.0"
revision = "3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005"
version = "v0.3.1"
[[projects]]
branch = "master"
digest = "1:bb6c15391e666c4f44bdc604772301b93102233ed687be6df6d1c2abbde4f15c"
name = "github.com/RackSec/srslog"
packages = ["."]
pruneopts = "UT"
revision = "a4725f04ec91af1a91b380da679d6e0c2f061e59"
[[projects]]
digest = "1:320e7ead93de9fd2b0e59b50fd92a4d50c1f8ab455d96bc2eb083267453a9709"
@@ -44,7 +60,7 @@
version = "v9"
[[projects]]
digest = "1:4f8b94c4cb403af4e7834e2a6455a25a5209dc61771b0d24a820ae9ae30f3f74"
digest = "1:5652bf3ce03ccaeb93cd5e11fcaab25467f78275fd9c4b4d1ffe88aae6faed12"
name = "github.com/aws/aws-sdk-go"
packages = [
"aws",
@@ -56,6 +72,7 @@
"aws/credentials",
"aws/credentials/ec2rolecreds",
"aws/credentials/endpointcreds",
"aws/credentials/processcreds",
"aws/credentials/stscreds",
"aws/csm",
"aws/defaults",
@@ -64,6 +81,8 @@
"aws/request",
"aws/session",
"aws/signer/v4",
"internal/ini",
"internal/s3err",
"internal/sdkio",
"internal/sdkrand",
"internal/sdkuri",
@@ -80,8 +99,8 @@
"service/sts",
]
pruneopts = "UT"
revision = "4324bc9d8865bdb3e6aa86ec7772ca1272d2750e"
version = "v1.15.21"
revision = "aabf189db35ba7eb5a35afe6d681fc0f70954fca"
version = "v1.16.18"
[[projects]]
digest = "1:0f98f59e9a2f4070d66f0c9c39561f68fcd1dc837b22a852d28d0003aebd1b1e"
@@ -92,12 +111,25 @@
version = "v1.3.1"
[[projects]]
digest = "1:2209584c0f7c9b68c23374e659357ab546e1b70eec2761f03280f69a8fd23d77"
digest = "1:166438587ed45ac211dab8a3ecebf4fa0c186d0db63430fb9127bbc2e5fcdc67"
name = "github.com/cenkalti/backoff"
packages = ["."]
pruneopts = "UT"
revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e"
version = "v2.0.0"
revision = "1e4cf3da559842a91afcb6ea6141451e6c30c618"
version = "v2.1.1"
[[projects]]
digest = "1:65b0d980b428a6ad4425f2df4cd5410edd81f044cf527bd1c345368444649e58"
name = "github.com/census-instrumentation/opencensus-proto"
packages = [
"gen-go/agent/common/v1",
"gen-go/agent/trace/v1",
"gen-go/resource/v1",
"gen-go/trace/v1",
]
pruneopts = "UT"
revision = "7f2434bc10da710debe5c4315ed6d4df454b4024"
version = "v0.1.0"
[[projects]]
digest = "1:e04c00d619875ce5fa67180891984a9b1fadcc031af36bcd7a3509cbdad1df15"
@@ -132,15 +164,7 @@
version = "v1.4.7"
[[projects]]
digest = "1:5abd6a22805b1919f6a6bca0ae58b13cef1f3412812f38569978f43ef02743d4"
name = "github.com/go-ini/ini"
packages = ["."]
pruneopts = "UT"
revision = "5cf292cae48347c2490ac1a58fe36735fb78df7e"
version = "v1.38.2"
[[projects]]
digest = "1:ad9585b1b4361cbe8e7d8cc31af82ef5f597b9243909daa16f2c225b8af68c46"
digest = "1:ad53d1f710522a38d1f0e5e0a55a194b1c6b2cd8e84313568e43523271f0cf62"
name = "github.com/go-redis/redis"
packages = [
".",
@@ -149,20 +173,19 @@
"internal/hashtag",
"internal/pool",
"internal/proto",
"internal/singleflight",
"internal/util",
]
pruneopts = "UT"
revision = "1614e579ed966441b8e0c3ccea1dd0fbbd93a6ae"
version = "v6.14.0"
revision = "22be8a3eaf992c828cecb69dc07348313bf08d2e"
version = "v6.15.1"
[[projects]]
digest = "1:adea5a94903eb4384abef30f3d878dc9ff6b6b5b0722da25b82e5169216dfb61"
digest = "1:ec6f9bf5e274c833c911923c9193867f3f18788c461f76f05f62bb1510e0ae65"
name = "github.com/go-sql-driver/mysql"
packages = ["."]
pruneopts = "UT"
revision = "d523deb1b23d913de5bdada721a6071e71283618"
version = "v1.4.0"
revision = "72cd26f257d44c1114970e19afddcd812016007e"
version = "v1.4.1"
[[projects]]
digest = "1:586ea76dbd0374d6fb649a91d70d652b7fe0ccffb8910a77468e7702e7901f3d"
@@ -172,21 +195,36 @@
revision = "2fee6af1a9795aafbe0253a0cfbdf668e1fb8a9a"
version = "v1.8.0"
[[projects]]
digest = "1:8f0705fa33e8957018611cc81c65cb373b626c092d39931bb86882489fc4c3f4"
name = "github.com/golang/protobuf"
packages = [
"proto",
"ptypes",
"ptypes/any",
"ptypes/duration",
"ptypes/timestamp",
"ptypes/wrappers",
]
pruneopts = "UT"
revision = "aa810b61a9c79d51363740d207bb46cf8e620ed5"
version = "v1.2.0"
[[projects]]
branch = "master"
digest = "1:b264547c40314ec7619d2cf264e2621953843be7242c140efe1e3119f93877f4"
digest = "1:df265b7f54410945dad5cf5979d91461b9fa7ff9b397ab58d2d577002a8a0e24"
name = "github.com/google/subcommands"
packages = ["."]
pruneopts = "UT"
revision = "5bae204cdfb2d92dcc333d56014bae6a2f6c58b1"
revision = "46f0354f63152e8801bb460d26f5b6c4c878efbb"
[[projects]]
digest = "1:cee8e8ac80df6373e7daa11baf1f98c1b6f7242c49ccae7e1ec34a971dc408d9"
digest = "1:7b5c6e2eeaa9ae5907c391a91c132abfd5c9e8a784a341b5625e750c67e6825d"
name = "github.com/gorilla/websocket"
packages = ["."]
pruneopts = "UT"
revision = "3ff3320c2a1756a3691521efc290b4701575147c"
version = "v1.3.0"
revision = "66b9c49e59c6c48f0ffce28c2d8b8a5678502c6d"
version = "v1.4.0"
[[projects]]
branch = "master"
@@ -201,12 +239,20 @@
revision = "36ee7e946282a3fb1cfecd476ddc9b35d8847e42"
[[projects]]
digest = "1:77395dd3847dac9c45118c668f5dab85aedf0163dc3b38aea6578c5cf0d502f9"
branch = "master"
digest = "1:8dbe76014be3c83806abc61befcb5e1789d2d872bc8f98a8fb955405550c63be"
name = "github.com/grokify/html-strip-tags-go"
packages = ["."]
pruneopts = "UT"
revision = "e9e44961e26f513866063f54bf85070db95600f7"
[[projects]]
digest = "1:950caca7dfcf796419232ba996c9c3539d09f26af27ba848c4508e604c13efbb"
name = "github.com/hashicorp/go-version"
packages = ["."]
pruneopts = "UT"
revision = "b5a281d3160aa11950a6182bd9a9dc2cb1e02d50"
version = "v1.0.0"
revision = "d40cf49b3a77bba84a7afdbd7f1dc295d114efb1"
version = "v1.1.0"
[[projects]]
digest = "1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10"
@@ -252,7 +298,7 @@
version = "v2.14"
[[projects]]
digest = "1:8fe19266ce82209076d4a81007ff93f40dd349faca4a917aea59d33956bbd4fd"
digest = "1:ff312c4d510c67954a6fc6a11c9ff72a2b2169584776b7419c7b8c729e2b13ac"
name = "github.com/jinzhu/gorm"
packages = [
".",
@@ -261,8 +307,8 @@
"dialects/sqlite",
]
pruneopts = "UT"
revision = "6ed508ec6a4ecb3531899a69cbc746ccf65a4166"
version = "v1.9.1"
revision = "472c70caa40267cb89fd8facb07fe6454b578626"
version = "v1.9.2"
[[projects]]
branch = "master"
@@ -273,19 +319,19 @@
revision = "04140366298a54a039076d798123ffa108fff46c"
[[projects]]
digest = "1:e22af8c7518e1eab6f2eab2b7d7558927f816262586cd6ed9f349c97a6c285c4"
digest = "1:bb81097a5b62634f3e9fec1014657855610c82d19b9a40c17612e32651e35dca"
name = "github.com/jmespath/go-jmespath"
packages = ["."]
pruneopts = "UT"
revision = "0b12d6b5"
revision = "c2b33e84"
[[projects]]
digest = "1:8e791db9ac7ec7eddd1f643be51d2dd66bb7093a92e86e3cbd22ddbeaad4d95b"
digest = "1:114ecad51af93a73ae6781fd0d0bc28e52b433c852b84ab4b4c109c15e6c6b6d"
name = "github.com/jroimartin/gocui"
packages = ["."]
pruneopts = "UT"
revision = "4e9ce9a8e26f2ef33dfe297dbdfca148733b6b9b"
version = "v0.3.0"
revision = "c055c87ae801372cd74a0839b972db4f7697ae5f"
version = "v0.4.0"
[[projects]]
digest = "1:16dd6b893b78a50564cdde1d9f7ea67224dece11bb0886bd882f1dc3dc1d440d"
@@ -324,7 +370,8 @@
revision = "74609b86c936dff800c69ec89fcf4bc52d5f13a4"
[[projects]]
digest = "1:7f4a6b4726da539e615256d19381f7c7326255f80ec19cdbeedcc4d9d57e1831"
branch = "master"
digest = "1:acca5c567e76e94e81f8d65893e2a9cd12d914dd688731f461a5ebdb180d4938"
name = "github.com/knqyf263/gost"
packages = [
"config",
@@ -333,11 +380,19 @@
"util",
]
pruneopts = "UT"
revision = "e926a00c01bead2152ea43026159ec5cee7ca998"
version = "v0.1.0"
revision = "5afeda5e8e1f8f3561738d3d6fa6549c88feb31e"
[[projects]]
digest = "1:a0936d2be9f1dfa483fb8c2251453a9202dca2a374b1e42c7d75036a87d1c69d"
digest = "1:0a69a1c0db3591fcefb47f115b224592c8dfa4368b7ba9fae509d5e16cdc95c8"
name = "github.com/konsorten/go-windows-terminal-sequences"
packages = ["."]
pruneopts = "UT"
revision = "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242"
version = "v1.0.1"
[[projects]]
branch = "master"
digest = "1:fa59fec07121e6190139b5134524c4fc7a6abe5143a775a0e17313b6997e17a7"
name = "github.com/kotakanbe/go-cve-dictionary"
packages = [
"config",
@@ -346,8 +401,7 @@
"models",
]
pruneopts = "UT"
revision = "01c566055f7231f55f8551a2ae69569e0a4b9641"
version = "v0.2.0"
revision = "b083bedef97055c27d1f039428ab183eca7c6450"
[[projects]]
digest = "1:54d3c90db1164399906830313a6fce7770917d7e4a12da8f2d8693d18ff5ef27"
@@ -358,7 +412,7 @@
version = "v0.1.0"
[[projects]]
digest = "1:564a03e039dfed4121709e3d76c05c08a9d4291335ca682b5065ae46285a688a"
digest = "1:8fd95e6bab4d09a0f610bd5c02ef6ec7d0d91da5a72b7cfcbfd67254bcb72b75"
name = "github.com/kotakanbe/goval-dictionary"
packages = [
"config",
@@ -367,8 +421,8 @@
"models",
]
pruneopts = "UT"
revision = "818624daf2658cc177ea93100ff20c5caed064b6"
version = "v0.1.0"
revision = "5070051ecafdf15cbe2490e71ec038de7d25b71e"
version = "v0.1.1"
[[projects]]
branch = "master"
@@ -379,15 +433,15 @@
revision = "928f7356cb964637e2489a6ef37eee55181676c5"
[[projects]]
digest = "1:faee5b9f53eb1ae4eb04708c040c8c4dd685ce46509671e57a08520a15c54368"
digest = "1:01eb0269028d3c2e21b5b6cd9b1ba81bc4170ab293fcffa84e3aa3a6138a92e8"
name = "github.com/labstack/gommon"
packages = [
"color",
"log",
]
pruneopts = "UT"
revision = "d6898124de917583f5ff5592ef931d1dfe0ddc05"
version = "0.2.6"
revision = "7fd9f68ece0bcb1a905fac8f1549f0083f71c51b"
version = "v0.2.8"
[[projects]]
digest = "1:b18ffc558326ebaed3b4a175617f1e12ed4e3f53d6ebfe5ba372a3de16d22278"
@@ -426,28 +480,28 @@
version = "v0.0.9"
[[projects]]
digest = "1:d4d17353dbd05cb52a2a52b7fe1771883b682806f68db442b436294926bbfafb"
digest = "1:0981502f9816113c9c8c4ac301583841855c8cf4da8c72f696b3ebedf6d0e4e5"
name = "github.com/mattn/go-isatty"
packages = ["."]
pruneopts = "UT"
revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"
version = "v0.0.3"
revision = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"
version = "v0.0.4"
[[projects]]
digest = "1:cdb899c199f907ac9fb50495ec71212c95cb5b0e0a8ee0800da0238036091033"
digest = "1:0356f3312c9bd1cbeda81505b7fd437501d8e778ab66998ef69f00d7f9b3a0d7"
name = "github.com/mattn/go-runewidth"
packages = ["."]
pruneopts = "UT"
revision = "ce7b0b5c7b45a81508558cd1dba6bb1e4ddb51bb"
version = "v0.0.3"
revision = "3ee7d812e62a0804a7d0a324e0249ca2db3476d3"
version = "v0.0.4"
[[projects]]
digest = "1:3cafc6a5a1b8269605d9df4c6956d43d8011fc57f266ca6b9d04da6c09dee548"
digest = "1:4a49346ca45376a2bba679ca0e83bec949d780d4e927931317904bad482943ec"
name = "github.com/mattn/go-sqlite3"
packages = ["."]
pruneopts = "UT"
revision = "25ecb14adfc7543176f7d85291ec7dba82c6f7e4"
version = "v1.9.0"
revision = "c7c4067b79cc51e6dfdcef5c702e74b1e0fa7c75"
version = "v1.10.0"
[[projects]]
branch = "master"
@@ -466,44 +520,59 @@
version = "v1.0.0"
[[projects]]
digest = "1:645110e089152bd0f4a011a2648fbb0e4df5977be73ca605781157ac297f50c4"
digest = "1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318"
name = "github.com/mitchellh/mapstructure"
packages = ["."]
pruneopts = "UT"
revision = "fa473d140ef3c6adf42d6b391fe76707f1f243c8"
version = "v1.0.0"
revision = "3536a929edddb9a5b34bd6861dc4a9647cb459fe"
version = "v1.1.2"
[[projects]]
branch = "master"
digest = "1:7aefb397a53fc437c90f0fdb3e1419c751c5a3a165ced52325d5d797edf1aca6"
name = "github.com/moul/http2curl"
packages = ["."]
pruneopts = "UT"
revision = "9ac6cf4d929b2fa8fd2d2e6dec5bb0feb4f4911d"
[[projects]]
digest = "1:ace662a36243b5cdc2f71e654175dc192f903fafbf3411a95bc910c1cad53ce7"
name = "github.com/nlopes/slack"
packages = ["."]
pruneopts = "UT"
revision = "0db1d5eae1116bf7c8ed96c6749acfbf4daaec3e"
version = "v0.3.0"
version = "v1.0.0"
[[projects]]
branch = "master"
digest = "1:f335d800550786b6f51ddaedb9d1107a7a72f4a2195e5b039dd7c0e103e119bc"
digest = "1:a440c18972e9499a1e8de68915e5a9119008d86efc2a9c6c6edddc323ce6f3ed"
name = "github.com/mozqnet/go-exploitdb"
packages = [
"db",
"models",
"util",
]
pruneopts = "UT"
revision = "652ae1f6aa234a4e22c8a6c9566ef4018a1d28c8"
[[projects]]
digest = "1:95d38d218bf2290987c6b0e885a9f0f2d3d3239235acaddca01c3fe36e5e5566"
name = "github.com/nlopes/slack"
packages = [
".",
"slackutilsx",
]
pruneopts = "UT"
revision = "b9033a72a20bf84563485e86a2adbea4bf265804"
version = "v0.4.0"
[[projects]]
branch = "master"
digest = "1:f3fc7efada7606d5abc88372e1f838ed897fa522077957070fbc2207a50d6faa"
name = "github.com/nsf/termbox-go"
packages = ["."]
pruneopts = "UT"
revision = "b66b20ab708e289ff1eb3e218478302e6aec28ce"
revision = "0938b5187e61bb8c4dcac2b0a9cf4047d83784fc"
[[projects]]
branch = "master"
digest = "1:4daa045e1e1f3e23f4b07db6880cdf9f259dab65312dfe244a878e6070faaf77"
digest = "1:abcdbf03ca6ca13d3697e2186edc1f33863bbdac2b3a44dfa39015e8903f7409"
name = "github.com/olekukonko/tablewriter"
packages = ["."]
pruneopts = "UT"
revision = "d4647c9c7a84d847478d890b816b7d8b62b0b279"
revision = "e6d60cf7ba1f42d86d54cdf5508611c4aafb3970"
version = "v0.0.1"
[[projects]]
digest = "1:d776f3e95774a8719f2e57fabbbb33103035fe072dcf6f1864f33abd17b753e5"
@@ -522,20 +591,20 @@
version = "v1.2.0"
[[projects]]
digest = "1:40e195917a951a8bf867cd05de2a46aaf1806c50cf92eebf4c16f78cd196f747"
digest = "1:cf31692c14422fa27c83a05292eb5cbe0fb2775972e8f1f8446a71549bd8980b"
name = "github.com/pkg/errors"
packages = ["."]
pruneopts = "UT"
revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
version = "v0.8.0"
revision = "ba968bfe8b2f7e042a574c888954fccecfa385b4"
version = "v0.8.1"
[[projects]]
digest = "1:9a6f766efd8d5752adb7052aebb6e3d85255b31a8dff5e58ab4efa740ba9efa0"
digest = "1:1a23fdd843129ef761ffe7651bc5fe7c5b09fbe933e92783ab06cc11c37b7b37"
name = "github.com/rifflock/lfshook"
packages = ["."]
pruneopts = "UT"
revision = "bf539943797a1f34c1f502d07de419b5238ae6c6"
version = "v2.3"
revision = "b9218ef580f59a2e72dad1aa33d660150445d05a"
version = "v2.4"
[[projects]]
digest = "1:274f67cb6fed9588ea2521ecdac05a6d62a8c51c074c1fccc6a49a40ba80e925"
@@ -547,62 +616,62 @@
[[projects]]
branch = "master"
digest = "1:61ada1b10eccab5329199eaad8fc94048ed689969130010f592a6cc15f9afe39"
digest = "1:9c3c856c4bd09733de5727aeb85fc484b8b87a6eb9e6a632c47e3f17142757ee"
name = "github.com/sirupsen/logrus"
packages = ["."]
pruneopts = "UT"
revision = "49fbef4694fb220643e975c02c9547a1cda57c26"
revision = "78fb3852d92683dc28da6cc3d5f965100677c27d"
[[projects]]
digest = "1:bd1ae00087d17c5a748660b8e89e1043e1e5479d0fea743352cda2f8dd8c4f84"
digest = "1:d707dbc1330c0ed177d4642d6ae102d5e2c847ebd0eb84562d0dc4f024531cfc"
name = "github.com/spf13/afero"
packages = [
".",
"mem",
]
pruneopts = "UT"
revision = "787d034dfe70e44075ccc060d346146ef53270ad"
version = "v1.1.1"
[[projects]]
digest = "1:516e71bed754268937f57d4ecb190e01958452336fa73dbac880894164e91c1f"
name = "github.com/spf13/cast"
packages = ["."]
pruneopts = "UT"
revision = "8965335b8c7107321228e3e3702cab9832751bac"
revision = "a5d6946387efe7d64d09dcba68cdd523dc1273a3"
version = "v1.2.0"
[[projects]]
branch = "master"
digest = "1:8a020f916b23ff574845789daee6818daf8d25a4852419aae3f0b12378ba432a"
digest = "1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc"
name = "github.com/spf13/cast"
packages = ["."]
pruneopts = "UT"
revision = "8c9545af88b134710ab1cd196795e7f2388358d7"
version = "v1.3.0"
[[projects]]
digest = "1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb"
name = "github.com/spf13/jwalterweatherman"
packages = ["."]
pruneopts = "UT"
revision = "14d3d4c518341bea657dd8a226f5121c0ff8c9f2"
revision = "4a4406e478ca629068e7768fc33f3f044173c0a6"
version = "v1.0.0"
[[projects]]
digest = "1:dab83a1bbc7ad3d7a6ba1a1cc1760f25ac38cdf7d96a5cdd55cd915a4f5ceaf9"
digest = "1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2"
name = "github.com/spf13/pflag"
packages = ["."]
pruneopts = "UT"
revision = "9a97c102cda95a86cec2345a6f09f55a939babf5"
version = "v1.0.2"
revision = "298182f68c66c05229eb03ac171abe6e309ee79a"
version = "v1.0.3"
[[projects]]
digest = "1:4fc8a61287ccfb4286e1ca5ad2ce3b0b301d746053bf44ac38cf34e40ae10372"
digest = "1:de37e343c64582d7026bf8ab6ac5b22a72eac54f3a57020db31524affed9f423"
name = "github.com/spf13/viper"
packages = ["."]
pruneopts = "UT"
revision = "907c19d40d9a6c9bb55f040ff4ae45271a4754b9"
version = "v1.1.0"
revision = "6d33b5a963d922d182c91e8a1c88d81fd150cfd4"
version = "v1.3.1"
[[projects]]
branch = "master"
digest = "1:c468422f334a6b46a19448ad59aaffdfc0a36b08fdcc1c749a0b29b6453d7e59"
name = "github.com/valyala/bytebufferpool"
packages = ["."]
pruneopts = "UT"
revision = "e746df99fe4a3986f4d4f79e13c1e0117ce9c2f7"
version = "v1.0.0"
[[projects]]
branch = "master"
@@ -620,9 +689,33 @@
pruneopts = "UT"
revision = "0a0be1dd9d0855b50be0be5a10ad3085382b6d59"
[[projects]]
digest = "1:2ae8314c44cd413cfdb5b1df082b350116dd8d2fff973e62c01b285b7affd89e"
name = "go.opencensus.io"
packages = [
".",
"exemplar",
"internal",
"internal/tagencoding",
"plugin/ochttp",
"plugin/ochttp/propagation/b3",
"plugin/ochttp/propagation/tracecontext",
"stats",
"stats/internal",
"stats/view",
"tag",
"trace",
"trace/internal",
"trace/propagation",
"trace/tracestate",
]
pruneopts = "UT"
revision = "b7bf3cdb64150a8c8c53b769fdeb2ba581bd4d4b"
version = "v0.18.0"
[[projects]]
branch = "master"
digest = "1:6019f7d49498f02cd589d41db388e11470de1f218a0a534c52353788684d8cd9"
digest = "1:30e9f5bea4df0d1a573ed89a85cc680ab05dfc078f6a21e627db236f29650a11"
name = "golang.org/x/crypto"
packages = [
"curve25519",
@@ -636,30 +729,43 @@
"ssh/terminal",
]
pruneopts = "UT"
revision = "614d502a4dac94afa3a6ce146bd1736da82514c6"
revision = "ff983b9c42bc9fbf91556e191cc8efb585c16908"
[[projects]]
branch = "master"
digest = "1:357e8a9010dc590929a02bc5602c058acea216e4c46089755e618a5a59789604"
digest = "1:35d68717797810014f26d6a175b0e73bd7fba070c408d443b3fff87a61c8008e"
name = "golang.org/x/net"
packages = [
"context",
"http/httpguts",
"http2",
"http2/hpack",
"idna",
"internal/timeseries",
"publicsuffix",
"trace",
]
pruneopts = "UT"
revision = "8a410e7b638dca158bf9e766925842f6651ff828"
revision = "915654e7eabcea33ae277abbecf52f0d8b7a9fdc"
[[projects]]
branch = "master"
digest = "1:0dafafed83f125cdc945a014b2dec15e5b5d8cd2d77a2d1e3763120b08ab381b"
digest = "1:75515eedc0dc2cb0b40372008b616fa2841d831c63eedd403285ff286c593295"
name = "golang.org/x/sync"
packages = ["semaphore"]
pruneopts = "UT"
revision = "37e7f081c4d4c64e13b10787722085407fe5d15f"
[[projects]]
branch = "master"
digest = "1:5ee4df7ab18e945607ac822de8d10b180baea263b5e8676a1041727543b9c1e4"
name = "golang.org/x/sys"
packages = [
"unix",
"windows",
]
pruneopts = "UT"
revision = "4910a1d54f876d7b22162a85f4d066d3ee649450"
revision = "48ac38b7c8cbedd50b1613c0fccacfc7d88dfcdf"
[[projects]]
digest = "1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18"
@@ -684,13 +790,69 @@
revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
version = "v0.3.0"
[[projects]]
digest = "1:5f003878aabe31d7f6b842d4de32b41c46c214bb629bb485387dbcce1edf5643"
name = "google.golang.org/api"
packages = ["support/bundler"]
pruneopts = "UT"
revision = "19e022d8cf43ce81f046bae8cc18c5397cc7732f"
version = "v0.1.0"
[[projects]]
digest = "1:c25289f43ac4a68d88b02245742347c94f1e108c534dda442188015ff80669b3"
name = "google.golang.org/appengine"
packages = ["cloudsql"]
pruneopts = "UT"
revision = "b1f26356af11148e710935ed1ac8a7f5702c7612"
version = "v1.1.0"
revision = "e9657d882bb81064595ca3b56cbe2546bbabf7b1"
version = "v1.4.0"
[[projects]]
branch = "master"
digest = "1:077c1c599507b3b3e9156d17d36e1e61928ee9b53a5b420f10f28ebd4a0b275c"
name = "google.golang.org/genproto"
packages = ["googleapis/rpc/status"]
pruneopts = "UT"
revision = "db91494dd46c1fdcbbde05e5ff5eb56df8f7d79a"
[[projects]]
digest = "1:9edd250a3c46675d0679d87540b30c9ed253b19bd1fd1af08f4f5fb3c79fc487"
name = "google.golang.org/grpc"
packages = [
".",
"balancer",
"balancer/base",
"balancer/roundrobin",
"binarylog/grpc_binarylog_v1",
"codes",
"connectivity",
"credentials",
"credentials/internal",
"encoding",
"encoding/proto",
"grpclog",
"internal",
"internal/backoff",
"internal/binarylog",
"internal/channelz",
"internal/envconfig",
"internal/grpcrand",
"internal/grpcsync",
"internal/syscall",
"internal/transport",
"keepalive",
"metadata",
"naming",
"peer",
"resolver",
"resolver/dns",
"resolver/passthrough",
"stats",
"status",
"tap",
]
pruneopts = "UT"
revision = "df014850f6dee74ba2fc94874043a9f3f75fbfd8"
version = "v1.17.0"
[[projects]]
digest = "1:e626376fab8608a972d47e91b3c1bbbddaecaf1d42b82be6dcc52d10a7557893"
@@ -701,12 +863,12 @@
version = "v1.1.1"
[[projects]]
digest = "1:d8cd4f14785b5ae65100524a29ebba8b9dfc5401020fe7504f80b438bb8e8e0d"
digest = "1:94cad6e2359d57da6652e689189c5b6ef19f99db6304d2c41de54f6632e15143"
name = "gopkg.in/cheggaaa/pb.v1"
packages = ["."]
pruneopts = "UT"
revision = "2af8bbdea9e99e83b3ac400d8f6b6d1b8cbbf338"
version = "v1.0.25"
revision = "1cc5bbe20449079337944d56292c7383510c534c"
version = "v1.0.27"
[[projects]]
digest = "1:256938e7d43c73bd5e7bb97dd281d1ebe294b2928403ee1fbec96249915d1150"
@@ -733,28 +895,28 @@
version = "v0.0.9"
[[projects]]
digest = "1:d4d17353dbd05cb52a2a52b7fe1771883b682806f68db442b436294926bbfafb"
digest = "1:0981502f9816113c9c8c4ac301583841855c8cf4da8c72f696b3ebedf6d0e4e5"
name = "gopkg.in/mattn/go-isatty.v0"
packages = ["."]
pruneopts = "UT"
revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"
version = "v0.0.3"
revision = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"
version = "v0.0.4"
[[projects]]
digest = "1:cdb899c199f907ac9fb50495ec71212c95cb5b0e0a8ee0800da0238036091033"
digest = "1:0356f3312c9bd1cbeda81505b7fd437501d8e778ab66998ef69f00d7f9b3a0d7"
name = "gopkg.in/mattn/go-runewidth.v0"
packages = ["."]
pruneopts = "UT"
revision = "ce7b0b5c7b45a81508558cd1dba6bb1e4ddb51bb"
version = "v0.0.3"
revision = "3ee7d812e62a0804a7d0a324e0249ca2db3476d3"
version = "v0.0.4"
[[projects]]
digest = "1:342378ac4dcb378a5448dd723f0784ae519383532f5e70ade24132c4c8693202"
digest = "1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96"
name = "gopkg.in/yaml.v2"
packages = ["."]
pruneopts = "UT"
revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183"
version = "v2.2.1"
revision = "51d6538a90f86fe93ac480b35f37b2be17fef232"
version = "v2.2.2"
[solve-meta]
analyzer-name = "dep"
@@ -762,6 +924,7 @@
input-imports = [
"github.com/Azure/azure-sdk-for-go/storage",
"github.com/BurntSushi/toml",
"github.com/RackSec/srslog",
"github.com/asaskevich/govalidator",
"github.com/aws/aws-sdk-go/aws",
"github.com/aws/aws-sdk-go/aws/credentials",
@@ -791,6 +954,8 @@
"github.com/kotakanbe/goval-dictionary/models",
"github.com/kotakanbe/logrus-prefixed-formatter",
"github.com/mitchellh/go-homedir",
"github.com/mozqnet/go-exploitdb/db",
"github.com/mozqnet/go-exploitdb/models",
"github.com/nlopes/slack",
"github.com/olekukonko/tablewriter",
"github.com/parnurzeal/gorequest",

12
Gopkg.toml
View File

@@ -24,6 +24,18 @@
# go-tests = true
# unused-packages = true
[[constraint]]
name = "github.com/knqyf263/gost"
branch = "master"
[[constraint]]
name = "github.com/kotakanbe/go-cve-dictionary"
branch = "master"
[[constraint]]
name = "github.com/mozqnet/go-exploitdb"
branch = "master"
[prune]
go-tests = true
unused-packages = true

110
README.md
View File

@@ -45,50 +45,78 @@ Vuls is a tool created to solve the problems listed above. It has the following
# Main Features
- Scan for any vulnerabilities in Linux/FreeBSD Server
- Supports Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD
- Cloud, on-premise, Docker
- High quality scan
- Vuls uses Multiple vulnerability databases
- [NVD](https://nvd.nist.gov/)
- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
- [RedHat](https://www.redhat.com/security/data/oval/)
- [Debian](https://www.debian.org/security/oval/)
- [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
- [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
- [Oracle Linux](https://linux.oracle.com/security/oval/)
- [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
- RHSA/ALAS/ELSA/FreeBSD-SA
- Changelog
- Fast scan and Deep scan
- Fast Scan
- Scan without root privilege
- Scan with No internet access. (RedHat, CentOS, OracleLinux, Ubuntu and Debian)
- Almost no load on the scan target server
- Deep Scan
- Scan with root privilege
- Detect processes affected by update using yum-ps (RedHat, CentOS, OracleLinux and Amazon Linux)
- Parses the Changelog
Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed.
By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software
it's possible to create a list of all vulnerabilities that need to be fixed.
- Sometimes load on the scan target server
- Remote scan and Local scan
- Remote Scan
- User is required to only setup one machine that is connected to other target servers via SSH
- Local Scan
- If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.
- **Dynamic** Analysis
- It is possible to acquire the state of the server by connecting via SSH and executing the command
- Vuls warns when the scan target server was updated the kernel etc. but not restarting it.
- Scan middleware that are not included in OS package management
- Scan middleware, programming language libraries and framework for vulnerability
- Support software registered in CPE
## Scan for any vulnerabilities in Linux/FreeBSD Server
[Supports major Linux/FreeBSD](https://vuls.io/docs/en/supported-os.html)
- Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD
- Cloud, on-premise, Docker
## High quality scan
Vuls uses Multiple vulnerability databases
- [NVD](https://nvd.nist.gov/)
- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
- OVAL
- [RedHat](https://www.redhat.com/security/data/oval/)
- [Debian](https://www.debian.org/security/oval/)
- [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
- [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
- [Oracle Linux](https://linux.oracle.com/security/oval/)
- [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
- [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
- [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/)
- Commands(yum, zypper, pkg-audit)
- RHSA/ALAS/ELSA/FreeBSD-SA
- [Exploit Database](https://www.exploit-db.com/)
- Changelog
## Fast scan and Deep scan
[Fast Scan](https://vuls.io/docs/en/architecture-fast-scan.html)
- Scan without root privilege, no dependencies
- Almost no load on the scan target server
- Offline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)
[Fast Root Scan](https://vuls.io/docs/en/architecture-fast-root-scan.html)
- Scan with root privilege
- Almost no load on the scan target server
- Detect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux)
- Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
- Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian)
[Deep Scan](https://vuls.io/docs/en/architecture-deep-scan.html)
- Scan with root privilege
- Parses the Changelog
Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed.
By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software
it's possible to create a list of all vulnerabilities that need to be fixed.
- Sometimes load on the scan target server
## [Remote scan and Local scan](https://vuls.io/docs/en/architecture-remote-local.html)
[Remote Scan](https://vuls.io/docs/en/architecture-remote-scan.html)
- User is required to only setup one machine that is connected to other target servers via SSH
[Local Scan](https://vuls.io/docs/en/architecture-local-scan.html)
- If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.
## **Dynamic** Analysis
- It is possible to acquire the state of the server by connecting via SSH and executing the command.
- Vuls warns when the scan target server was updated the kernel etc. but not restarting it.
## [Scan middleware that are not included in OS package management](https://vuls.io/docs/en/usage-scan-non-os-packages.html)
- Scan middleware, programming language libraries and framework for vulnerability
- Support software registered in CPE
## MISC
- Nondestructive testing
- Pre-authorization is *NOT* necessary before scanning on AWS
- Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
- Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
- Auto generation of configuration file template
- Auto detection of servers set using CIDR, generate configuration file template
- Auto detection of servers set using CIDR, generate configuration file template
- Email and Slack notification is possible (supports Japanese language)
- Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI ([VulsRepo](https://github.com/usiusi360/vulsrepo)).

2897
alert/alert_jp.go Normal file
View File

File diff suppressed because it is too large Load Diff

920
alert/alert_us.go Normal file
View File

@@ -0,0 +1,920 @@
package alert
// AlertDictEn has USCERT alerts
var AlertDictEn = map[string]Alert{
"https://www.us-cert.gov/ncas/alerts/TA08-352A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA08-352A",
Title: `Microsoft Internet Explorer Data Binding Vulnerability`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA08-350A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA08-350A",
Title: `Apple Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA08-344A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA08-344A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA08-340A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA08-340A",
Title: `Sun Java Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA08-319A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA08-319A",
Title: `Mozilla Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-132A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-132A",
Title: `Microsoft PowerPoint Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-041A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-041A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-343A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-343A",
Title: `Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-218A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-218A",
Title: `Apple Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-195A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-195A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-342A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-342A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-286B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-286B",
Title: `Adobe Reader and Acrobat Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-160B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-160B",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-069A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-069A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-223A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-223A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-013A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-013A",
Title: `Microsoft Updates for Multiple SMB Protocol Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-294A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-294A",
Title: `Oracle Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-020A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-020A",
Title: `Microsoft Windows Does Not Disable AutoRun Properly`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-133A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-133A",
Title: `Apple Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-022A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-022A",
Title: `Apple QuickTime Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-051A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-051A",
Title: `Adobe Acrobat and Reader Vulnerability`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-015A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-015A",
Title: `Oracle Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-251A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-251A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-209A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-209A",
Title: `Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-204A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-204A",
Title: `Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-161A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-161A",
Title: `Adobe Acrobat and Reader Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-133B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-133B",
Title: `Adobe Reader and Acrobat JavaScript Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-088A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-088A",
Title: `Conficker Worm Targets Microsoft Windows Systems`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-314A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-314A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-105A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-105A",
Title: `Oracle Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-104A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-104A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-286A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-286A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA09-187A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA09-187A",
Title: `Microsoft Video ActiveX Control Vulnerability`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-238A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-238A",
Title: `Microsoft Windows Insecurely Loads Dynamic Libraries`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-159B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-159B",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-103B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-103B",
Title: `Oracle Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-021A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-021A",
Title: `Microsoft Internet Explorer Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-012A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-012A",
Title: `Oracle Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-313A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-313A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-285A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-285A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-263A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-263A",
Title: `Adobe Flash Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-103C": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-103C",
Title: `Adobe Reader and Acrobat Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-040A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-040A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-194B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-194B",
Title: `Oracle Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-194A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-194A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-131A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-131A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-068A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-068A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-348A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-348A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-257A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-257A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-231A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-231A",
Title: `Adobe Reader and Acrobat Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-222A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-222A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-162A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-162A",
Title: `Adobe Flash and AIR Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-159A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-159A",
Title: `Adobe Flash, Reader, and Acrobat Vulnerability`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-089A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-089A",
Title: `Microsoft Internet Explorer Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-013A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-013A",
Title: `Adobe Reader and Acrobat Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-287A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-287A",
Title: `Oracle Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-279A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-279A",
Title: `Adobe Reader and Acrobat Affected by Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-223A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-223A",
Title: `Adobe Flash and AIR Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA10-012B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA10-012B",
Title: `Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-165A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-165A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-067A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-067A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-039A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-039A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-222A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-222A",
Title: `Adobe Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-193A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-193A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-201A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-201A",
Title: `Oracle Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-166A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-166A",
Title: `Adobe Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-130A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-130A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-312A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-312A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-286A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-286A",
Title: `Apple Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-350A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-350A",
Title: `Adobe Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-221A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-221A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-256A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-256A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-200A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-200A",
Title: `Security Recommendations to Prevent Cyber Intrusions`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-102A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-102A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-011A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-011A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-347A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-347A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA11-284A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA11-284A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-262A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-262A",
Title: `Microsoft Security Advisory for Internet Explorer Exploit`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-240A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-240A",
Title: `Oracle Java 7 Security Manager Bypass Vulnerability`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-227A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-227A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-129A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-129A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-101B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-101B",
Title: `Adobe Reader and Acrobat Security Updates and Architectural Improvements`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-010A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-010A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-006A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-006A",
Title: `Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-265A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-265A",
Title: `Microsoft Releases Patch for Internet Explorer Exploit`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-255A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-255A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-251A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-251A",
Title: `Microsoft Update For Minimum Certificate Key Length`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-174A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-174A",
Title: `Microsoft XML Core Services Attack Activity`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-164A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-164A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-101A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-101A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-318A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-318A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-283A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-283A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-346A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-346A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-192A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-192A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-073A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-073A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-045A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-045A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA12-024A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA12-024A",
Title: `&quot;Anonymous&quot; DDoS Activity`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-134A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-134A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-043B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-043B",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-008A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-008A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-051A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-051A",
Title: `Oracle Java Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-043A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-043A",
Title: `Adobe Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-225A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-225A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-207A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-207A",
Title: `Risks of Using the Intelligent Platform Management Interface (IPMI)`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-141A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-141A",
Title: `Washington, DC Radio Station Web Site Compromises`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-175A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-175A",
Title: `Risks of Default Passwords on the Internet`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-169A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-169A",
Title: `Oracle Releases Updates for Javadoc and Other Java SE Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-168A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-168A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-100A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-100A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-088A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-088A",
Title: `DNS Amplification Attacks`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-317A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-317A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-309A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-309A",
Title: `CryptoLocker Ransomware Infections`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-288A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-288A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-064A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-064A",
Title: `Oracle Java Contains Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-032A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-032A",
Title: `Oracle Java Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-024A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-024A",
Title: `Content Management Systems Security and Associated Risks`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-107A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-107A",
Title: `Oracle Has Released Multiple Updates for Java SE`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-071A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-071A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-015A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-015A",
Title: `Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-010A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-010A",
Title: `Oracle Java 7 Security Manager Bypass Vulnerability`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-253A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-253A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-193A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-193A",
Title: `Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO)`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA13-190A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA13-190A",
Title: `Microsoft Updates for Multiple Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-323A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-323A",
Title: `Microsoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability `,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-300A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-300A",
Title: `Phishing Campaign Linked with “Dyre” Banking Malware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-295A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-295A",
Title: `Crypto Ransomware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-318B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-318B",
Title: `Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability `,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-317A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-317A",
Title: `Apple iOS &#039;Masque Attack&#039; Technique`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-290A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-290A",
Title: `SSL 3.0 Protocol Vulnerability and POODLE Attack`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-017A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-017A",
Title: `UDP-Based Amplification Attacks`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-002A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-002A",
Title: `Malware Targeting Point of Sale Systems`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-318A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-318A",
Title: `Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321) `,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-310A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-310A",
Title: `Microsoft Ending Support for Windows Server 2003 Operating System`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-268A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-268A",
Title: `GNU Bourne-Again Shell (Bash) Shellshock Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278) `,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-098A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-098A",
Title: `OpenSSL &#039;Heartbleed&#039; vulnerability (CVE-2014-0160)`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-353A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-353A",
Title: `Targeted Destructive Malware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-329A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-329A",
Title: `Regin Malware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-212A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-212A",
Title: `Backoff Point-of-Sale Malware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-150A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-150A",
Title: `GameOver Zeus P2P Malware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA14-013A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA14-013A",
Title: `NTP Amplification Attacks Using CVE-2013-5211`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-195A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-195A",
Title: `Adobe Flash and Microsoft Windows Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-337A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-337A",
Title: `Dorkbot`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-240A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-240A",
Title: `Controlling Outbound DNS Access`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-213A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-213A",
Title: `Recent Email Phishing Campaigns Mitigation and Response Recommendations`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-120A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-120A",
Title: `Securing End-to-End Communications`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-119A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-119A",
Title: `Top 30 Targeted High Risk Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-105A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-105A",
Title: `Simda Botnet`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-103A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-103A",
Title: `DNS Zone Transfer AXFR Requests May Leak Domain Information`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-098A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-098A",
Title: `AAEH`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-314A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-314A",
Title: `Compromised Web Servers and Web Shells - Threat Awareness and Guidance `,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-286A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-286A",
Title: `Dridex P2P Malware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA15-051A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA15-051A",
Title: `Lenovo Superfish Adware Vulnerable to HTTPS Spoofing`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA16-187A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA16-187A",
Title: `Symantec and Norton Security Products Contain Critical Vulnerabilities`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA16-144A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA16-144A",
Title: `WPAD Name Collision Vulnerability`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA16-132A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA16-132A",
Title: `Exploitation of SAP Business Applications`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA16-105A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA16-105A",
Title: `Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA16-091A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA16-091A",
Title: `Ransomware and Recent Variants`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA16-336A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA16-336A",
Title: `Avalanche (crimeware-as-a-service infrastructure)`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA16-288A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA16-288A",
Title: `Heightened DDoS Threat Posed by Mirai and Other Botnets`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA16-250A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA16-250A",
Title: `The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-117A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-117A",
Title: `Intrusions Affecting Multiple Victims Across Multiple Sectors`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-318B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-318B",
Title: `HIDDEN COBRA North Korean Trojan: Volgmer`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-318A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-318A",
Title: `HIDDEN COBRA North Korean Remote Administration Tool: FALLCHILL`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-181A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-181A",
Title: `Petya Ransomware `,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-132A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-132A",
Title: `Indicators Associated With WannaCry Ransomware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-075A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-075A",
Title: `HTTPS Interception Weakens TLS Security`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-293A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-293A",
Title: `Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-164A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-164A",
Title: `HIDDEN COBRA North Koreas DDoS Botnet Infrastructure`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-163A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-163A",
Title: `CrashOverride Malware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA17-156A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA17-156A",
Title: `Reducing the Risk of SNMP Abuse`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-141A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-141A",
Title: `Side-Channel Vulnerability Variants 3a and 4`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-086A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-086A",
Title: `Brute Force Attacks Conducted by Cyber Actors `,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-004A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-004A",
Title: `Meltdown and Spectre Side-Channel Vulnerability Guidance`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-331A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-331A",
Title: `3ve Major Online Ad Fraud Operation`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/AA18-284A": {
URL: "https://www.us-cert.gov/ncas/alerts/AA18-284A",
Title: `Publicly Available Tools Seen in Cyber Incidents Worldwide`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-276B": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-276B",
Title: `Advanced Persistent Threat Activity Exploiting Managed Service Providers`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-275A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-275A",
Title: `HIDDEN COBRA FASTCash Campaign`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-201A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-201A",
Title: `Emotet Malware`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-276A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-276A",
Title: `Using Rigorous Credential Control to Mitigate Trusted Network Exploitation`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-149A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-149A",
Title: `HIDDEN COBRA Joanap Backdoor Trojan and Brambul Server Message Block Worm`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-145A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-145A",
Title: `Cyber Actors Target Home and Office Routers and Networked Devices Worldwide`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-106A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-106A",
Title: `Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices`,
Team: "us",
},
"https://www.us-cert.gov/ncas/alerts/TA18-074A": {
URL: "https://www.us-cert.gov/ncas/alerts/TA18-074A",
Title: `Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors`,
Team: "us",
},
}

534
alert/cve_jp.go Normal file
View File

@@ -0,0 +1,534 @@
package alert
// CveDictJa has CVE-ID key which included JPCERT alerts
var CveDictJa = map[string][]string{
"CVE-2006-0003": {"https://www.jpcert.or.jp/at/2007/at070016.html"},
"CVE-2006-0005": {"https://www.jpcert.or.jp/at/2007/at070016.html"},
"CVE-2006-1173": {"https://www.jpcert.or.jp/at/2006/at060008.html"},
"CVE-2006-3014": {"https://www.jpcert.or.jp/at/2006/at060009.html"},
"CVE-2006-3059": {"https://www.jpcert.or.jp/at/2006/at060009.html"},
"CVE-2006-3086": {"https://www.jpcert.or.jp/at/2006/at060009.html"},
"CVE-2006-3643": {"https://www.jpcert.or.jp/at/2007/at070016.html"},
"CVE-2006-3730": {"https://www.jpcert.or.jp/at/2007/at070016.html"},
"CVE-2006-3877": {"https://www.jpcert.or.jp/at/2007/at070005.html"},
"CVE-2006-5198": {"https://www.jpcert.or.jp/at/2007/at070016.html"},
"CVE-2006-5745": {"https://www.jpcert.or.jp/at/2007/at070016.html"},
"CVE-2007-0015": {"https://www.jpcert.or.jp/at/2007/at070016.html"},
"CVE-2007-0038": {"https://www.jpcert.or.jp/at/2007/at070016.html"},
"CVE-2008-4609": {"https://www.jpcert.or.jp/at/2009/at090019.html"},
"CVE-2010-0886": {"https://www.jpcert.or.jp/at/2010/at100010.html"},
"CVE-2010-0887": {"https://www.jpcert.or.jp/at/2010/at100010.html"},
"CVE-2011-1910": {"https://www.jpcert.or.jp/at/2011/at110014.html"},
"CVE-2011-2444": {"https://www.jpcert.or.jp/at/2011/at110026.html"},
"CVE-2011-2462": {"https://www.jpcert.or.jp/at/2011/at110034.html"},
"CVE-2011-2465": {"https://www.jpcert.or.jp/at/2011/at110019.html"},
"CVE-2011-3192": {"https://www.jpcert.or.jp/at/2011/at110023.html"},
"CVE-2011-3348": {"https://www.jpcert.or.jp/at/2011/at110023.html"},
"CVE-2011-3544": {"https://www.jpcert.or.jp/at/2011/at110032.html"},
"CVE-2011-4313": {"https://www.jpcert.or.jp/at/2011/at110031.html"},
"CVE-2012-0002": {"https://www.jpcert.or.jp/at/2012/at120009.html"},
"CVE-2012-0507": {"https://www.jpcert.or.jp/at/2012/at120010.html"},
"CVE-2012-0767": {"https://www.jpcert.or.jp/at/2012/at120006.html"},
"CVE-2012-0779": {"https://www.jpcert.or.jp/at/2012/at120014.html"},
"CVE-2012-0830": {"https://www.jpcert.or.jp/at/2012/at120004.html"},
"CVE-2012-2311": {"https://www.jpcert.or.jp/at/2012/at120016.html"},
"CVE-2012-4244": {"https://www.jpcert.or.jp/at/2012/at120029.html"},
"CVE-2012-4681": {"https://www.jpcert.or.jp/at/2012/at120028.html"},
"CVE-2012-4969": {"https://www.jpcert.or.jp/at/2012/at120030.html"},
"CVE-2012-5166": {"https://www.jpcert.or.jp/at/2012/at120033.html"},
"CVE-2013-0422": {"https://www.jpcert.or.jp/at/2013/at130004.html"},
"CVE-2013-1493": {"https://www.jpcert.or.jp/at/2013/at130014.html"},
"CVE-2013-2266": {"https://www.jpcert.or.jp/at/2013/at130017.html"},
"CVE-2013-2494": {"https://www.jpcert.or.jp/at/2013/at130017.html"},
"CVE-2013-3893": {"https://www.jpcert.or.jp/at/2013/at130040.html", "https://www.jpcert.or.jp/at/2013/at130041.html"},
"CVE-2013-3906": {"https://www.jpcert.or.jp/at/2013/at130044.html"},
"CVE-2013-3918": {"https://www.jpcert.or.jp/at/2013/at130045.html"},
"CVE-2013-3919": {"https://www.jpcert.or.jp/at/2013/at130026.html"},
"CVE-2013-4854": {"https://www.jpcert.or.jp/at/2013/at130034.html"},
"CVE-2014-0050": {"https://www.jpcert.or.jp/at/2014/at140007.html"},
"CVE-2014-0160": {"https://www.jpcert.or.jp/at/2014/at140013.html"},
"CVE-2014-0322": {"https://www.jpcert.or.jp/at/2014/at140009.html"},
"CVE-2014-1776": {"https://www.jpcert.or.jp/at/2014/at140018.html", "https://www.jpcert.or.jp/at/2014/at140020.html"},
"CVE-2014-3383": {"https://www.jpcert.or.jp/at/2015/at150021.html"},
"CVE-2014-3859": {"https://www.jpcert.or.jp/at/2014/at140027.html"},
"CVE-2014-4114": {"https://www.jpcert.or.jp/at/2014/at140039.html"},
"CVE-2014-6271": {"https://www.jpcert.or.jp/at/2014/at140037.html", "https://www.jpcert.or.jp/at/2014/at140038.html"},
"CVE-2014-6277": {"https://www.jpcert.or.jp/at/2014/at140037.html"},
"CVE-2014-6278": {"https://www.jpcert.or.jp/at/2014/at140037.html"},
"CVE-2014-6324": {"https://www.jpcert.or.jp/at/2014/at140048.html"},
"CVE-2014-6332": {"https://www.jpcert.or.jp/at/2015/at150015.html"},
"CVE-2014-6352": {"https://www.jpcert.or.jp/at/2014/at140043.html"},
"CVE-2014-7169": {"https://www.jpcert.or.jp/at/2014/at140037.html"},
"CVE-2014-7186": {"https://www.jpcert.or.jp/at/2014/at140037.html"},
"CVE-2014-7187": {"https://www.jpcert.or.jp/at/2014/at140037.html"},
"CVE-2014-8361": {"https://www.jpcert.or.jp/at/2017/at170049.html"},
"CVE-2014-8500": {"https://www.jpcert.or.jp/at/2014/at140050.html"},
"CVE-2014-9163": {"https://www.jpcert.or.jp/at/2014/at140052.html"},
"CVE-2015-0313": {"https://www.jpcert.or.jp/at/2015/at150015.html"},
"CVE-2015-1769": {"https://www.jpcert.or.jp/at/2015/at150028.html"},
"CVE-2015-5119": {"https://www.jpcert.or.jp/at/2015/at150019.html"},
"CVE-2015-5122": {"https://www.jpcert.or.jp/at/2015/at150020.html"},
"CVE-2015-5123": {"https://www.jpcert.or.jp/at/2015/at150020.html"},
"CVE-2015-5477": {"https://www.jpcert.or.jp/at/2015/at150027.html"},
"CVE-2015-5986": {"https://www.jpcert.or.jp/at/2015/at150031.html"},
"CVE-2015-6835": {"https://www.jpcert.or.jp/at/2016/at160036.html"},
"CVE-2015-7547": {"https://www.jpcert.or.jp/at/2016/at160009.html"},
"CVE-2015-7645": {"https://www.jpcert.or.jp/at/2015/at150036.html", "https://www.jpcert.or.jp/at/2015/at150037.html"},
"CVE-2015-8000": {"https://www.jpcert.or.jp/at/2015/at150043.html"},
"CVE-2015-8461": {"https://www.jpcert.or.jp/at/2015/at150043.html"},
"CVE-2015-8562": {"https://www.jpcert.or.jp/at/2016/at160036.html"},
"CVE-2015-8651": {"https://www.jpcert.or.jp/at/2016/at160001.html"},
"CVE-2015-8704": {"https://www.jpcert.or.jp/at/2016/at160006.html"},
"CVE-2015-8705": {"https://www.jpcert.or.jp/at/2016/at160006.html"},
"CVE-2016-0189": {"https://www.jpcert.or.jp/at/2016/at160022.html"},
"CVE-2016-0636": {"https://www.jpcert.or.jp/at/2016/at160015.html"},
"CVE-2016-0800": {"https://www.jpcert.or.jp/at/2016/at160010.html"},
"CVE-2016-1000109": {"https://www.jpcert.or.jp/at/2016/at160031.html"},
"CVE-2016-1000110": {"https://www.jpcert.or.jp/at/2016/at160031.html"},
"CVE-2016-1010": {"https://www.jpcert.or.jp/at/2016/at160014.html"},
"CVE-2016-1019": {"https://www.jpcert.or.jp/at/2016/at160016.html"},
"CVE-2016-1204": {"https://www.jpcert.or.jp/at/2016/at160019.html"},
"CVE-2016-1286": {"https://www.jpcert.or.jp/at/2016/at160013.html", "https://www.jpcert.or.jp/at/2016/at160037.html"},
"CVE-2016-2776": {"https://www.jpcert.or.jp/at/2016/at160037.html"},
"CVE-2016-3081": {"https://www.jpcert.or.jp/at/2016/at160020.html"},
"CVE-2016-3227": {"https://www.jpcert.or.jp/at/2016/at160025.html"},
"CVE-2016-3714": {"https://www.jpcert.or.jp/at/2016/at160021.html"},
"CVE-2016-3715": {"https://www.jpcert.or.jp/at/2016/at160021.html"},
"CVE-2016-3716": {"https://www.jpcert.or.jp/at/2016/at160021.html"},
"CVE-2016-3717": {"https://www.jpcert.or.jp/at/2016/at160021.html"},
"CVE-2016-3718": {"https://www.jpcert.or.jp/at/2016/at160021.html"},
"CVE-2016-4117": {"https://www.jpcert.or.jp/at/2016/at160024.html"},
"CVE-2016-4171": {"https://www.jpcert.or.jp/at/2016/at160026.html"},
"CVE-2016-4438": {"https://www.jpcert.or.jp/at/2016/at160027.html"},
"CVE-2016-5385": {"https://www.jpcert.or.jp/at/2016/at160031.html"},
"CVE-2016-5386": {"https://www.jpcert.or.jp/at/2016/at160031.html"},
"CVE-2016-5387": {"https://www.jpcert.or.jp/at/2016/at160031.html"},
"CVE-2016-5388": {"https://www.jpcert.or.jp/at/2016/at160031.html"},
"CVE-2016-6307": {"https://www.jpcert.or.jp/at/2016/at160038.html"},
"CVE-2016-6309": {"https://www.jpcert.or.jp/at/2016/at160038.html"},
"CVE-2016-7189": {"https://www.jpcert.or.jp/at/2016/at160039.html"},
"CVE-2016-7836": {"https://www.jpcert.or.jp/at/2016/at160051.html", "https://www.jpcert.or.jp/at/2017/at170023.html"},
"CVE-2016-7855": {"https://www.jpcert.or.jp/at/2016/at160039.html", "https://www.jpcert.or.jp/at/2016/at160043.html"},
"CVE-2016-7892": {"https://www.jpcert.or.jp/at/2016/at160048.html", "https://www.jpcert.or.jp/at/2016/at160049.html"},
"CVE-2016-8864": {"https://www.jpcert.or.jp/at/2016/at160044.html"},
"CVE-2016-9131": {"https://www.jpcert.or.jp/at/2017/at170004.html"},
"CVE-2016-9147": {"https://www.jpcert.or.jp/at/2017/at170004.html"},
"CVE-2016-9444": {"https://www.jpcert.or.jp/at/2017/at170004.html"},
"CVE-2016-9778": {"https://www.jpcert.or.jp/at/2017/at170004.html"},
"CVE-2017-0093": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0106": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0145": {"https://www.jpcert.or.jp/at/2017/at170020.html"},
"CVE-2017-0158": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0160": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0161": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-0162": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0163": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0180": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0181": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0199": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0200": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0201": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0202": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0205": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0210": {"https://www.jpcert.or.jp/at/2017/at170015.html"},
"CVE-2017-0221": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0222": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0224": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0227": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0228": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0229": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0235": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0236": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0240": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0250": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-0261": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0263": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0266": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0272": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0277": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0278": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0279": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0283": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-0290": {"https://www.jpcert.or.jp/at/2017/at170019.html"},
"CVE-2017-0291": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-0292": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-0293": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-0294": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-0781": {"https://www.jpcert.or.jp/at/2017/at170037.html"},
"CVE-2017-0782": {"https://www.jpcert.or.jp/at/2017/at170037.html"},
"CVE-2017-0783": {"https://www.jpcert.or.jp/at/2017/at170037.html"},
"CVE-2017-0785": {"https://www.jpcert.or.jp/at/2017/at170037.html"},
"CVE-2017-1000250": {"https://www.jpcert.or.jp/at/2017/at170037.html"},
"CVE-2017-1000251": {"https://www.jpcert.or.jp/at/2017/at170037.html"},
"CVE-2017-10271": {"https://www.jpcert.or.jp/at/2018/at180004.html"},
"CVE-2017-10845": {"https://www.jpcert.or.jp/at/2017/at170034.html"},
"CVE-2017-10846": {"https://www.jpcert.or.jp/at/2017/at170034.html"},
"CVE-2017-11223": {"https://www.jpcert.or.jp/at/2017/at170031.html"},
"CVE-2017-11292": {"https://www.jpcert.or.jp/at/2017/at170040.html"},
"CVE-2017-11762": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11763": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11764": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-11766": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-11771": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11779": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11792": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11793": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11796": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11798": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11799": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11800": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11802": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11804": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11805": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11806": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11807": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11808": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11809": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11810": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11811": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11812": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11813": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11819": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11821": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11822": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11826": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-11836": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11837": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11838": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11839": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11840": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11841": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11843": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11845": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11846": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11855": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11856": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11858": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11861": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11862": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11866": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11869": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11870": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11871": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11873": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11882": {"https://www.jpcert.or.jp/at/2017/at170044.html"},
"CVE-2017-11886": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11888": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11889": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11890": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11893": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11894": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11895": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11901": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11903": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11905": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11907": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11908": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11909": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11910": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11911": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11912": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11914": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11918": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11930": {"https://www.jpcert.or.jp/at/2017/at170048.html"},
"CVE-2017-11937": {"https://www.jpcert.or.jp/at/2017/at170046.html"},
"CVE-2017-12615": {"https://www.jpcert.or.jp/at/2017/at170038.html"},
"CVE-2017-12616": {"https://www.jpcert.or.jp/at/2017/at170038.html"},
"CVE-2017-12617": {"https://www.jpcert.or.jp/at/2017/at170038.html"},
"CVE-2017-13872": {"https://www.jpcert.or.jp/at/2017/at170045.html"},
"CVE-2017-14315": {"https://www.jpcert.or.jp/at/2017/at170037.html"},
"CVE-2017-3135": {"https://www.jpcert.or.jp/at/2017/at170007.html"},
"CVE-2017-3136": {"https://www.jpcert.or.jp/at/2017/at170016.html"},
"CVE-2017-3137": {"https://www.jpcert.or.jp/at/2017/at170016.html"},
"CVE-2017-3138": {"https://www.jpcert.or.jp/at/2017/at170016.html"},
"CVE-2017-3142": {"https://www.jpcert.or.jp/at/2017/at170024.html"},
"CVE-2017-3143": {"https://www.jpcert.or.jp/at/2017/at170024.html"},
"CVE-2017-3145": {"https://www.jpcert.or.jp/at/2018/at180005.html"},
"CVE-2017-5638": {"https://www.jpcert.or.jp/at/2017/at170009.html"},
"CVE-2017-6753": {"https://www.jpcert.or.jp/at/2017/at170028.html"},
"CVE-2017-8463": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8464": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8496": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8497": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8499": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8517": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8520": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8522": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8524": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8527": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8528": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8543": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8548": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8549": {"https://www.jpcert.or.jp/at/2017/at170022.html"},
"CVE-2017-8584": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8589": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8591": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8594": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8595": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8596": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8598": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8601": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8603": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8604": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8605": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8606": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8607": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8608": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8609": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8610": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8617": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8618": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8619": {"https://www.jpcert.or.jp/at/2017/at170027.html"},
"CVE-2017-8620": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8622": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8628": {"https://www.jpcert.or.jp/at/2017/at170037.html"},
"CVE-2017-8634": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8635": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8636": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8638": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8639": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8640": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8641": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8645": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8646": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8647": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8649": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8653": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8655": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8656": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8657": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8660": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8661": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8669": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8670": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8671": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8672": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8674": {"https://www.jpcert.or.jp/at/2017/at170032.html"},
"CVE-2017-8676": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8682": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8686": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8696": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8727": {"https://www.jpcert.or.jp/at/2017/at170039.html"},
"CVE-2017-8728": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8729": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8731": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8734": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8737": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8738": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8740": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8741": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8747": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8748": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8749": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8750": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8751": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8752": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8753": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8755": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8756": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8757": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-8759": {"https://www.jpcert.or.jp/at/2017/at170036.html"},
"CVE-2017-9791": {"https://www.jpcert.or.jp/at/2017/at170025.html"},
"CVE-2017-9805": {"https://www.jpcert.or.jp/at/2017/at170033.html"},
"CVE-2018-0171": {"https://www.jpcert.or.jp/at/2018/at180013.html"},
"CVE-2018-0758": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0762": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0763": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0767": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0769": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0770": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0772": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0773": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0774": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0775": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0776": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0777": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0778": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0780": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0781": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0797": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0800": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0802": {"https://www.jpcert.or.jp/at/2018/at180002.html"},
"CVE-2018-0825": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0834": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0835": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0837": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0838": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0840": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0852": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0856": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0857": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0859": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0860": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0861": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-0870": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0872": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0874": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0876": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0889": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0893": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0930": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0931": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0932": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0933": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0934": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0936": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0937": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0939": {"https://www.jpcert.or.jp/at/2018/at180011.html"},
"CVE-2018-0943": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0945": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0946": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0950": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0951": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0953": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0954": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0955": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0959": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0961": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-0965": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-0979": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0980": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0981": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0988": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0990": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0991": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0993": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0994": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0995": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-0996": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1000": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1004": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1010": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1012": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1013": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1015": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1016": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1018": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1019": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1020": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-1022": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-1023": {"https://www.jpcert.or.jp/at/2018/at180016.html"},
"CVE-2018-11776": {"https://www.jpcert.or.jp/at/2018/at180036.html"},
"CVE-2018-1270": {"https://www.jpcert.or.jp/at/2018/at180014.html"},
"CVE-2018-1271": {"https://www.jpcert.or.jp/at/2018/at180014.html"},
"CVE-2018-1272": {"https://www.jpcert.or.jp/at/2018/at180014.html"},
"CVE-2018-1273": {"https://www.jpcert.or.jp/at/2018/at180017.html"},
"CVE-2018-1274": {"https://www.jpcert.or.jp/at/2018/at180017.html"},
"CVE-2018-1275": {"https://www.jpcert.or.jp/at/2018/at180014.html"},
"CVE-2018-12794": {"https://www.jpcert.or.jp/at/2018/at180039.html"},
"CVE-2018-1336": {"https://www.jpcert.or.jp/at/2018/at180030.html"},
"CVE-2018-15442": {"https://www.jpcert.or.jp/at/2018/at180043.html"},
"CVE-2018-15979": {"https://www.jpcert.or.jp/at/2018/at180045.html"},
"CVE-2018-2628": {"https://www.jpcert.or.jp/at/2018/at180029.html"},
"CVE-2018-2893": {"https://www.jpcert.or.jp/at/2018/at180029.html"},
"CVE-2018-2894": {"https://www.jpcert.or.jp/at/2018/at180029.html"},
"CVE-2018-2933": {"https://www.jpcert.or.jp/at/2018/at180029.html"},
"CVE-2018-2983": {"https://www.jpcert.or.jp/at/2018/at180029.html"},
"CVE-2018-2998": {"https://www.jpcert.or.jp/at/2018/at180029.html"},
"CVE-2018-4877": {"https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-4878": {"https://www.jpcert.or.jp/at/2018/at180006.html", "https://www.jpcert.or.jp/at/2018/at180008.html"},
"CVE-2018-4945": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-5000": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-5001": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-5002": {"https://www.jpcert.or.jp/at/2018/at180024.html", "https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-5740": {"https://www.jpcert.or.jp/at/2018/at180031.html"},
"CVE-2018-7600": {"https://www.jpcert.or.jp/at/2018/at180012.html"},
"CVE-2018-7602": {"https://www.jpcert.or.jp/at/2018/at180019.html"},
"CVE-2018-8034": {"https://www.jpcert.or.jp/at/2018/at180030.html"},
"CVE-2018-8037": {"https://www.jpcert.or.jp/at/2018/at180030.html"},
"CVE-2018-8110": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8111": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8114": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8120": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8122": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8128": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8130": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8133": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8137": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8139": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8154": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8174": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8178": {"https://www.jpcert.or.jp/at/2018/at180021.html"},
"CVE-2018-8213": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8225": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8229": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8231": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8236": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8242": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8249": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8251": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8262": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8266": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8267": {"https://www.jpcert.or.jp/at/2018/at180025.html"},
"CVE-2018-8273": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8274": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8275": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8279": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8280": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8286": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8288": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8290": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8291": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8294": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8296": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8301": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8302": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8324": {"https://www.jpcert.or.jp/at/2018/at180028.html"},
"CVE-2018-8332": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8344": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8345": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8350": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8355": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8367": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8371": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8372": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8373": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8377": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8380": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8381": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8385": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8387": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8390": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8397": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8403": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8414": {"https://www.jpcert.or.jp/at/2018/at180034.html"},
"CVE-2018-8420": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8421": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8439": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8440": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8447": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8453": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8456": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8457": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8459": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8460": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8461": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8464": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8465": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8466": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8467": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8473": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8475": {"https://www.jpcert.or.jp/at/2018/at180038.html"},
"CVE-2018-8476": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8489": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8490": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8491": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8494": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8505": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8509": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8510": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8511": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8513": {"https://www.jpcert.or.jp/at/2018/at180041.html"},
"CVE-2018-8541": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8542": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8543": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8544": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8551": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8553": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8555": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8556": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8557": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8588": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8589": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
"CVE-2018-8609": {"https://www.jpcert.or.jp/at/2018/at180046.html"},
}

96
alert/cve_us.go Normal file
View File

@@ -0,0 +1,96 @@
package alert
// CveDictEn has CVE-ID key which included USCERT alerts
var CveDictEn = map[string][]string{
"CVE-1999-0532": {"https://www.us-cert.gov/ncas/alerts/TA15-103A"},
"CVE-2006-3227": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2008-0015": {"https://www.us-cert.gov/ncas/alerts/TA09-195A", "https://www.us-cert.gov/ncas/alerts/TA09-209A"},
"CVE-2008-2244": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2009-0658": {"https://www.us-cert.gov/ncas/alerts/TA09-051A"},
"CVE-2009-0927": {"https://www.us-cert.gov/ncas/alerts/TA13-141A"},
"CVE-2009-1492": {"https://www.us-cert.gov/ncas/alerts/TA09-133B"},
"CVE-2009-1493": {"https://www.us-cert.gov/ncas/alerts/TA09-133B"},
"CVE-2009-1537": {"https://www.us-cert.gov/ncas/alerts/TA09-195A"},
"CVE-2009-3103": {"https://www.us-cert.gov/ncas/alerts/TA17-181A"},
"CVE-2009-3129": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2009-3674": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2009-3953": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2010-0018": {"https://www.us-cert.gov/ncas/alerts/TA10-012B"},
"CVE-2010-0188": {"https://www.us-cert.gov/ncas/alerts/TA13-141A", "https://www.us-cert.gov/ncas/alerts/TA14-300A", "https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2010-0806": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2010-1297": {"https://www.us-cert.gov/ncas/alerts/TA10-162A", "https://www.us-cert.gov/ncas/alerts/TA10-159A"},
"CVE-2010-2883": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2010-3333": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2011-0101": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2011-0611": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2011-2462": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2012-0158": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2012-1723": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2012-1856": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2012-1889": {"https://www.us-cert.gov/ncas/alerts/TA12-174A"},
"CVE-2012-3174": {"https://www.us-cert.gov/ncas/alerts/TA13-010A"},
"CVE-2012-4681": {"https://www.us-cert.gov/ncas/alerts/TA12-240A"},
"CVE-2012-4792": {"https://www.us-cert.gov/ncas/alerts/TA13-015A", "https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2013-0074": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2013-0140": {"https://www.us-cert.gov/ncas/alerts/TA13-193A"},
"CVE-2013-0141": {"https://www.us-cert.gov/ncas/alerts/TA13-193A"},
"CVE-2013-0422": {"https://www.us-cert.gov/ncas/alerts/TA13-141A", "https://www.us-cert.gov/ncas/alerts/TA13-010A"},
"CVE-2013-0625": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2013-0632": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2013-0809": {"https://www.us-cert.gov/ncas/alerts/TA13-064A"},
"CVE-2013-1347": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2013-1493": {"https://www.us-cert.gov/ncas/alerts/TA13-064A"},
"CVE-2013-1571": {"https://www.us-cert.gov/ncas/alerts/TA13-169A"},
"CVE-2013-2465": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2013-2729": {"https://www.us-cert.gov/ncas/alerts/TA14-300A", "https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2013-3336": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2013-5211": {"https://www.us-cert.gov/ncas/alerts/TA14-017A", "https://www.us-cert.gov/ncas/alerts/TA14-013A"},
"CVE-2013-5326": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2014-0160": {"https://www.us-cert.gov/ncas/alerts/TA14-098A", "https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2014-0322": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2014-0564": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2014-1761": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2014-1776": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2014-3393": {"https://www.us-cert.gov/ncas/alerts/TA16-250A"},
"CVE-2014-3566": {"https://www.us-cert.gov/ncas/alerts/TA14-290A", "https://www.us-cert.gov/ncas/alerts/TA15-120A"},
"CVE-2014-4114": {"https://www.us-cert.gov/ncas/alerts/TA15-119A"},
"CVE-2014-6271": {"https://www.us-cert.gov/ncas/alerts/TA14-268A"},
"CVE-2014-6277": {"https://www.us-cert.gov/ncas/alerts/TA14-268A"},
"CVE-2014-6278": {"https://www.us-cert.gov/ncas/alerts/TA14-268A"},
"CVE-2014-6321": {"https://www.us-cert.gov/ncas/alerts/TA14-318A"},
"CVE-2014-6332": {"https://www.us-cert.gov/ncas/alerts/TA14-318B"},
"CVE-2014-7169": {"https://www.us-cert.gov/ncas/alerts/TA14-268A"},
"CVE-2014-7186": {"https://www.us-cert.gov/ncas/alerts/TA14-268A"},
"CVE-2014-7187": {"https://www.us-cert.gov/ncas/alerts/TA14-268A"},
"CVE-2014-8730": {"https://www.us-cert.gov/ncas/alerts/TA14-290A"},
"CVE-2015-2387": {"https://www.us-cert.gov/ncas/alerts/TA15-195A"},
"CVE-2015-5119": {"https://www.us-cert.gov/ncas/alerts/TA15-195A", "https://www.us-cert.gov/ncas/alerts/TA15-213A"},
"CVE-2015-5122": {"https://www.us-cert.gov/ncas/alerts/TA15-195A"},
"CVE-2015-5123": {"https://www.us-cert.gov/ncas/alerts/TA15-195A"},
"CVE-2015-6585": {"https://www.us-cert.gov/ncas/alerts/TA17-164A"},
"CVE-2015-8651": {"https://www.us-cert.gov/ncas/alerts/TA17-164A"},
"CVE-2016-0034": {"https://www.us-cert.gov/ncas/alerts/TA17-164A"},
"CVE-2016-1019": {"https://www.us-cert.gov/ncas/alerts/TA17-164A"},
"CVE-2016-2207": {"https://www.us-cert.gov/ncas/alerts/TA16-187A"},
"CVE-2016-2208": {"https://www.us-cert.gov/ncas/alerts/TA16-187A"},
"CVE-2016-2209": {"https://www.us-cert.gov/ncas/alerts/TA16-187A"},
"CVE-2016-2210": {"https://www.us-cert.gov/ncas/alerts/TA16-187A"},
"CVE-2016-2211": {"https://www.us-cert.gov/ncas/alerts/TA16-187A"},
"CVE-2016-3644": {"https://www.us-cert.gov/ncas/alerts/TA16-187A"},
"CVE-2016-3645": {"https://www.us-cert.gov/ncas/alerts/TA16-187A"},
"CVE-2016-4117": {"https://www.us-cert.gov/ncas/alerts/TA17-164A"},
"CVE-2016-6366": {"https://www.us-cert.gov/ncas/alerts/TA16-250A"},
"CVE-2016-6367": {"https://www.us-cert.gov/ncas/alerts/TA16-250A"},
"CVE-2016-6415": {"https://www.us-cert.gov/ncas/alerts/TA16-250A"},
"CVE-2016-6909": {"https://www.us-cert.gov/ncas/alerts/TA16-250A"},
"CVE-2016-7089": {"https://www.us-cert.gov/ncas/alerts/TA16-250A"},
"CVE-2017-0144": {"https://www.us-cert.gov/ncas/alerts/TA17-181A"},
"CVE-2017-0145": {"https://www.us-cert.gov/ncas/alerts/TA17-181A"},
"CVE-2017-3066": {"https://www.us-cert.gov/ncas/alerts/AA18-284A"},
"CVE-2017-5715": {"https://www.us-cert.gov/ncas/alerts/TA18-141A", "https://www.us-cert.gov/ncas/alerts/TA18-004A"},
"CVE-2017-5753": {"https://www.us-cert.gov/ncas/alerts/TA18-141A", "https://www.us-cert.gov/ncas/alerts/TA18-004A"},
"CVE-2017-5754": {"https://www.us-cert.gov/ncas/alerts/TA18-141A", "https://www.us-cert.gov/ncas/alerts/TA18-004A"},
"CVE-2018-1038": {"https://www.us-cert.gov/ncas/alerts/TA18-004A"},
"CVE-2018-3639": {"https://www.us-cert.gov/ncas/alerts/TA18-141A"},
"CVE-2018-3640": {"https://www.us-cert.gov/ncas/alerts/TA18-141A"},
}

21
alert/util.go Normal file
View File

@@ -0,0 +1,21 @@
package alert
// GenerateAlertDict returns XCERT alert slice by cveID
func GenerateAlertDict(cveID string, lang string) (alerts []Alert) {
if lang == "ja" {
if keys, ok := CveDictJa[cveID]; ok {
for _, key := range keys {
alerts = append(alerts, AlertDictJa[key])
}
}
return alerts
}
// default language is English
if keys, ok := CveDictEn[cveID]; ok {
for _, key := range keys {
alerts = append(alerts, AlertDictEn[key])
}
}
return alerts
}

14
commands/discover.go
View File

@@ -91,24 +91,27 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
func printConfigToml(ips []string) (err error) {
const tomlTemplate = `
# TODO Doc Link
# https://vuls.io/docs/en/usage-settings.html
[cveDict]
type = "sqlite3"
sqlite3Path = "/path/to/cve.sqlite3"
#url = ""
# TODO Doc Link
[ovalDict]
type = "sqlite3"
sqlite3Path = "/path/to/oval.sqlite3"
#url = ""
# TODO Doc Link
[gost]
type = "sqlite3"
sqlite3Path = "/path/to/gost.sqlite3"
#url = ""
[exploit]
type = "sqlite3"
sqlite3Path = "/path/to/go-exploitdb.sqlite3"
#url = ""
# https://vuls.io/docs/en/usage-settings.html#slack-section
#[slack]
#hookURL = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
@@ -173,6 +176,11 @@ sqlite3Path = "/path/to/gost.sqlite3"
#room = "xxxxxxxxxxx"
#apiToken = "xxxxxxxxxxxxxxxxxx"
# https://vuls.io/docs/en/usage-settings.html#telegram-section
#[telegram]
#chatID = "xxxxxxxxxxx"
#token = "xxxxxxxxxxxxxxxxxx"
# https://vuls.io/docs/en/usage-settings.html#default-section
[default]
#port = "22"

88
commands/report.go
View File

@@ -24,6 +24,7 @@ import (
"path/filepath"
c "github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/exploit"
"github.com/future-architect/vuls/gost"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/oval"
@@ -36,11 +37,12 @@ import (
// ReportCmd is subcommand for reporting
type ReportCmd struct {
configPath string
cvelDict c.GoCveDictConf
ovalDict c.GovalDictConf
gostConf c.GostConf
httpConf c.HTTPConf
configPath string
cveDict c.GoCveDictConf
ovalDict c.GovalDictConf
gostConf c.GostConf
exploitConf c.ExploitConf
httpConf c.HTTPConf
}
// Name return subcommand name
@@ -68,6 +70,7 @@ func (*ReportCmd) Usage() string {
[-to-stride]
[-to-hipchat]
[-to-chatwork]
[-to-telegram]
[-to-localfile]
[-to-s3]
[-to-azure-blob]
@@ -84,15 +87,18 @@ func (*ReportCmd) Usage() string {
[-debug]
[-debug-sql]
[-pipe]
[-cvedb-type=sqlite3|mysql|postgres|redis]
[-cvedb-path=/path/to/cve.sqlite3]
[-cvedb-type=sqlite3|mysql|postgres|redis|http]
[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
[-ovaldb-type=sqlite3|mysql|redis]
[-ovaldb-path=/path/to/oval.sqlite3]
[-ovaldb-type=sqlite3|mysql|redis|http]
[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
[-gostdb-type=sqlite3|mysql|redis]
[-gostdb-path=/path/to/gost.sqlite3]
[-gostdb-type=sqlite3|mysql|redis|http]
[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
[-exploitdb-type=sqlite3|mysql|redis|http]
[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
[-http="http://vuls-report-server"]
[RFC3339 datetime format under results dir]
@@ -149,6 +155,7 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
f.BoolVar(&c.Conf.ToStride, "to-stride", false, "Send report via Stride")
f.BoolVar(&c.Conf.ToHipChat, "to-hipchat", false, "Send report via hipchat")
f.BoolVar(&c.Conf.ToChatWork, "to-chatwork", false, "Send report via chatwork")
f.BoolVar(&c.Conf.ToTelegram, "to-telegram", false, "Send report via Telegram")
f.BoolVar(&c.Conf.ToEmail, "to-email", false, "Send report via Email")
f.BoolVar(&c.Conf.ToSyslog, "to-syslog", false, "Send report via Syslog")
f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
@@ -165,24 +172,30 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
"Auto generate of scan target servers and then write to config.toml and scan result")
f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE")
f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
f.StringVar(&p.cveDict.Type, "cvedb-type", "",
"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.cveDict.URL, "cvedb-url", "",
"http://go-cve-dictionary.com:1323 or DB connection string")
f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
"http://goval-dictionary.com:1324 or DB connection string")
f.StringVar(&p.gostConf.Type, "gostdb-type", "",
"DB type of gost (sqlite3, mysql, postgres or redis)")
"DB type of gost (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.gostConf.URL, "gostdb-url", "",
"http://gost.com:1325 or DB connection string")
f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
"http://exploit.com:1326 or DB connection string")
f.StringVar(&p.httpConf.URL, "http", "", "-to-http http://vuls-report")
}
@@ -197,9 +210,10 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
return subcommands.ExitUsageError
}
c.Conf.CveDict.Overwrite(p.cvelDict)
c.Conf.CveDict.Overwrite(p.cveDict)
c.Conf.OvalDict.Overwrite(p.ovalDict)
c.Conf.Gost.Overwrite(p.gostConf)
c.Conf.Exploit.Overwrite(p.exploitConf)
c.Conf.HTTP.Overwrite(p.httpConf)
var dir string
@@ -235,6 +249,10 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
reports = append(reports, report.ChatWorkWriter{})
}
if c.Conf.ToTelegram {
reports = append(reports, report.TelegramWriter{})
}
if c.Conf.ToEmail {
reports = append(reports, report.EMailWriter{})
}
@@ -338,31 +356,21 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
return subcommands.ExitUsageError
}
if err := report.CveClient.CheckHealth(); err != nil {
util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-path option instead of -cvedb-url")
return subcommands.ExitFailure
}
if c.Conf.CveDict.URL != "" {
util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
} else {
if c.Conf.CveDict.Type == "sqlite3" {
util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
if err := report.CveClient.CheckHealth(); err != nil {
util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
return subcommands.ExitFailure
}
}
if c.Conf.OvalDict.URL != "" {
util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
err := oval.Base{}.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-path option instead of -ovaldb-url")
util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
return subcommands.ExitFailure
}
} else {
if c.Conf.OvalDict.Type == "sqlite3" {
util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
}
}
if c.Conf.Gost.URL != "" {
@@ -370,18 +378,24 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
err := gost.Base{}.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("gost HTTP server is not running. err: %s", err)
util.Log.Errorf("Run gost as server mode before reporting or run with -gostdb-path option instead of -gostdb-url")
util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
return subcommands.ExitFailure
}
} else {
if c.Conf.Gost.Type == "sqlite3" {
util.Log.Infof("gost: %s", c.Conf.Gost.SQLite3Path)
}
if c.Conf.Exploit.URL != "" {
err := exploit.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
util.Log.Errorf("Run go-exploitdb as server mode before reporting")
return subcommands.ExitFailure
}
}
dbclient, locked, err := report.NewDBClient(report.DBClientConf{
CveDictCnf: c.Conf.CveDict,
OvalDictCnf: c.Conf.OvalDict,
GostCnf: c.Conf.Gost,
ExploitCnf: c.Conf.Exploit,
DebugSQL: c.Conf.DebugSQL,
})
if locked {

112
commands/server.go
View File

@@ -28,6 +28,8 @@ import (
// "github.com/future-architect/vuls/Server"
c "github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/exploit"
"github.com/future-architect/vuls/gost"
"github.com/future-architect/vuls/oval"
"github.com/future-architect/vuls/report"
"github.com/future-architect/vuls/server"
@@ -38,11 +40,12 @@ import (
// ServerCmd is subcommand for server
type ServerCmd struct {
configPath string
listen string
cvelDict c.GoCveDictConf
ovalDict c.GovalDictConf
gostConf c.GostConf
configPath string
listen string
cveDict c.GoCveDictConf
ovalDict c.GovalDictConf
gostConf c.GostConf
exploitConf c.ExploitConf
}
// Name return subcommand name
@@ -59,36 +62,26 @@ func (*ServerCmd) Usage() string {
[-config=/path/to/config.toml]
[-log-dir=/path/to/log]
[-cvss-over=7]
[-diff]
[-ignore-unscored-cves]
[-ignore-unfixed]
[-to-email]
[-to-slack]
[-to-stride]
[-to-hipchat]
[-to-chatwork]
[-to-localfile]
[-to-s3]
[-to-azure-blob]
[-format-json]
[-format-xml]
[-format-one-email]
[-format-one-line-text]
[-format-list]
[-format-full-text]
[-http-proxy=http://192.168.0.1:8080]
[-debug]
[-debug-sql]
[-listen=localhost:5515]
[-cvedb-type=sqlite3|mysql|postgres|redis]
[-cvedb-path=/path/to/cve.sqlite3]
[-cvedb-type=sqlite3|mysql|postgres|redis|http]
[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
[-ovaldb-type=sqlite3|mysql|redis]
[-ovaldb-path=/path/to/oval.sqlite3]
[-ovaldb-type=sqlite3|mysql|redis|http]
[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
[-gostdb-type=sqlite3|mysql|redis]
[-gostdb-path=/path/to/gost.sqlite3]
[-gostdb-type=sqlite3|mysql|redis|http]
[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
[-exploitdb-type=sqlite3|mysql|redis|http]
[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
[RFC3339 datetime format under results dir]
`
@@ -128,23 +121,29 @@ func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
f.StringVar(&p.listen, "listen", "localhost:5515",
"host:port (default: localhost:5515)")
f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
f.StringVar(&p.cveDict.Type, "cvedb-type", "",
"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.cveDict.URL, "cvedb-url", "",
"http://go-cve-dictionary.com:1323 or DB connection string")
f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3")
"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
"http://goval-dictionary.com:1324 or DB connection string")
f.StringVar(&p.gostConf.Type, "gostdb-type", "",
"DB type of gost (sqlite3, mysql, postgres or redis)")
f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
"DB type of gost (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.gostConf.URL, "gostdb-url", "",
"http://gost.com:1325 or DB connection string")
f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
"http://exploit.com:1326 or DB connection string")
}
// Execute execute
@@ -152,39 +151,59 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
util.Log = util.NewCustomLogger(c.ServerInfo{})
cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
c.Conf.CveDict.Overwrite(p.cvelDict)
if err := c.Load(p.configPath, ""); err != nil {
util.Log.Errorf("Error loading %s, %s", p.configPath, err)
return subcommands.ExitUsageError
}
c.Conf.CveDict.Overwrite(p.cveDict)
c.Conf.OvalDict.Overwrite(p.ovalDict)
c.Conf.Gost.Overwrite(p.gostConf)
c.Conf.Exploit.Overwrite(p.exploitConf)
util.Log.Info("Validating config...")
if !c.Conf.ValidateOnReport() {
return subcommands.ExitUsageError
}
if err := report.CveClient.CheckHealth(); err != nil {
util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
util.Log.Errorf("Run go-cve-dictionary as server mode before Servering or run with -cvedb-path option")
return subcommands.ExitFailure
util.Log.Info("Validating db config...")
if !c.Conf.ValidateOnReportDB() {
return subcommands.ExitUsageError
}
if c.Conf.CveDict.URL != "" {
util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
} else {
if c.Conf.CveDict.Type == "sqlite3" {
util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
if err := report.CveClient.CheckHealth(); err != nil {
util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
return subcommands.ExitFailure
}
}
if c.Conf.OvalDict.URL != "" {
util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
err := oval.Base{}.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
util.Log.Errorf("Run goval-dictionary as server mode before Servering or run with -ovaldb-path option")
util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
return subcommands.ExitFailure
}
} else {
if c.Conf.OvalDict.Type == "sqlite3" {
util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
}
if c.Conf.Gost.URL != "" {
util.Log.Infof("gost: %s", c.Conf.Gost.URL)
err := gost.Base{}.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("gost HTTP server is not running. err: %s", err)
util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
return subcommands.ExitFailure
}
}
if c.Conf.Exploit.URL != "" {
err := exploit.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
util.Log.Errorf("Run go-exploitdb as server mode before reporting")
return subcommands.ExitFailure
}
}
@@ -192,6 +211,7 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
CveDictCnf: c.Conf.CveDict,
OvalDictCnf: c.Conf.OvalDict,
GostCnf: c.Conf.Gost,
ExploitCnf: c.Conf.Exploit,
DebugSQL: c.Conf.DebugSQL,
})
if locked {

95
commands/tui.go
View File

@@ -24,7 +24,10 @@ import (
"path/filepath"
c "github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/exploit"
"github.com/future-architect/vuls/gost"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/oval"
"github.com/future-architect/vuls/report"
"github.com/future-architect/vuls/util"
"github.com/google/subcommands"
@@ -33,10 +36,11 @@ import (
// TuiCmd is Subcommand of host discovery mode
type TuiCmd struct {
configPath string
cvelDict c.GoCveDictConf
ovalDict c.GovalDictConf
gostConf c.GostConf
configPath string
cveDict c.GoCveDictConf
ovalDict c.GovalDictConf
gostConf c.GostConf
exploitConf c.ExploitConf
}
// Name return subcommand name
@@ -60,15 +64,18 @@ func (*TuiCmd) Usage() string {
[-debug]
[-debug-sql]
[-pipe]
[-cvedb-type=sqlite3|mysql|postgres|redis]
[-cvedb-path=/path/to/cve.sqlite3]
[-cvedb-type=sqlite3|mysql|postgres|redis|http]
[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
[-ovaldb-type=sqlite3|mysql|redis]
[-ovaldb-path=/path/to/oval.sqlite3]
[-ovaldb-type=sqlite3|mysql|redis|http]
[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
[-gostdb-type=sqlite3|mysql|redis]
[-gostdb-path=/path/to/gost.sqlite3]
[-gostdb-type=sqlite3|mysql|redis|http]
[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
[-exploitdb-type=sqlite3|mysql|redis|http]
[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
`
}
@@ -107,10 +114,10 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
f.StringVar(&p.cveDict.Type, "cvedb-type", "",
"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
f.StringVar(&p.cveDict.URL, "cvedb-url", "",
"http://go-cve-dictionary.com:1323 or DB connection string")
f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
@@ -124,6 +131,13 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
f.StringVar(&p.gostConf.URL, "gostdb-url", "",
"http://gost.com:1325 or DB connection string")
f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
"http://exploit.com:1326 or DB connection string")
}
// Execute execute
@@ -139,14 +153,10 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
return subcommands.ExitUsageError
}
c.Conf.CveDict.Overwrite(p.cvelDict)
c.Conf.CveDict.Overwrite(p.cveDict)
c.Conf.OvalDict.Overwrite(p.ovalDict)
c.Conf.Gost.Overwrite(p.gostConf)
util.Log.Info("Validating config...")
if !c.Conf.ValidateOnTui() {
return subcommands.ExitUsageError
}
c.Conf.Exploit.Overwrite(p.exploitConf)
var dir string
var err error
@@ -159,6 +169,12 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
util.Log.Errorf("Failed to read from JSON: %s", err)
return subcommands.ExitFailure
}
util.Log.Info("Validating config...")
if !c.Conf.ValidateOnTui() {
return subcommands.ExitUsageError
}
var res models.ScanResults
if res, err = report.LoadScanResults(dir); err != nil {
util.Log.Error(err)
@@ -166,10 +182,51 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
}
util.Log.Infof("Loaded: %s", dir)
util.Log.Info("Validating db config...")
if !c.Conf.ValidateOnReportDB() {
return subcommands.ExitUsageError
}
if c.Conf.CveDict.URL != "" {
if err := report.CveClient.CheckHealth(); err != nil {
util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
return subcommands.ExitFailure
}
}
if c.Conf.OvalDict.URL != "" {
err := oval.Base{}.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
return subcommands.ExitFailure
}
}
if c.Conf.Gost.URL != "" {
util.Log.Infof("gost: %s", c.Conf.Gost.URL)
err := gost.Base{}.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("gost HTTP server is not running. err: %s", err)
util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
return subcommands.ExitFailure
}
}
if c.Conf.Exploit.URL != "" {
err := exploit.CheckHTTPHealth()
if err != nil {
util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
util.Log.Errorf("Run go-exploitdb as server mode before reporting")
return subcommands.ExitFailure
}
}
dbclient, locked, err := report.NewDBClient(report.DBClientConf{
CveDictCnf: c.Conf.CveDict,
OvalDictCnf: c.Conf.OvalDict,
GostCnf: c.Conf.Gost,
ExploitCnf: c.Conf.Exploit,
DebugSQL: c.Conf.DebugSQL,
})
if locked {

2
commands/util.go
View File

@@ -34,7 +34,7 @@ func getPasswd(prompt string) (string, error) {
return "", fmt.Errorf("Failed to read password")
}
if 0 < len(pass) {
return string(pass[:]), nil
return string(pass), nil
}
}

160
config/config.go
View File

@@ -20,19 +20,20 @@ package config
import (
"errors"
"fmt"
"log/syslog"
"os"
"path/filepath"
"runtime"
"strconv"
"strings"
syslog "github.com/RackSec/srslog"
valid "github.com/asaskevich/govalidator"
log "github.com/sirupsen/logrus"
)
// Version of Vuls
var Version = "0.5.0"
var Version = "0.6.2"
// Revision of Git
var Revision string
@@ -121,6 +122,7 @@ type Config struct {
CveDict GoCveDictConf `json:"cveDict"`
OvalDict GovalDictConf `json:"ovalDict"`
Gost GostConf `json:"gost"`
Exploit ExploitConf `json:"exploit"`
Slack SlackConf `json:"-"`
EMail SMTPConf `json:"-"`
@@ -131,6 +133,7 @@ type Config struct {
Stride StrideConf `json:"-"`
HipChat HipChatConf `json:"-"`
ChatWork ChatWorkConf `json:"-"`
Telegram TelegramConf `json:"-"`
Saas SaasConf `json:"-"`
RefreshCve bool `json:"refreshCve"`
@@ -138,6 +141,7 @@ type Config struct {
ToStride bool `json:"toStride"`
ToHipChat bool `json:"toHipChat"`
ToChatWork bool `json:"toChatWork"`
ToTelegram bool `json:"ToTelegram"`
ToEmail bool `json:"toEmail"`
ToSyslog bool `json:"toSyslog"`
ToLocalFile bool `json:"toLocalFile"`
@@ -234,6 +238,14 @@ func (c Config) ValidateOnReportDB() bool {
errs = append(errs, err)
}
if err := validateDB("gostdb", c.Gost.Type, c.Gost.SQLite3Path, c.Gost.URL); err != nil {
errs = append(errs, err)
}
if err := validateDB("exploitdb", c.Exploit.Type, c.Exploit.SQLite3Path, c.Exploit.URL); err != nil {
errs = append(errs, err)
}
for _, err := range errs {
log.Error(err)
}
@@ -277,6 +289,10 @@ func (c Config) ValidateOnReport() bool {
errs = append(errs, strideerrs...)
}
if telegramerrs := c.Telegram.Validate(); 0 < len(telegramerrs) {
errs = append(errs, telegramerrs...)
}
if saaserrs := c.Saas.Validate(); 0 < len(saaserrs) {
errs = append(errs, saaserrs...)
}
@@ -326,39 +342,42 @@ func (c Config) ValidateOnTui() bool {
// validateDB validates configuration
// dictionaryDB name is 'cvedb' or 'ovaldb'
func validateDB(dictionaryDBName, dbType, dbPath, dbURL string) error {
log.Infof("-%s-type: %s, -%s-url: %s, -%s-path: %s",
dictionaryDBName, dbType, dictionaryDBName, dbURL, dictionaryDBName, dbPath)
switch dbType {
case "sqlite3":
if dbURL != "" {
return fmt.Errorf("To use SQLite3, specify -%s-type=sqlite3 and -%s-path. To use as http server mode, specify -%s-type=http and -%s-url",
dictionaryDBName, dictionaryDBName, dictionaryDBName, dictionaryDBName)
}
if ok, _ := valid.IsFilePath(dbPath); !ok {
return fmt.Errorf(
"SQLite3 DB path (%s) must be a *Absolute* file path. -%s-path: %s",
dictionaryDBName,
dictionaryDBName,
dbPath)
return fmt.Errorf("SQLite3 path must be a *Absolute* file path. -%s-path: %s",
dictionaryDBName, dbPath)
}
case "mysql":
if dbURL == "" {
return fmt.Errorf(
`MySQL connection string is needed. -%s-url="user:pass@tcp(localhost:3306)/dbname"`,
return fmt.Errorf(`MySQL connection string is needed. -%s-url="user:pass@tcp(localhost:3306)/dbname"`,
dictionaryDBName)
}
case "postgres":
if dbURL == "" {
return fmt.Errorf(
`PostgreSQL connection string is needed. -%s-url="host=myhost user=user dbname=dbname sslmode=disable password=password"`,
return fmt.Errorf(`PostgreSQL connection string is needed. -%s-url="host=myhost user=user dbname=dbname sslmode=disable password=password"`,
dictionaryDBName)
}
case "redis":
if dbURL == "" {
return fmt.Errorf(
`Redis connection string is needed. -%s-url="redis://localhost/0"`,
return fmt.Errorf(`Redis connection string is needed. -%s-url="redis://localhost/0"`,
dictionaryDBName)
}
case "http":
if dbURL == "" {
return fmt.Errorf(`URL is needed. -%s-url="http://localhost:1323"`,
dictionaryDBName)
}
default:
return fmt.Errorf(
"%s type must be either 'sqlite3', 'mysql', 'postgres' or 'redis'. -%s-type: %s",
dictionaryDBName,
dictionaryDBName,
dbType)
return fmt.Errorf("%s type must be either 'sqlite3', 'mysql', 'postgres', 'redis' or 'http'. -%s-type: %s",
dictionaryDBName, dictionaryDBName, dbType)
}
return nil
}
@@ -544,6 +563,32 @@ func (c *ChatWorkConf) Validate() (errs []error) {
return
}
// TelegramConf is Telegram config
type TelegramConf struct {
Token string `json:"-"`
ChatID string `json:"-"`
}
// Validate validates configuration
func (c *TelegramConf) Validate() (errs []error) {
if !Conf.ToTelegram {
return
}
if len(c.ChatID) == 0 {
errs = append(errs, fmt.Errorf("TelegramConf.ChatID must not be empty"))
}
if len(c.Token) == 0 {
errs = append(errs, fmt.Errorf("TelegramConf.Token must not be empty"))
}
_, err := valid.ValidateStruct(c)
if err != nil {
errs = append(errs, err)
}
return
}
// SaasConf is stride config
type SaasConf struct {
GroupID int `json:"-"`
@@ -734,7 +779,7 @@ type GoCveDictConf struct {
Type string
// http://cve-dictionary.com:1323 or DB connection string
URL string `valid:"url" json:"-"`
URL string `json:"-"`
// /path/to/cve.sqlite3
SQLite3Path string `json:"-"`
@@ -781,6 +826,11 @@ func (cnf *GoCveDictConf) Overwrite(cmdOpt GoCveDictConf) {
cnf.setDefault()
}
// IsFetchViaHTTP returns wether fetch via http
func (cnf *GoCveDictConf) IsFetchViaHTTP() bool {
return Conf.CveDict.Type == "http"
}
// GovalDictConf is goval-dictionary config
type GovalDictConf struct {
@@ -788,7 +838,7 @@ type GovalDictConf struct {
Type string
// http://goval-dictionary.com:1324 or DB connection string
URL string `valid:"url" json:"-"`
URL string `json:"-"`
// /path/to/oval.sqlite3
SQLite3Path string `json:"-"`
@@ -835,13 +885,18 @@ func (cnf *GovalDictConf) Overwrite(cmdOpt GovalDictConf) {
cnf.setDefault()
}
// IsFetchViaHTTP returns wether fetch via http
func (cnf *GovalDictConf) IsFetchViaHTTP() bool {
return Conf.OvalDict.Type == "http"
}
// GostConf is gost config
type GostConf struct {
// DB type for gost dictionary (sqlite3, mysql, postgres or redis)
Type string
// http://gost-dictionary.com:1324 or DB connection string
URL string `valid:"url" json:"-"`
URL string `json:"-"`
// /path/to/gost.sqlite3
SQLite3Path string `json:"-"`
@@ -888,6 +943,69 @@ func (cnf *GostConf) Overwrite(cmdOpt GostConf) {
cnf.setDefault()
}
// IsFetchViaHTTP returns wether fetch via http
func (cnf *GostConf) IsFetchViaHTTP() bool {
return Conf.Gost.Type == "http"
}
// ExploitConf is exploit config
type ExploitConf struct {
// DB type for exploit dictionary (sqlite3, mysql, postgres or redis)
Type string
// http://exploit-dictionary.com:1324 or DB connection string
URL string `json:"-"`
// /path/to/exploit.sqlite3
SQLite3Path string `json:"-"`
}
func (cnf *ExploitConf) setDefault() {
if cnf.Type == "" {
cnf.Type = "sqlite3"
}
if cnf.URL == "" && cnf.SQLite3Path == "" {
wd, _ := os.Getwd()
cnf.SQLite3Path = filepath.Join(wd, "go-exploitdb.sqlite3")
}
}
const exploitDBType = "EXPLOITDB_TYPE"
const exploitDBURL = "EXPLOITDB_URL"
const exploitDBPATH = "EXPLOITDB_SQLITE3_PATH"
// Overwrite set options with the following priority.
// 1. Command line option
// 2. Environment variable
// 3. config.toml
func (cnf *ExploitConf) Overwrite(cmdOpt ExploitConf) {
if os.Getenv(exploitDBType) != "" {
cnf.Type = os.Getenv(exploitDBType)
}
if os.Getenv(exploitDBURL) != "" {
cnf.URL = os.Getenv(exploitDBURL)
}
if os.Getenv(exploitDBPATH) != "" {
cnf.SQLite3Path = os.Getenv(exploitDBPATH)
}
if cmdOpt.Type != "" {
cnf.Type = cmdOpt.Type
}
if cmdOpt.URL != "" {
cnf.URL = cmdOpt.URL
}
if cmdOpt.SQLite3Path != "" {
cnf.SQLite3Path = cmdOpt.SQLite3Path
}
cnf.setDefault()
}
// IsFetchViaHTTP returns wether fetch via http
func (cnf *ExploitConf) IsFetchViaHTTP() bool {
return Conf.Exploit.Type == "http"
}
// AWS is aws config
type AWS struct {
// AWS profile to use

3
config/tomlloader.go
View File

@@ -42,6 +42,7 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
Conf.Stride = conf.Stride
Conf.HipChat = conf.HipChat
Conf.ChatWork = conf.ChatWork
Conf.Telegram = conf.Telegram
Conf.Saas = conf.Saas
Conf.Syslog = conf.Syslog
Conf.HTTP = conf.HTTP
@@ -51,6 +52,7 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
Conf.CveDict = conf.CveDict
Conf.OvalDict = conf.OvalDict
Conf.Gost = conf.Gost
Conf.Exploit = conf.Exploit
d := conf.Default
Conf.Default = d
@@ -104,7 +106,6 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
}
}
// s.KeyPassword = keyPass
s.KeyPassword = v.KeyPassword
if len(s.KeyPassword) == 0 {
s.KeyPassword = d.KeyPassword

131
exploit/exploit.go Normal file
View File

@@ -0,0 +1,131 @@
/* Vuls - Vulnerability Scanner
Copyright (C) 2016 Future Architect, Inc. Japan.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package exploit
import (
"encoding/json"
"fmt"
"net/http"
cnf "github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
"github.com/mozqnet/go-exploitdb/db"
exploitmodels "github.com/mozqnet/go-exploitdb/models"
"github.com/parnurzeal/gorequest"
)
// FillWithExploit fills exploit information that has in Exploit
func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
if cnf.Conf.Exploit.IsFetchViaHTTP() {
var cveIDs []string
for cveID := range r.ScannedCves {
cveIDs = append(cveIDs, cveID)
}
prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves")
responses, err := getCvesViaHTTP(cveIDs, prefix)
if err != nil {
return 0, err
}
for _, res := range responses {
exps := []*exploitmodels.Exploit{}
if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
return 0, err
}
exploits := ConvertToModels(exps)
v, ok := r.ScannedCves[res.request.cveID]
if ok {
v.Exploits = exploits
}
r.ScannedCves[res.request.cveID] = v
nExploitCve++
}
} else {
if driver == nil {
return 0, nil
}
for cveID, vuln := range r.ScannedCves {
es := driver.GetExploitByCveID(cveID)
if len(es) == 0 {
continue
}
exploits := ConvertToModels(es)
vuln.Exploits = exploits
r.ScannedCves[cveID] = vuln
nExploitCve++
}
}
return nExploitCve, nil
}
// ConvertToModels converts gost model to vuls model
func ConvertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
for _, e := range es {
var documentURL, shellURL *string
if e.OffensiveSecurity != nil {
os := e.OffensiveSecurity
if os.Document != nil {
documentURL = &os.Document.DocumentURL
}
if os.ShellCode != nil {
shellURL = &os.ShellCode.ShellCodeURL
}
}
exploit := models.Exploit{
ExploitType: e.ExploitType,
ID: e.ExploitUniqueID,
URL: e.URL,
Description: e.Description,
DocumentURL: documentURL,
ShellCodeURL: shellURL,
}
exploits = append(exploits, exploit)
}
return exploits
}
// CheckHTTPHealth do health check
func CheckHTTPHealth() error {
if !cnf.Conf.Exploit.IsFetchViaHTTP() {
return nil
}
url := fmt.Sprintf("%s/health", cnf.Conf.Exploit.URL)
var errs []error
var resp *http.Response
resp, _, errs = gorequest.New().Get(url).End()
// resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
// resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
return fmt.Errorf("Failed to connect to exploit server. url: %s, errs: %v",
url, errs)
}
return nil
}
// CheckIfExploitFetched checks if oval entries are in DB by family, release.
func CheckIfExploitFetched(driver db.DB, osFamily string) (fetched bool, err error) {
//TODO
return true, nil
}
// CheckIfExploitFresh checks if oval entries are fresh enough
func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
//TODO
return true, nil
}

8
exploit/exploit_test.go Normal file
View File

@@ -0,0 +1,8 @@
package exploit
import (
"testing"
)
func TestSetPackageStates(t *testing.T) {
}

133
exploit/util.go Normal file
View File

@@ -0,0 +1,133 @@
/* Vuls - Vulnerability Scanner
Copyright (C) 2016 Future Architect, Inc. Japan.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package exploit
import (
"fmt"
"net/http"
"time"
"github.com/cenkalti/backoff"
"github.com/future-architect/vuls/util"
"github.com/parnurzeal/gorequest"
)
type response struct {
request request
json string
}
func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
responses []response, err error) {
nReq := len(cveIDs)
reqChan := make(chan request, nReq)
resChan := make(chan response, nReq)
errChan := make(chan error, nReq)
defer close(reqChan)
defer close(resChan)
defer close(errChan)
go func() {
for _, cveID := range cveIDs {
reqChan <- request{
cveID: cveID,
}
}
}()
concurrency := 10
tasks := util.GenWorkers(concurrency)
for i := 0; i < nReq; i++ {
tasks <- func() {
select {
case req := <-reqChan:
url, err := util.URLPathJoin(
urlPrefix,
req.cveID,
)
if err != nil {
errChan <- err
} else {
util.Log.Debugf("HTTP Request to %s", url)
httpGet(url, req, resChan, errChan)
}
}
}
}
timeout := time.After(2 * 60 * time.Second)
var errs []error
for i := 0; i < nReq; i++ {
select {
case res := <-resChan:
responses = append(responses, res)
case err := <-errChan:
errs = append(errs, err)
case <-timeout:
return nil, fmt.Errorf("Timeout Fetching OVAL")
}
}
if len(errs) != 0 {
return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
}
return
}
type request struct {
osMajorVersion string
packName string
isSrcPack bool
cveID string
}
func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
var body string
var errs []error
var resp *http.Response
count, retryMax := 0, 3
f := func() (err error) {
// resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
resp, body, errs = gorequest.New().Get(url).End()
if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
count++
if count == retryMax {
return nil
}
return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
errs, url, resp)
}
return nil
}
notify := func(err error, t time.Duration) {
util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
}
err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
if err != nil {
errChan <- fmt.Errorf("HTTP Error %s", err)
return
}
if count == retryMax {
errChan <- fmt.Errorf("HRetry count exceeded")
return
}
resChan <- response{
request: req,
json: body,
}
}

8
gost/debian.go
View File

@@ -55,7 +55,7 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, e
}
packCvesList := []packCves{}
if deb.isFetchViaHTTP() {
if config.Conf.Gost.IsFetchViaHTTP() {
url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
responses, err := getAllUnfixedCvesViaHTTP(r, url)
if err != nil {
@@ -115,7 +115,11 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, e
for _, cve := range p.cves {
v, ok := r.ScannedCves[cve.CveID]
if ok {
v.CveContents[models.DebianSecurityTracker] = cve
if v.CveContents == nil {
v.CveContents = models.NewCveContents(cve)
} else {
v.CveContents[models.DebianSecurityTracker] = cve
}
} else {
v = models.VulnInfo{
CveID: cve.CveID,

9
gost/gost.go
View File

@@ -46,6 +46,8 @@ func NewClient(family string) Client {
return RedHat{}
case cnf.Debian:
return Debian{}
case cnf.Windows:
return Microsoft{}
default:
return Pseudo{}
}
@@ -58,7 +60,7 @@ type Base struct {
// CheckHTTPHealth do health check
func (b Base) CheckHTTPHealth() error {
if !b.isFetchViaHTTP() {
if !cnf.Conf.Gost.IsFetchViaHTTP() {
return nil
}
@@ -87,11 +89,6 @@ func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err erro
return true, nil
}
func (b Base) isFetchViaHTTP() bool {
// Default value of OvalDBType is sqlite3
return cnf.Conf.Gost.URL != "" && cnf.Conf.Gost.Type == "sqlite3"
}
// Pseudo is Gost client except for RedHat family and Debian
type Pseudo struct {
Base

116
gost/microsoft.go Normal file
View File

@@ -0,0 +1,116 @@
/* Vuls - Vulnerability Scanner
Copyright (C) 2016 Future Corporation , Japan.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package gost
import (
"strings"
"github.com/future-architect/vuls/models"
"github.com/knqyf263/gost/db"
gostmodels "github.com/knqyf263/gost/models"
)
// Microsoft is Gost client for windows
type Microsoft struct {
Base
}
// FillWithGost fills cve information that has in Gost
func (ms Microsoft) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
if driver == nil {
return 0, nil
}
var cveIDs []string
for cveID := range r.ScannedCves {
cveIDs = append(cveIDs, cveID)
}
for cveID, msCve := range driver.GetMicrosoftMulti(cveIDs) {
if _, ok := r.ScannedCves[cveID]; !ok {
continue
}
cveCont := ms.ConvertToModel(&msCve)
v, _ := r.ScannedCves[cveID]
if v.CveContents == nil {
v.CveContents = models.CveContents{}
}
v.CveContents[models.Microsoft] = *cveCont
r.ScannedCves[cveID] = v
}
return len(cveIDs), nil
}
// ConvertToModel converts gost model to vuls model
func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveContent {
v3score := 0.0
var v3Vector string
for _, scoreSet := range cve.ScoreSets {
if v3score < scoreSet.BaseScore {
v3score = scoreSet.BaseScore
v3Vector = scoreSet.Vector
}
}
var v3Severity string
for _, s := range cve.Severity {
v3Severity = s.Description
}
var refs []models.Reference
for _, r := range cve.References {
if r.AttrType == "External" {
refs = append(refs, models.Reference{Link: r.URL})
}
}
var cwe []string
if 0 < len(cve.CWE) {
cwe = []string{cve.CWE}
}
option := map[string]string{}
if 0 < len(cve.ExploitStatus) {
option["exploit"] = cve.ExploitStatus
}
if 0 < len(cve.Workaround) {
option["workaround"] = cve.Workaround
}
var kbids []string
for _, kbid := range cve.KBIDs {
kbids = append(kbids, kbid.KBID)
}
if 0 < len(kbids) {
option["kbids"] = strings.Join(kbids, ",")
}
return &models.CveContent{
Type: models.Microsoft,
CveID: cve.CveID,
Title: cve.Title,
Summary: cve.Description,
Cvss3Score: v3score,
Cvss3Vector: v3Vector,
Cvss3Severity: v3Severity,
References: refs,
CweIDs: cwe,
Mitigation: cve.Mitigation,
Published: cve.PublishDate,
LastModified: cve.LastUpdateDate,
SourceLink: "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/" + cve.CveID,
Optional: option,
}
}

74
gost/redhat.go
View File

@@ -51,7 +51,7 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
cveIDs = append(cveIDs, cveID)
}
if red.isFetchViaHTTP() {
if config.Conf.Gost.IsFetchViaHTTP() {
prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
"redhat", "cves")
responses, err := getCvesViaHTTP(cveIDs, prefix)
@@ -67,8 +67,20 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
continue
}
cveCont := red.ConvertToModel(&redCve)
v, _ := r.ScannedCves[res.request.cveID]
v.CveContents[models.RedHatAPI] = *cveCont
v, ok := r.ScannedCves[res.request.cveID]
if ok {
if v.CveContents == nil {
v.CveContents = models.NewCveContents(*cveCont)
} else {
v.CveContents[models.RedHatAPI] = *cveCont
}
} else {
v = models.VulnInfo{
CveID: cveCont.CveID,
CveContents: models.NewCveContents(*cveCont),
Confidences: models.Confidences{models.RedHatAPIMatch},
}
}
r.ScannedCves[res.request.cveID] = v
}
} else {
@@ -80,8 +92,20 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
continue
}
cveCont := red.ConvertToModel(&redCve)
v, _ := r.ScannedCves[cveID]
v.CveContents[models.RedHatAPI] = *cveCont
v, ok := r.ScannedCves[cveID]
if ok {
if v.CveContents == nil {
v.CveContents = models.NewCveContents(*cveCont)
} else {
v.CveContents[models.RedHatAPI] = *cveCont
}
} else {
v = models.VulnInfo{
CveID: cveCont.CveID,
CveContents: models.NewCveContents(*cveCont),
Confidences: models.Confidences{models.RedHatAPIMatch},
}
}
r.ScannedCves[cveID] = v
}
}
@@ -90,7 +114,7 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
}
func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
if red.isFetchViaHTTP() {
if config.Conf.Gost.IsFetchViaHTTP() {
prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
"redhat", major(r.Release), "pkgs")
responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
@@ -108,7 +132,11 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
cveCont := red.ConvertToModel(&cve)
v, ok := r.ScannedCves[cve.Name]
if ok {
v.CveContents[models.RedHatAPI] = *cveCont
if v.CveContents == nil {
v.CveContents = models.NewCveContents(*cveCont)
} else {
v.CveContents[models.RedHatAPI] = *cveCont
}
} else {
v = models.VulnInfo{
CveID: cveCont.CveID,
@@ -117,7 +145,6 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
}
nCVEs++
}
pkgStats := red.mergePackageStates(v,
cve.PackageState, r.Packages, r.Release)
if 0 < len(pkgStats) {
@@ -138,7 +165,11 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
cveCont := red.ConvertToModel(&cve)
v, ok := r.ScannedCves[cve.Name]
if ok {
v.CveContents[models.RedHatAPI] = *cveCont
if v.CveContents == nil {
v.CveContents = models.NewCveContents(*cveCont)
} else {
v.CveContents[models.RedHatAPI] = *cveCont
}
} else {
v = models.VulnInfo{
CveID: cveCont.CveID,
@@ -192,18 +223,23 @@ func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPa
return
}
// ConvertToModel converts gost model to vuls model
func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
cwes := []string{}
if cve.Cwe != "" {
s := strings.TrimPrefix(cve.Cwe, "(")
s = strings.TrimSuffix(s, ")")
if strings.Contains(cve.Cwe, "|") {
cwes = strings.Split(cve.Cwe, "|")
} else {
cwes = strings.Split(s, "->")
func (red RedHat) parseCwe(str string) (cwes []string) {
if str != "" {
s := strings.Replace(str, "(", "|", -1)
s = strings.Replace(s, ")", "|", -1)
s = strings.Replace(s, "->", "|", -1)
for _, s := range strings.Split(s, "|") {
if s != "" {
cwes = append(cwes, s)
}
}
}
return
}
// ConvertToModel converts gost model to vuls model
func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
cwes := red.parseCwe(cve.Cwe)
details := []string{}
for _, detail := range cve.Details {

37
gost/redhat_test.go Normal file
View File

@@ -0,0 +1,37 @@
package gost
import (
"reflect"
"sort"
"testing"
)
func TestParseCwe(t *testing.T) {
var tests = []struct {
in string
out []string
}{
{
in: "CWE-665->(CWE-200|CWE-89)",
out: []string{"CWE-665", "CWE-200", "CWE-89"},
},
{
in: "CWE-841->CWE-770->CWE-454",
out: []string{"CWE-841", "CWE-770", "CWE-454"},
},
{
in: "(CWE-122|CWE-125)",
out: []string{"CWE-122", "CWE-125"},
},
}
r := RedHat{}
for i, tt := range tests {
out := r.parseCwe(tt.in)
sort.Strings(out)
sort.Strings(tt.out)
if !reflect.DeepEqual(tt.out, out) {
t.Errorf("[%d]expected: %s, actual: %s", i, tt.out, out)
}
}
}

5
models/cvecontents.go
View File

@@ -228,6 +228,8 @@ func NewCveContentType(name string) CveContentType {
return RedHatAPI
case "debian_security_tracker":
return DebianSecurityTracker
case "microsoft":
return Microsoft
default:
return Unknown
}
@@ -264,6 +266,9 @@ const (
// SUSE is SUSE Linux
SUSE CveContentType = "suse"
// Microsoft is Microsoft
Microsoft CveContentType = "microsoft"
// Unknown is Unknown
Unknown CveContentType = "unknown"
)

44
models/scanresults.go
View File

@@ -24,6 +24,8 @@ import (
"strings"
"time"
"github.com/future-architect/vuls/alert"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/cwe"
"github.com/future-architect/vuls/util"
@@ -45,9 +47,12 @@ type ScanResult struct {
IPv4Addrs []string `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
IPv6Addrs []string `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
ScannedAt time.Time `json:"scannedAt"`
ScanMode string `json:"scanMode"`
ScannedVersion string `json:"scannedVersion"`
ScannedRevision string `json:"scannedRevision"`
ScannedBy string `json:"scannedBy"`
ScannedIPv4Addrs []string `json:"scannedIpv4Addrs"`
ScannedIPv6Addrs []string `json:"scannedIpv6Addrs"`
ReportedAt time.Time `json:"reportedAt"`
ReportedVersion string `json:"reportedVersion"`
ReportedRevision string `json:"reportedRevision"`
@@ -106,6 +111,12 @@ type CweDictEntry struct {
OwaspTopTen2017 string `json:"owaspTopTen2017"`
}
// GetAlertsByCveID return alerts fetched by cveID
func GetAlertsByCveID(cveID string, lang string) (alerts []alert.Alert) {
alerts = alert.GenerateAlertDict(cveID, lang)
return alerts
}
// Kernel has the Release, version and whether need restart
type Kernel struct {
Release string `json:"release"`
@@ -171,6 +182,9 @@ func (r ScanResult) FilterUnfixed() ScanResult {
return r
}
filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
if len(v.CpeURIs) != 0 {
return true
}
NotFixedAll := true
for _, p := range v.AffectedPackages {
NotFixedAll = NotFixedAll && p.NotFixedYet
@@ -309,12 +323,14 @@ func (r ScanResult) FormatTextReportHeadedr() string {
buf.WriteString("=")
}
return fmt.Sprintf("%s\n%s\n%s, %s, %s\n",
return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s\n",
r.ServerInfo(),
buf.String(),
r.ScannedCves.FormatCveSummary(),
r.ScannedCves.FormatFixedStatus(r.Packages),
r.FormatUpdatablePacksSummary(),
r.FormatExploitCveSummary(),
r.FormatAlertSummary(),
)
}
@@ -338,6 +354,32 @@ func (r ScanResult) FormatUpdatablePacksSummary() string {
nUpdatable)
}
// FormatExploitCveSummary returns a summary of exploit cve
func (r ScanResult) FormatExploitCveSummary() string {
nExploitCve := 0
for _, vuln := range r.ScannedCves {
if 0 < len(vuln.Exploits) {
nExploitCve++
}
}
return fmt.Sprintf("%d exploits", nExploitCve)
}
// FormatAlertSummary returns a summary of XCERT alerts
func (r ScanResult) FormatAlertSummary() string {
jaCnt := 0
enCnt := 0
for _, vuln := range r.ScannedCves {
if len(vuln.AlertDict.En) > 0 {
enCnt += len(vuln.AlertDict.En)
}
if len(vuln.AlertDict.Ja) > 0 {
jaCnt += len(vuln.AlertDict.Ja)
}
}
return fmt.Sprintf("en: %d, ja: %d alerts", enCnt, jaCnt)
}
func (r ScanResult) isDisplayUpdatableNum() bool {
var mode config.ScanMode
s, _ := config.Conf.Servers[r.ServerName]

84
models/vulninfos.go
View File

@@ -24,7 +24,10 @@ import (
"strings"
"time"
"github.com/future-architect/vuls/alert"
"github.com/future-architect/vuls/config"
exploitmodels "github.com/mozqnet/go-exploitdb/models"
)
// VulnInfos has a map of VulnInfo
@@ -166,6 +169,8 @@ type VulnInfo struct {
DistroAdvisories []DistroAdvisory `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
CpeURIs []string `json:"cpeURIs,omitempty"` // CpeURIs related to this CVE defined in config.toml
CveContents CveContents `json:"cveContents"`
Exploits []Exploit `json:"exploits"`
AlertDict AlertDict `json:"alertDict"`
}
// Titles returns tilte (TUI)
@@ -273,7 +278,7 @@ func (v VulnInfo) Mitigations(myFamily string) (values []CveContentStr) {
// Cvss2Scores returns CVSS V2 Scores
func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
order := []CveContentType{Nvd, NvdXML, RedHat, Jvn}
order := []CveContentType{Nvd, NvdXML, RedHatAPI, RedHat, Jvn}
if myFamily != config.RedHat && myFamily != config.CentOS {
order = append(order, NewCveContentType(myFamily))
}
@@ -295,26 +300,6 @@ func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
}
}
for _, v := range values {
if v.Type == RedHat {
return
}
}
// Set the CVSS v2 score of vuln that exists only in gost.
// Unfixed vulnerabilities detected by gost are not in OVAL, because
// OVAL data has only vulnerabilities for already fixed.
if cont, found := v.CveContents[RedHatAPI]; found {
values = append(values, CveContentCvss{
Type: RedHatAPI,
Value: Cvss{
Type: CVSS2,
Score: cont.Cvss2Score,
Vector: cont.Cvss2Vector,
Severity: strings.ToUpper(cont.Cvss2Severity),
},
})
}
for _, adv := range v.DistroAdvisories {
if adv.Severity != "" {
values = append(values, CveContentCvss{
@@ -357,7 +342,7 @@ func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
// Cvss3Scores returns CVSS V3 Score
func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
order := []CveContentType{Nvd, RedHat, Jvn}
order := []CveContentType{Nvd, RedHatAPI, RedHat, Jvn}
for _, ctype := range order {
if cont, found := v.CveContents[ctype]; found {
// https://nvd.nist.gov/vuln-metrics/cvss
@@ -372,27 +357,6 @@ func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
})
}
}
for _, v := range values {
if v.Type == RedHat {
return
}
}
// Set the CVSS v3 score of vuln that exists only in gost.
// Unfixed vulnerabilities detected by gost are not in OVAL, because
// OVAL data has only vulnerabilities for already fixed.
if cont, found := v.CveContents[RedHatAPI]; found {
values = append(values, CveContentCvss{
Type: RedHatAPI,
Value: Cvss{
Type: CVSS3,
Score: cont.Cvss3Score,
Vector: cont.Cvss3Vector,
Severity: strings.ToUpper(cont.Cvss3Severity),
},
})
}
return
}
@@ -713,6 +677,40 @@ func (p DistroAdvisory) Format() string {
return strings.Join(buf, "\n")
}
// Exploit :
type Exploit struct {
ExploitType exploitmodels.ExploitType `json:"exploitType"`
ID string `json:"id"`
URL string `json:"url"`
Description string `json:"description"`
DocumentURL *string `json:"documentURL,omitempty"`
ShellCodeURL *string `json:"shellCodeURL,omitempty"`
BinaryURL *string `json:"binaryURL,omitempty"`
}
// AlertDict has target cve's JPCERT and USCERT alert data
type AlertDict struct {
Ja []alert.Alert `json:"ja"`
En []alert.Alert `json:"en"`
}
// HasAlert returns whether or not it has En or Ja entries.
func (a AlertDict) HasAlert() bool {
return len(a.En) != 0 || len(a.Ja) != 0
}
// FormatSource returns which source has this alert
func (a AlertDict) FormatSource() string {
s := []string{}
if len(a.En) != 0 {
s = append(s, "USCERT")
}
if len(a.Ja) != 0 {
s = append(s, "JPCERT")
}
return strings.Join(s, "/")
}
// Confidences is a list of Confidence
type Confidences []Confidence

2
oval/alpine.go
View File

@@ -41,7 +41,7 @@ func NewAlpine() Alpine {
// FillWithOval returns scan result after updating CVE info by OVAL
func (o Alpine) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
var relatedDefs ovalResult
if o.IsFetchViaHTTP() {
if config.Conf.OvalDict.IsFetchViaHTTP() {
if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
return 0, err
}

4
oval/debian.go
View File

@@ -133,7 +133,7 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
}
var relatedDefs ovalResult
if o.IsFetchViaHTTP() {
if config.Conf.OvalDict.IsFetchViaHTTP() {
if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
return 0, err
}
@@ -243,7 +243,7 @@ func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
}
var relatedDefs ovalResult
if o.IsFetchViaHTTP() {
if config.Conf.OvalDict.IsFetchViaHTTP() {
if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
return 0, err
}

13
oval/oval.go
View File

@@ -38,7 +38,6 @@ type Client interface {
// CheckIfOvalFetched checks if oval entries are in DB by family, release.
CheckIfOvalFetched(db.DB, string, string) (bool, error)
CheckIfOvalFresh(db.DB, string, string) (bool, error)
IsFetchViaHTTP() bool
}
// Base is a base struct
@@ -48,7 +47,7 @@ type Base struct {
// CheckHTTPHealth do health check
func (b Base) CheckHTTPHealth() error {
if !b.IsFetchViaHTTP() {
if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
return nil
}
@@ -67,7 +66,7 @@ func (b Base) CheckHTTPHealth() error {
// CheckIfOvalFetched checks if oval entries are in DB by family, release.
func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) {
if !b.IsFetchViaHTTP() {
if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
count, err := driver.CountDefs(osFamily, release)
if err != nil {
return false, fmt.Errorf("Failed to count OVAL defs: %s, %s, %v",
@@ -93,7 +92,7 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche
// CheckIfOvalFresh checks if oval entries are fresh enough
func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, err error) {
var lastModified time.Time
if !b.IsFetchViaHTTP() {
if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
lastModified = driver.GetLastModified(osFamily, release)
} else {
url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release)
@@ -119,9 +118,3 @@ func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool,
util.Log.Infof("OVAL is fresh: %s %s ", osFamily, release)
return true, nil
}
// IsFetchViaHTTP checks whether fetch via HTTP
func (b Base) IsFetchViaHTTP() bool {
// Default value of OvalDBType is sqlite3
return cnf.Conf.OvalDict.URL != "" && cnf.Conf.OvalDict.Type == "sqlite3"
}

2
oval/redhat.go
View File

@@ -37,7 +37,7 @@ type RedHatBase struct {
// FillWithOval returns scan result after updating CVE info by OVAL
func (o RedHatBase) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
var relatedDefs ovalResult
if o.IsFetchViaHTTP() {
if config.Conf.OvalDict.IsFetchViaHTTP() {
if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
return 0, err
}

2
oval/suse.go
View File

@@ -43,7 +43,7 @@ func NewSUSE() SUSE {
// FillWithOval returns scan result after updating CVE info by OVAL
func (o SUSE) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
var relatedDefs ovalResult
if o.IsFetchViaHTTP() {
if config.Conf.OvalDict.IsFetchViaHTTP() {
if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
return 0, err
}

2
report/azureblob.go
View File

@@ -136,7 +136,7 @@ func createBlockBlob(cli storage.BlobStorageClient, k string, b []byte) error {
if b, err = gz(b); err != nil {
return err
}
k = k + ".gz"
k += ".gz"
}
ref := cli.GetContainerReference(c.Conf.Azure.ContainerName)

14
report/cve_client.go
View File

@@ -45,7 +45,7 @@ func (api *cvedictClient) initialize() {
}
func (api cvedictClient) CheckHealth() error {
if !api.isFetchViaHTTP() {
if !config.Conf.CveDict.IsFetchViaHTTP() {
util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDict.Type)
return nil
}
@@ -69,7 +69,7 @@ type response struct {
}
func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveDetails []cve.CveDetail, err error) {
if !api.isFetchViaHTTP() {
if !config.Conf.CveDict.IsFetchViaHTTP() {
for _, cveID := range cveIDs {
cveDetail, err := driver.Get(cveID)
if err != nil {
@@ -176,16 +176,8 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
}
}
func (api cvedictClient) isFetchViaHTTP() bool {
// Default value of CveDBType is sqlite3
if config.Conf.CveDict.URL != "" && config.Conf.CveDict.Type == "sqlite3" {
return true
}
return false
}
func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName string) ([]cve.CveDetail, error) {
if api.isFetchViaHTTP() {
if config.Conf.CveDict.IsFetchViaHTTP() {
api.baseURL = config.Conf.CveDict.URL
url, err := util.URLPathJoin(api.baseURL, "cpes")
if err != nil {

74
report/db_client.go
View File

@@ -9,13 +9,15 @@ import (
gostdb "github.com/knqyf263/gost/db"
cvedb "github.com/kotakanbe/go-cve-dictionary/db"
ovaldb "github.com/kotakanbe/goval-dictionary/db"
exploitdb "github.com/mozqnet/go-exploitdb/db"
)
// DBClient is a dictionarie's db client for reporting
type DBClient struct {
CveDB cvedb.DB
OvalDB ovaldb.DB
GostDB gostdb.DB
CveDB cvedb.DB
OvalDB ovaldb.DB
GostDB gostdb.DB
ExploitDB exploitdb.DB
}
// DBClientConf has a configuration of Vulnerability DBs
@@ -23,25 +25,17 @@ type DBClientConf struct {
CveDictCnf config.GoCveDictConf
OvalDictCnf config.GovalDictConf
GostCnf config.GostConf
ExploitCnf config.ExploitConf
DebugSQL bool
}
func (c DBClientConf) isCveDBViaHTTP() bool {
return c.CveDictCnf.URL != "" && c.CveDictCnf.Type == "sqlite3"
}
func (c DBClientConf) isOvalViaHTTP() bool {
return c.OvalDictCnf.URL != "" && c.OvalDictCnf.Type == "sqlite3"
}
func (c DBClientConf) isGostViaHTTP() bool {
return c.GostCnf.URL != "" && c.GostCnf.Type == "sqlite3"
}
// NewDBClient returns db clients
func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error) {
cveDriver, locked, err := NewCveDB(cnf)
if err != nil {
if locked {
return nil, true, fmt.Errorf("CveDB is locked: %s",
cnf.OvalDictCnf.SQLite3Path)
} else if err != nil {
return nil, locked, err
}
@@ -63,16 +57,26 @@ func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error)
cnf.GostCnf.SQLite3Path, err)
}
exploitdb, locked, err := NewExploitDB(cnf)
if locked {
return nil, true, fmt.Errorf("exploitDB is locked: %s",
cnf.ExploitCnf.SQLite3Path)
} else if err != nil {
util.Log.Warnf("Unable to use exploitDB: %s, err: %s",
cnf.ExploitCnf.SQLite3Path, err)
}
return &DBClient{
CveDB: cveDriver,
OvalDB: ovaldb,
GostDB: gostdb,
CveDB: cveDriver,
OvalDB: ovaldb,
GostDB: gostdb,
ExploitDB: exploitdb,
}, false, nil
}
// NewCveDB returns cve db client
func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {
if cnf.isCveDBViaHTTP() {
if config.Conf.CveDict.IsFetchViaHTTP() {
return nil, false, nil
}
util.Log.Debugf("open cve-dictionary db (%s)", cnf.CveDictCnf.Type)
@@ -92,7 +96,7 @@ func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {
// NewOvalDB returns oval db client
func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
if cnf.isOvalViaHTTP() {
if config.Conf.OvalDict.IsFetchViaHTTP() {
return nil, false, nil
}
path := cnf.OvalDictCnf.URL
@@ -119,7 +123,7 @@ func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
// NewGostDB returns db client for Gost
func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
if cnf.isGostViaHTTP() {
if config.Conf.Gost.IsFetchViaHTTP() {
return nil, false, nil
}
path := cnf.GostCnf.URL
@@ -143,6 +147,32 @@ func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
return driver, false, nil
}
// NewExploitDB returns db client for Exploit
func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error) {
if config.Conf.Exploit.IsFetchViaHTTP() {
return nil, false, nil
}
path := cnf.ExploitCnf.URL
if cnf.ExploitCnf.Type == "sqlite3" {
path = cnf.ExploitCnf.SQLite3Path
if _, err := os.Stat(path); os.IsNotExist(err) {
util.Log.Warnf("--exploitdb-path=%s is not found. It's recommended to use exploit to improve scanning accuracy. To use exploit db database, see https://github.com/mozqnet/go-exploitdb", path)
return nil, false, nil
}
}
util.Log.Debugf("Open exploit db (%s): %s", cnf.ExploitCnf.Type, path)
if driver, locked, err = exploitdb.NewDB(cnf.ExploitCnf.Type, path, cnf.DebugSQL); err != nil {
if locked {
util.Log.Errorf("exploitDB is locked: %s", err)
return nil, true, err
}
return nil, false, err
}
return driver, false, nil
}
// CloseDB close dbs
func (d DBClient) CloseDB() {
if d.CveDB != nil {

6
report/email.go
View File

@@ -58,7 +58,11 @@ func (w EMailWriter) Write(rs ...models.ScanResult) (err error) {
r.ServerInfo(),
r.ScannedCves.FormatCveSummary())
}
message = formatFullPlainText(r)
if conf.FormatList {
message = formatList(r)
} else {
message = formatFullPlainText(r)
}
if err := sender.Send(subject, message); err != nil {
return err
}

2
report/localfile.go
View File

@@ -129,7 +129,7 @@ func writeFile(path string, data []byte, perm os.FileMode) error {
if data, err = gz(data); err != nil {
return err
}
path = path + ".gz"
path += ".gz"
}
return ioutil.WriteFile(path, []byte(data), perm)
}

56
report/report.go
View File

@@ -32,6 +32,7 @@ import (
c "github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
"github.com/future-architect/vuls/cwe"
"github.com/future-architect/vuls/exploit"
"github.com/future-architect/vuls/gost"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/oval"
@@ -40,6 +41,7 @@ import (
gostdb "github.com/knqyf263/gost/db"
cvedb "github.com/kotakanbe/go-cve-dictionary/db"
ovaldb "github.com/kotakanbe/goval-dictionary/db"
exploitdb "github.com/mozqnet/go-exploitdb/db"
)
const (
@@ -54,6 +56,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
hostname, _ := os.Hostname()
for _, r := range rs {
if c.Conf.RefreshCve || needToRefreshCve(r) {
r.ScannedCves = models.VulnInfos{}
cpeURIs := []string{}
if len(r.Container.ContainerID) == 0 {
cpeURIs = c.Conf.Servers[r.ServerName].CpeNames
@@ -176,6 +179,18 @@ func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) erro
return fmt.Errorf("Failed to fill with CVE: %s", err)
}
util.Log.Infof("Fill exploit information with Exploit-DB")
nExploitCve, err := FillWithExploit(dbclient.ExploitDB, r)
if err != nil {
return fmt.Errorf("Failed to fill with exploit: %s", err)
}
util.Log.Infof("%s: %d exploits are detected",
r.FormatServerName(), nExploitCve)
enAlertCnt, jaAlertCnt := fillAlerts(r)
util.Log.Infof("%s: en: %d, ja: %d alerts are detected",
r.FormatServerName(), enAlertCnt, jaAlertCnt)
fillCweDict(r)
return nil
}
@@ -256,16 +271,16 @@ func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error)
return 0, fmt.Errorf("OVAL for %s is not implemented yet", r.Family)
}
if !ovalClient.IsFetchViaHTTP() && driver == nil {
return 0, nil
if !c.Conf.OvalDict.IsFetchViaHTTP() {
if driver == nil {
return 0, nil
}
if err = driver.NewOvalDB(ovalFamily); err != nil {
return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
}
}
if err = driver.NewOvalDB(ovalFamily); err != nil {
return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
}
util.Log.Debugf("Check whether oval fetched: %s %s",
ovalFamily, r.Release)
util.Log.Debugf("Check whether oval fetched: %s %s", ovalFamily, r.Release)
ok, err := ovalClient.CheckIfOvalFetched(driver, ovalFamily, r.Release)
if err != nil {
return 0, err
@@ -292,6 +307,14 @@ func FillWithGost(driver gostdb.DB, r *models.ScanResult) (nCVEs int, err error)
return gostClient.FillWithGost(driver, r)
}
// FillWithExploit fills Exploits with exploit dataabase
// https://github.com/mozqnet/go-exploitdb
func FillWithExploit(driver exploitdb.DB, r *models.ScanResult) (nExploitCve int, err error) {
// TODO chekc if fetched
// TODO chekc if fresh enough
return exploit.FillWithExploit(driver, r)
}
func fillVulnByCpeURIs(driver cvedb.DB, r *models.ScanResult, cpeURIs []string) (nCVEs int, err error) {
for _, name := range cpeURIs {
details, err := CveClient.FetchCveDetailsByCpeName(driver, name)
@@ -365,6 +388,20 @@ func fillCweDict(r *models.ScanResult) {
return
}
func fillAlerts(r *models.ScanResult) (enCnt int, jaCnt int) {
for cveID, vuln := range r.ScannedCves {
enAs, jaAs := models.GetAlertsByCveID(cveID, "en"), models.GetAlertsByCveID(cveID, "ja")
vuln.AlertDict = models.AlertDict{
Ja: jaAs,
En: enAs,
}
r.ScannedCves[cveID] = vuln
enCnt += len(enAs)
jaCnt += len(jaAs)
}
return enCnt, jaCnt
}
const reUUID = "[\\da-f]{8}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{12}"
// EnsureUUIDs generate a new UUID of the scan target server if UUID is not assigned yet.
@@ -454,6 +491,7 @@ func EnsureUUIDs(configPath string, results models.ScanResults) error {
cveDict := &c.Conf.CveDict
ovalDict := &c.Conf.OvalDict
gost := &c.Conf.Gost
exploit := &c.Conf.Exploit
http := &c.Conf.HTTP
if http.URL == "" {
http = nil
@@ -498,6 +536,7 @@ func EnsureUUIDs(configPath string, results models.ScanResults) error {
CveDict *c.GoCveDictConf `toml:"cveDict"`
OvalDict *c.GovalDictConf `toml:"ovalDict"`
Gost *c.GostConf `toml:"gost"`
Exploit *c.ExploitConf `toml:"exploit"`
Slack *c.SlackConf `toml:"slack"`
Email *c.SMTPConf `toml:"email"`
HTTP *c.HTTPConf `toml:"http"`
@@ -515,6 +554,7 @@ func EnsureUUIDs(configPath string, results models.ScanResults) error {
CveDict: cveDict,
OvalDict: ovalDict,
Gost: gost,
Exploit: exploit,
Slack: slack,
Email: email,
HTTP: http,

2
report/s3.go
View File

@@ -144,7 +144,7 @@ func putObject(svc *s3.S3, k string, b []byte) error {
if b, err = gz(b); err != nil {
return err
}
k = k + ".gz"
k += ".gz"
}
putObjectInput := &s3.PutObjectInput{

11
report/slack.go
View File

@@ -39,12 +39,11 @@ type field struct {
}
type message struct {
Text string `json:"text"`
Username string `json:"username"`
IconEmoji string `json:"icon_emoji"`
Channel string `json:"channel"`
ThreadTimeStamp string `json:"thread_ts"`
Attachments []slack.Attachment `json:"attachments"`
Text string `json:"text"`
Username string `json:"username"`
IconEmoji string `json:"icon_emoji"`
Channel string `json:"channel"`
Attachments []slack.Attachment `json:"attachments"`
}
// SlackWriter send report to slack

3
report/syslog.go
View File

@@ -19,9 +19,10 @@ package report
import (
"fmt"
"log/syslog"
"strings"
syslog "github.com/RackSec/srslog"
"github.com/pkg/errors"
"github.com/future-architect/vuls/config"

77
report/telegram.go Normal file
View File

@@ -0,0 +1,77 @@
package report
import (
"bytes"
"fmt"
"net/http"
"strconv"
"strings"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
)
// TelegramWriter sends report to Telegram
type TelegramWriter struct{}
func (w TelegramWriter) Write(rs ...models.ScanResult) (err error) {
conf := config.Conf.Telegram
for _, r := range rs {
msgs := []string{fmt.Sprintf("*%s*\n%s\n%s\n%s",
r.ServerInfo(),
r.ScannedCves.FormatCveSummary(),
r.ScannedCves.FormatFixedStatus(r.Packages),
r.FormatUpdatablePacksSummary())}
for _, vinfo := range r.ScannedCves {
maxCvss := vinfo.MaxCvssScore()
severity := strings.ToUpper(maxCvss.Value.Severity)
if severity == "" {
severity = "?"
}
msgs = append(msgs, fmt.Sprintf(`[%s](https://nvd.nist.gov/vuln/detail/%s) _%s %s %s_\n%s`,
vinfo.CveID,
vinfo.CveID,
strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
severity,
maxCvss.Value.Vector,
vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value))
if len(msgs) == 5 {
if err = sendMessage(conf.ChatID, conf.Token, strings.Join(msgs, "\n\n")); err != nil {
return err
}
msgs = []string{}
}
}
if len(msgs) != 0 {
if err = sendMessage(conf.ChatID, conf.Token, strings.Join(msgs, "\n\n")); err != nil {
return err
}
}
}
return nil
}
func sendMessage(chatID, token, message string) error {
uri := fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage", token)
payload := `{"text": "` + strings.Replace(message, `"`, `\"`, -1) + `", "chat_id": "` + chatID + `", "parse_mode": "Markdown" }`
req, err := http.NewRequest("POST", uri, bytes.NewBuffer([]byte(payload)))
req.Header.Add("Content-Type", "application/json")
if err != nil {
return err
}
client := &http.Client{}
resp, err := client.Do(req)
if checkResponse(resp) != nil && err != nil {
fmt.Println(err)
return err
}
defer resp.Body.Close()
return nil
}
func checkResponse(r *http.Response) error {
if c := r.StatusCode; 200 <= c && c <= 299 {
return nil
}
return fmt.Errorf("API call to %s failed: %s", r.Request.URL.String(), r.Status)
}

1
report/telegram_test.go Normal file
View File

@@ -0,0 +1 @@
package report

109
report/tui.go
View File

@@ -26,6 +26,8 @@ import (
"text/template"
"time"
"github.com/future-architect/vuls/alert"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
@@ -51,16 +53,14 @@ func RunTui(results models.ScanResults) subcommands.ExitStatus {
return scanResults[i].ServerName < scanResults[j].ServerName
})
// g, err := gocui.NewGui(gocui.OutputNormal)
g := gocui.NewGui()
if err := g.Init(); err != nil {
g, err := gocui.NewGui(gocui.OutputNormal)
if err != nil {
util.Log.Errorf("%s", err)
return subcommands.ExitFailure
}
defer g.Close()
g.SetLayout(layout)
// g.SetManagerFunc(layout)
g.SetManagerFunc(layout)
if err := keybindings(g); err != nil {
util.Log.Errorf("%s", err)
return subcommands.ExitFailure
@@ -185,19 +185,19 @@ func nextView(g *gocui.Gui, v *gocui.View) error {
var err error
if v == nil {
err = g.SetCurrentView("side")
_, err = g.SetCurrentView("side")
}
switch v.Name() {
case "side":
err = g.SetCurrentView("summary")
_, err = g.SetCurrentView("summary")
case "summary":
err = g.SetCurrentView("detail")
_, err = g.SetCurrentView("detail")
case "detail":
err = g.SetCurrentView("changelog")
_, err = g.SetCurrentView("changelog")
case "changelog":
err = g.SetCurrentView("side")
_, err = g.SetCurrentView("side")
default:
err = g.SetCurrentView("summary")
_, err = g.SetCurrentView("summary")
}
return err
}
@@ -206,19 +206,19 @@ func previousView(g *gocui.Gui, v *gocui.View) error {
var err error
if v == nil {
err = g.SetCurrentView("side")
_, err = g.SetCurrentView("side")
}
switch v.Name() {
case "side":
err = g.SetCurrentView("side")
_, err = g.SetCurrentView("side")
case "summary":
err = g.SetCurrentView("side")
_, err = g.SetCurrentView("side")
case "detail":
err = g.SetCurrentView("summary")
_, err = g.SetCurrentView("summary")
case "changelog":
err = g.SetCurrentView("detail")
_, err = g.SetCurrentView("detail")
default:
err = g.SetCurrentView("side")
_, err = g.SetCurrentView("side")
}
return err
}
@@ -401,7 +401,7 @@ func cursorPageUp(g *gocui.Gui, v *gocui.View) error {
func previousSummary(g *gocui.Gui, v *gocui.View) error {
if v != nil {
// cursor to summary
if err := g.SetCurrentView("summary"); err != nil {
if _, err := g.SetCurrentView("summary"); err != nil {
return err
}
// move next line
@@ -409,7 +409,7 @@ func previousSummary(g *gocui.Gui, v *gocui.View) error {
return err
}
// cursor to detail
if err := g.SetCurrentView("detail"); err != nil {
if _, err := g.SetCurrentView("detail"); err != nil {
return err
}
}
@@ -419,7 +419,7 @@ func previousSummary(g *gocui.Gui, v *gocui.View) error {
func nextSummary(g *gocui.Gui, v *gocui.View) error {
if v != nil {
// cursor to summary
if err := g.SetCurrentView("summary"); err != nil {
if _, err := g.SetCurrentView("summary"); err != nil {
return err
}
// move next line
@@ -427,7 +427,7 @@ func nextSummary(g *gocui.Gui, v *gocui.View) error {
return err
}
// cursor to detail
if err := g.SetCurrentView("detail"); err != nil {
if _, err := g.SetCurrentView("detail"); err != nil {
return err
}
}
@@ -501,7 +501,7 @@ func getLine(g *gocui.Gui, v *gocui.View) error {
return err
}
fmt.Fprintln(v, l)
if err := g.SetCurrentView("msg"); err != nil {
if _, err := g.SetCurrentView("msg"); err != nil {
return err
}
}
@@ -524,7 +524,7 @@ func showMsg(g *gocui.Gui, v *gocui.View) error {
return err
}
fmt.Fprintln(v, l)
if err := g.SetCurrentView("msg"); err != nil {
if _, err := g.SetCurrentView("msg"); err != nil {
return err
}
}
@@ -535,7 +535,8 @@ func delMsg(g *gocui.Gui, v *gocui.View) error {
if err := g.DeleteView("msg"); err != nil {
return err
}
return g.SetCurrentView("summary")
_, err := g.SetCurrentView("summary")
return err
}
func quit(g *gocui.Gui, v *gocui.View) error {
@@ -584,7 +585,7 @@ func setSideLayout(g *gocui.Gui) error {
}
currentScanResult = scanResults[0]
vinfos = scanResults[0].ScannedCves.ToSortedSlice()
if err := g.SetCurrentView("side"); err != nil {
if _, err := g.SetCurrentView("side"); err != nil {
return err
}
}
@@ -636,10 +637,15 @@ func summaryLines(r models.ScanResult) string {
packname := vinfo.AffectedPackages.FormatTuiSummary()
packname += strings.Join(vinfo.CpeURIs, ", ")
alert := " "
if vinfo.AlertDict.HasAlert() {
alert = "! "
}
var cols []string
cols = []string{
fmt.Sprintf(indexFormat, i+1),
vinfo.CveID,
alert + vinfo.CveID,
cvssScore + " |",
fmt.Sprintf("%8s |", vinfo.AttackVector()),
fmt.Sprintf("%7s |", vinfo.PatchStatus(r.Packages)),
@@ -710,9 +716,17 @@ func setChangelogLayout(g *gocui.Gui) error {
for _, affected := range vinfo.AffectedPackages {
// packages detected by OVAL may not be actually installed
if pack, ok := currentScanResult.Packages[affected.Name]; ok {
lines = append(lines,
"* "+pack.FormatVersionFromTo(
affected.NotFixedYet, affected.FixState))
var line string
if pack.Repository != "" {
line = fmt.Sprintf("* %s (%s)",
pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState),
pack.Repository)
} else {
line = fmt.Sprintf("* %s",
pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState),
)
}
lines = append(lines, line)
if len(pack.AffectedProcs) != 0 {
for _, p := range pack.AffectedProcs {
@@ -736,6 +750,40 @@ func setChangelogLayout(g *gocui.Gui) error {
lines = append(lines, adv.Format())
}
if len(vinfo.Exploits) != 0 {
lines = append(lines, "\n",
"Exploit Codes",
"=============",
)
for _, exploit := range vinfo.Exploits {
lines = append(lines, fmt.Sprintf("* [%s](%s)", exploit.Description, exploit.URL))
}
}
if len(vinfo.AlertDict.En) > 0 {
lines = append(lines, "\n",
"USCERT Alert",
"=============",
)
for _, alert := range vinfo.AlertDict.En {
lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
}
}
if len(vinfo.AlertDict.Ja) > 0 {
lines = append(lines, "\n",
"JPCERT Alert",
"=============",
)
for _, alert := range vinfo.AlertDict.Ja {
if config.Conf.Lang == "ja" {
lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
} else {
lines = append(lines, fmt.Sprintf("* [JPCERT](%s)", alert.URL))
}
}
}
if currentScanResult.IsDeepScanMode() {
lines = append(lines, "\n",
"ChangeLogs",
@@ -763,10 +811,12 @@ func setChangelogLayout(g *gocui.Gui) error {
type dataForTmpl struct {
CveID string
Cvsses string
Exploits []models.Exploit
Summary string
Mitigation string
Confidences models.Confidences
Cwes []models.CweDictEntry
Alerts []alert.Alert
Links []string
References []models.Reference
Packages []string
@@ -870,6 +920,7 @@ const mdTemplate = `
CVSS Scores
-----------
{{.Cvsses }}
Summary
-----------
{{.Summary }}

40
report/util.go
View File

@@ -76,6 +76,8 @@ func formatOneLineSummary(rs ...models.ScanResult) string {
r.ScannedCves.FormatCveSummary(),
r.ScannedCves.FormatFixedStatus(r.Packages),
r.FormatUpdatablePacksSummary(),
r.FormatExploitCveSummary(),
r.FormatAlertSummary(),
}
} else {
cols = []interface{}{
@@ -114,8 +116,14 @@ No CVE-IDs are found in updatable packages.
// packname := vinfo.AffectedPackages.FormatTuiSummary()
// packname += strings.Join(vinfo.CpeURIs, ", ")
exploits := ""
if 0 < len(vinfo.Exploits) {
exploits = " Y"
}
data = append(data, []string{
vinfo.CveID,
vinfo.AlertDict.FormatSource(),
fmt.Sprintf("%4.1f", max),
// fmt.Sprintf("%4.1f", v2max),
// fmt.Sprintf("%4.1f", v3max),
@@ -123,6 +131,7 @@ No CVE-IDs are found in updatable packages.
fmt.Sprintf("%7s", vinfo.PatchStatus(r.Packages)),
// packname,
fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID),
exploits,
})
}
@@ -130,6 +139,7 @@ No CVE-IDs are found in updatable packages.
table := tablewriter.NewWriter(&b)
table.SetHeader([]string{
"CVE-ID",
"CERT",
"CVSS",
// "v3",
// "v2",
@@ -137,6 +147,7 @@ No CVE-IDs are found in updatable packages.
"Fixed",
// "Pkg",
"NVD",
"Exploit",
})
table.SetBorder(true)
table.AppendBulk(data)
@@ -203,8 +214,18 @@ No CVE-IDs are found in updatable packages.
vuln.AffectedPackages.Sort()
for _, affected := range vuln.AffectedPackages {
if pack, ok := r.Packages[affected.Name]; ok {
data = append(data, []string{"Affected PKG",
pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState)})
var line string
if pack.Repository != "" {
line = fmt.Sprintf("%s (%s)",
pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState),
pack.Repository)
} else {
line = fmt.Sprintf("%s",
pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState),
)
}
data = append(data, []string{"Affected Pkg", line})
if len(pack.AffectedProcs) != 0 {
for _, p := range pack.AffectedProcs {
data = append(data, []string{"",
@@ -240,10 +261,21 @@ No CVE-IDs are found in updatable packages.
for _, url := range cweURLs {
data = append(data, []string{"CWE", url})
}
for _, exploit := range vuln.Exploits {
data = append(data, []string{string(exploit.ExploitType), exploit.URL})
}
for _, url := range top10URLs {
data = append(data, []string{"OWASP Top10", url})
}
for _, alert := range vuln.AlertDict.Ja {
data = append(data, []string{"JPCERT Alert", alert.URL})
}
for _, alert := range vuln.AlertDict.En {
data = append(data, []string{"USCERT Alert", alert.URL})
}
// for _, rr := range vuln.CveContents.References(r.Family) {
// for _, ref := range rr.Value {
// data = append(data, []string{ref.Source, ref.Link})
@@ -259,10 +291,6 @@ No CVE-IDs are found in updatable packages.
"",
})
table.SetBorder(true)
table.SetHeaderColor(
tablewriter.Colors{tablewriter.Normal},
tablewriter.Colors{tablewriter.Normal},
)
table.AppendBulk(data)
table.Render()
lines += b.String() + "\n"

1
scan/base.go
View File

@@ -391,6 +391,7 @@ func (l *base) convertToModel() models.ScanResult {
JSONVersion: models.JSONVersion,
ServerName: l.ServerInfo.ServerName,
ScannedAt: time.Now(),
ScanMode: l.ServerInfo.Mode.String(),
Family: l.Distro.Family,
Release: l.Distro.Release,
Container: container,

32
scan/debian.go
View File

@@ -62,7 +62,7 @@ func detectDebian(c config.ServerInfo) (itsMe bool, deb osTypeInterface, err err
return false, deb, nil
}
if r.ExitStatus == 255 {
return false, deb, fmt.Errorf("Unable to connect via SSH. Check SSH settings. If you have never SSH to the host to be scanned, SSH to the host before scanning in order to add the HostKey. %s@%s port: %s\n%s", c.User, c.Host, c.Port, r)
return false, deb, fmt.Errorf("Unable to connect via SSH. Scan with -vvv option to print SSH debugging messages and check SSH settings. If you have never SSH to the host to be scanned, SSH to the host before scanning in order to add the HostKey. %s@%s port: %s\n%s", c.User, c.Host, c.Port, r)
}
util.Log.Debugf("Not Debian like Linux. %s", r)
return false, deb, nil
@@ -528,8 +528,8 @@ func (o *debian) fillCandidateVersion(updatables models.Packages) (err error) {
if !r.isSuccess() {
return fmt.Errorf("Failed to SSH: %s", r)
}
packChangelog := o.splitAptCachePolicy(r.Stdout)
for k, v := range packChangelog {
packAptPolicy := o.splitAptCachePolicy(r.Stdout)
for k, v := range packAptPolicy {
ver, err := o.parseAptCachePolicy(v, k)
if err != nil {
return fmt.Errorf("Failed to parse %s", err)
@@ -539,6 +539,7 @@ func (o *debian) fillCandidateVersion(updatables models.Packages) (err error) {
return fmt.Errorf("Not found: %s", k)
}
pack.NewVersion = ver.Candidate
pack.Repository = ver.Repo
updatables[k] = pack
}
return
@@ -909,27 +910,29 @@ func (o *debian) splitAptCachePolicy(stdout string) map[string]string {
lasti = i
}
packChangelog := map[string]string{}
packAptPolicy := map[string]string{}
for _, r := range splitted {
packName := r[:strings.Index(r, ":")]
packChangelog[packName] = r
packAptPolicy[packName] = r
}
return packChangelog
return packAptPolicy
}
type packCandidateVer struct {
Name string
Installed string
Candidate string
Repo string
}
// parseAptCachePolicy the stdout of parse pat-get cache policy
func (o *debian) parseAptCachePolicy(stdout, name string) (packCandidateVer, error) {
ver := packCandidateVer{Name: name}
lines := strings.Split(stdout, "\n")
isRepoline := false
for _, line := range lines {
fields := strings.Fields(line)
if len(fields) != 2 {
if len(fields) < 2 {
continue
}
switch fields[0] {
@@ -937,10 +940,23 @@ func (o *debian) parseAptCachePolicy(stdout, name string) (packCandidateVer, err
ver.Installed = fields[1]
case "Candidate:":
ver.Candidate = fields[1]
return ver, nil
goto nextline
default:
// nop
}
if ver.Candidate != "" && strings.Contains(line, ver.Candidate) {
isRepoline = true
goto nextline
}
if isRepoline {
ss := strings.Split(strings.TrimSpace(line), " ")
if len(ss) == 5 {
ver.Repo = ss[2]
return ver, nil
}
}
nextline:
}
return ver, fmt.Errorf("Unknown Format: %s", stdout)
}

3
scan/debian_test.go
View File

@@ -530,6 +530,7 @@ func TestParseAptCachePolicy(t *testing.T) {
Name: "openssl",
Installed: "1.0.2f-2ubuntu1",
Candidate: "1.0.2g-1ubuntu2",
Repo: "xenial/main",
},
},
{
@@ -550,6 +551,7 @@ func TestParseAptCachePolicy(t *testing.T) {
Name: "openssl",
Installed: "1.0.1f-1ubuntu2.16",
Candidate: "1.0.1f-1ubuntu2.17",
Repo: "trusty-updates/main",
},
},
{
@@ -570,6 +572,7 @@ func TestParseAptCachePolicy(t *testing.T) {
Name: "openssl",
Installed: "1.0.1-4ubuntu5.33",
Candidate: "1.0.1-4ubuntu5.34",
Repo: "precise-updates/main",
},
},
}

66
scan/serverapi.go
View File

@@ -20,6 +20,7 @@ package scan
import (
"errors"
"fmt"
"net"
"net/http"
"os"
"path/filepath"
@@ -84,6 +85,30 @@ type osPackages struct {
Kernel models.Kernel
}
// Retry as it may stall on the first SSH connection
// https://github.com/future-architect/vuls/pull/753
func detectDebianWithRetry(c config.ServerInfo) (itsMe bool, deb osTypeInterface, err error) {
type Response struct {
itsMe bool
deb osTypeInterface
err error
}
resChan := make(chan Response, 1)
go func(c config.ServerInfo) {
itsMe, osType, fatalErr := detectDebian(c)
resChan <- Response{itsMe, osType, fatalErr}
}(c)
timeout := time.After(time.Duration(3) * time.Second)
select {
case res := <-resChan:
return res.itsMe, res.deb, res.err
case <-timeout:
time.Sleep(100 * time.Millisecond)
return detectDebian(c)
}
}
func detectOS(c config.ServerInfo) (osType osTypeInterface) {
var itsMe bool
var fatalErr error
@@ -93,7 +118,7 @@ func detectOS(c config.ServerInfo) (osType osTypeInterface) {
return
}
itsMe, osType, fatalErr = detectDebian(c)
itsMe, osType, fatalErr = detectDebianWithRetry(c)
if fatalErr != nil {
osType.setErrs([]error{
fmt.Errorf("Failed to detect OS: %s", fatalErr)})
@@ -571,12 +596,19 @@ func scanVulns(jsonDir string, scannedAt time.Time, timeoutSec int) error {
}, timeoutSec)
hostname, _ := os.Hostname()
ipv4s, ipv6s, err := ip()
if err != nil {
util.Log.Errorf("Failed to fetch scannedIPs: %s", err)
}
for _, s := range append(servers, errServers...) {
r := s.convertToModel()
r.ScannedAt = scannedAt
r.ScannedVersion = config.Version
r.ScannedRevision = config.Revision
r.ScannedBy = hostname
r.ScannedIPv4Addrs = ipv4s
r.ScannedIPv6Addrs = ipv6s
r.Config.Scan = config.Conf
results = append(results, r)
}
@@ -595,6 +627,38 @@ func scanVulns(jsonDir string, scannedAt time.Time, timeoutSec int) error {
return nil
}
// ip returns scanner network ip addresses
func ip() (ipv4Addrs []string, ipv6Addrs []string, err error) {
ifaces, err := net.Interfaces()
if err != nil {
return nil, nil, err
}
for _, i := range ifaces {
addrs, _ := i.Addrs()
for _, addr := range addrs {
var ip net.IP
switch v := addr.(type) {
case *net.IPNet:
ip = v.IP
case *net.IPAddr:
ip = v.IP
}
// only global unicast address
if !ip.IsGlobalUnicast() {
continue
}
if ok := ip.To4(); ok != nil {
ipv4Addrs = append(ipv4Addrs, ip.String())
} else {
ipv6Addrs = append(ipv6Addrs, ip.String())
}
}
}
return ipv4Addrs, ipv6Addrs, nil
}
// EnsureResultDir ensures the directory for scan results
func EnsureResultDir(scannedAt time.Time) (currentDir string, err error) {
jsonDirName := scannedAt.Format(time.RFC3339)