fix(report): fix cvedb-url, add -cvedb-type=http (#734 )

* fix(report): fix cvedb-url, add -cvedb-type=http * feat(report): support go-exploitdb server mode * update deps * implement tui * fix server mode * fix(tui): default value of cvedb-type to "" * update deps
fix new cve contents (#735 )
2018-11-16 21:22:18 +09:00 · 2018-11-15 13:43:06 +09:00 · 2018-11-12 17:36:53 +09:00 · 2018-11-10 12:36:12 +09:00 · 2018-11-05 15:35:50 +09:00
22 changed files with 474 additions and 330 deletions
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -2,18 +2,26 @@


 [[projects]]
-  digest = "1:2f806c4d4e9dee6f144c59099abfa9243a42a8ad9fe0d648273f6f192de6174a"
+  digest = "1:b92928b73320648b38c93cacb9082c0fe3f8ac3383ad9bd537eef62c380e0e7a"
+  name = "contrib.go.opencensus.io/exporter/ocagent"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "00af367e65149ff1f2f4b93bbfbb84fd9297170d"
+  version = "v0.2.0"
+
+[[projects]]
+  digest = "1:386f6cd33248f04fc465df500e66d21892f0712e26c60d25b7ce3c678abaf2c0"
  name = "github.com/Azure/azure-sdk-for-go"
  packages = [
    "storage",
    "version",
  ]
  pruneopts = "UT"
-  revision = "ef9744da754d0cf00d0cfeae7d1a83f2245a4b1c"
-  version = "v21.2.0"
+  revision = "9699bdefa481d47c5c7638a1cc05d87ce53601fd"
+  version = "v22.2.2"

 [[projects]]
-  digest = "1:1fe87891e29a291377b0b2224b99fd857553dff7dce8a6ffb5fda003ce52a8b0"
+  digest = "1:6b4743cf9d77747c1a772673333f8d6dfbfa93ffac858faae1333ffb7f0dfc4b"
  name = "github.com/Azure/go-autorest"
  packages = [
    "autorest",
@@ -21,11 +29,12 @@
    "autorest/azure",
    "autorest/date",
    "logger",
+    "tracing",
    "version",
  ]
  pruneopts = "UT"
-  revision = "4b7f49dc5db2e1e6d528524d269b4181981a7ebf"
-  version = "v11.1.1"
+  revision = "528b76fd0ebec0682f3e3da7c808cd472b999615"
+  version = "v11.2.7"

 [[projects]]
  digest = "1:9f3b30d9f8e0d7040f729b82dcbc8f0dead820a133b3147ce355fc451f32d761"
@@ -52,7 +61,7 @@
  version = "v9"

 [[projects]]
-  digest = "1:b75da992f409ab285c5c2d57869d3df50e1d6869d25bee46bb04571a81db53d9"
+  digest = "1:176bfeb168867283ee97848f5e2cf9a0b6c9f395ea8c6d547907dfba845e0249"
  name = "github.com/aws/aws-sdk-go"
  packages = [
    "aws",
@@ -72,6 +81,7 @@
    "aws/request",
    "aws/session",
    "aws/signer/v4",
+    "internal/ini",
    "internal/s3err",
    "internal/sdkio",
    "internal/sdkrand",
@@ -89,8 +99,8 @@
    "service/sts",
  ]
  pruneopts = "UT"
-  revision = "66832f7f150914a46ffbfc03210f3b9cb0e4c005"
-  version = "v1.15.57"
+  revision = "64fc3d5c40fffc817c1cc1c1d89a6e482bf1120d"
+  version = "v1.15.77"

 [[projects]]
  digest = "1:0f98f59e9a2f4070d66f0c9c39561f68fcd1dc837b22a852d28d0003aebd1b1e"
@@ -108,6 +118,19 @@
  revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e"
  version = "v2.0.0"

+[[projects]]
+  digest = "1:65b0d980b428a6ad4425f2df4cd5410edd81f044cf527bd1c345368444649e58"
+  name = "github.com/census-instrumentation/opencensus-proto"
+  packages = [
+    "gen-go/agent/common/v1",
+    "gen-go/agent/trace/v1",
+    "gen-go/resource/v1",
+    "gen-go/trace/v1",
+  ]
+  pruneopts = "UT"
+  revision = "7f2434bc10da710debe5c4315ed6d4df454b4024"
+  version = "v0.1.0"
+
 [[projects]]
  digest = "1:e04c00d619875ce5fa67180891984a9b1fadcc031af36bcd7a3509cbdad1df15"
  name = "github.com/cheggaaa/pb"
@@ -141,15 +164,7 @@
  version = "v1.4.7"

 [[projects]]
-  digest = "1:15e27372d379b45b18ac917b9dafc45c45485239490ece18cca97a12f9591146"
-  name = "github.com/go-ini/ini"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "9c8236e659b76e87bf02044d06fde8683008ff3e"
-  version = "v1.39.0"
-
-[[projects]]
-  digest = "1:7c2fd446293ff7799cc496d3446e674ee67902d119f244de645caf95dff1bb98"
+  digest = "1:34a9a60fade37f8009ed4a19e02924198aba3eabfcc120ee5c6002b7de17212d"
  name = "github.com/go-redis/redis"
  packages = [
    ".",
@@ -162,16 +177,16 @@
    "internal/util",
  ]
  pruneopts = "UT"
-  revision = "f3bba01df2026fc865f7782948845db9cf44cf23"
-  version = "v6.14.1"
+  revision = "b3d9bf10f6666b2ee5100a6f3f84f4caf3b4e37d"
+  version = "v6.14.2"

 [[projects]]
-  digest = "1:adea5a94903eb4384abef30f3d878dc9ff6b6b5b0722da25b82e5169216dfb61"
+  digest = "1:ec6f9bf5e274c833c911923c9193867f3f18788c461f76f05f62bb1510e0ae65"
  name = "github.com/go-sql-driver/mysql"
  packages = ["."]
  pruneopts = "UT"
-  revision = "d523deb1b23d913de5bdada721a6071e71283618"
-  version = "v1.4.0"
+  revision = "72cd26f257d44c1114970e19afddcd812016007e"
+  version = "v1.4.1"

 [[projects]]
  digest = "1:586ea76dbd0374d6fb649a91d70d652b7fe0ccffb8910a77468e7702e7901f3d"
@@ -181,6 +196,21 @@
  revision = "2fee6af1a9795aafbe0253a0cfbdf668e1fb8a9a"
  version = "v1.8.0"

+[[projects]]
+  digest = "1:8f0705fa33e8957018611cc81c65cb373b626c092d39931bb86882489fc4c3f4"
+  name = "github.com/golang/protobuf"
+  packages = [
+    "proto",
+    "ptypes",
+    "ptypes/any",
+    "ptypes/duration",
+    "ptypes/timestamp",
+    "ptypes/wrappers",
+  ]
+  pruneopts = "UT"
+  revision = "aa810b61a9c79d51363740d207bb46cf8e620ed5"
+  version = "v1.2.0"
+
 [[projects]]
  branch = "master"
  digest = "1:df265b7f54410945dad5cf5979d91461b9fa7ff9b397ab58d2d577002a8a0e24"
@@ -363,7 +393,7 @@

 [[projects]]
  branch = "master"
-  digest = "1:336333e5514fc6178cdb4245f64cc34f9c0212daa523a5267e357a7535d5470f"
+  digest = "1:cdd699c1d929e96f96846789e99d5f019c15f714102a1bb108575d36789d577b"
  name = "github.com/kotakanbe/go-cve-dictionary"
  packages = [
    "config",
@@ -372,7 +402,7 @@
    "models",
  ]
  pruneopts = "UT"
-  revision = "bff11c4b0f9d2915f21f49d4530c99033898dbca"
+  revision = "9549cd396c408c11f7d5cb6e4286dc8e7d9c6419"

 [[projects]]
  digest = "1:54d3c90db1164399906830313a6fce7770917d7e4a12da8f2d8693d18ff5ef27"
@@ -404,15 +434,15 @@
  revision = "928f7356cb964637e2489a6ef37eee55181676c5"

 [[projects]]
-  digest = "1:faee5b9f53eb1ae4eb04708c040c8c4dd685ce46509671e57a08520a15c54368"
+  digest = "1:01eb0269028d3c2e21b5b6cd9b1ba81bc4170ab293fcffa84e3aa3a6138a92e8"
  name = "github.com/labstack/gommon"
  packages = [
    "color",
    "log",
  ]
  pruneopts = "UT"
-  revision = "2a618302b929cc20862dda3aa6f02f64dbe740dd"
-  version = "v0.2.7"
+  revision = "7fd9f68ece0bcb1a905fac8f1549f0083f71c51b"
+  version = "v0.2.8"

 [[projects]]
  digest = "1:b18ffc558326ebaed3b4a175617f1e12ed4e3f53d6ebfe5ba372a3de16d22278"
@@ -467,12 +497,12 @@
  version = "v0.0.3"

 [[projects]]
-  digest = "1:3cafc6a5a1b8269605d9df4c6956d43d8011fc57f266ca6b9d04da6c09dee548"
+  digest = "1:4a49346ca45376a2bba679ca0e83bec949d780d4e927931317904bad482943ec"
  name = "github.com/mattn/go-sqlite3"
  packages = ["."]
  pruneopts = "UT"
-  revision = "25ecb14adfc7543176f7d85291ec7dba82c6f7e4"
-  version = "v1.9.0"
+  revision = "c7c4067b79cc51e6dfdcef5c702e74b1e0fa7c75"
+  version = "v1.10.0"

 [[projects]]
  branch = "master"
@@ -499,16 +529,16 @@
  version = "v1.1.2"

 [[projects]]
-  branch = "master"
  digest = "1:7aefb397a53fc437c90f0fdb3e1419c751c5a3a165ced52325d5d797edf1aca6"
  name = "github.com/moul/http2curl"
  packages = ["."]
  pruneopts = "UT"
  revision = "9ac6cf4d929b2fa8fd2d2e6dec5bb0feb4f4911d"
+  version = "v1.0.0"

 [[projects]]
  branch = "master"
-  digest = "1:c72d41e2be29143a802361f175f9eafe81ecd35119b80b7673bb3e997b086687"
+  digest = "1:f763c78fbcdc2e0938585b2c64ecd97761507af96f95a004d8cbb2feb23d3eaa"
  name = "github.com/mozqnet/go-exploitdb"
  packages = [
    "db",
@@ -516,7 +546,7 @@
    "util",
  ]
  pruneopts = "UT"
-  revision = "b359807ea9b24f7ce80d1bfa02ffca5ed428ffb5"
+  revision = "48cac6d5786efbed25a10034dff534e5efd8617a"

 [[projects]]
  digest = "1:95d38d218bf2290987c6b0e885a9f0f2d3d3239235acaddca01c3fe36e5e5566"
@@ -531,19 +561,19 @@

 [[projects]]
  branch = "master"
-  digest = "1:f335d800550786b6f51ddaedb9d1107a7a72f4a2195e5b039dd7c0e103e119bc"
+  digest = "1:01d9e47830ef6077fb6f91033b0e83f324ad5966d11ed3daa4a5822ace876dab"
  name = "github.com/nsf/termbox-go"
  packages = ["."]
  pruneopts = "UT"
-  revision = "b66b20ab708e289ff1eb3e218478302e6aec28ce"
+  revision = "60ab7e3d12ed91bc1b2486559c4b3a6b62297577"

 [[projects]]
-  branch = "master"
-  digest = "1:f611266e3ac01ab4adb6f1d67f6c1be82998d02f452faff450596658712d860b"
+  digest = "1:abcdbf03ca6ca13d3697e2186edc1f33863bbdac2b3a44dfa39015e8903f7409"
  name = "github.com/olekukonko/tablewriter"
  packages = ["."]
  pruneopts = "UT"
-  revision = "be2c049b30ccd4d3fd795d6bf7dce74e42eeedaa"
+  revision = "e6d60cf7ba1f42d86d54cdf5508611c4aafb3970"
+  version = "v0.0.1"

 [[projects]]
  digest = "1:d776f3e95774a8719f2e57fabbbb33103035fe072dcf6f1864f33abd17b753e5"
@@ -587,11 +617,11 @@

 [[projects]]
  branch = "master"
-  digest = "1:b17bd7b89f445e9c4b82f6144a8fe41e60d921fbe4279f669f9464b277927254"
+  digest = "1:84b4f0801dc5a4137a0364b492b581fff859b3eca3979f6fca6e3d2c2e373cf5"
  name = "github.com/sirupsen/logrus"
  packages = ["."]
  pruneopts = "UT"
-  revision = "680f584d621da87ee04ea659130e149ba9d23cae"
+  revision = "44067abb194b1bc8b342e1f2120f8d3ea691b834"

 [[projects]]
  digest = "1:6a4a11ba764a56d2758899ec6f3848d24698d48442ebce85ee7a3f63284526cd"
@@ -605,12 +635,12 @@
  version = "v1.1.2"

 [[projects]]
-  digest = "1:516e71bed754268937f57d4ecb190e01958452336fa73dbac880894164e91c1f"
+  digest = "1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc"
  name = "github.com/spf13/cast"
  packages = ["."]
  pruneopts = "UT"
-  revision = "8965335b8c7107321228e3e3702cab9832751bac"
-  version = "v1.2.0"
+  revision = "8c9545af88b134710ab1cd196795e7f2388358d7"
+  version = "v1.3.0"

 [[projects]]
  digest = "1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb"
@@ -660,9 +690,33 @@
  pruneopts = "UT"
  revision = "0a0be1dd9d0855b50be0be5a10ad3085382b6d59"

+[[projects]]
+  digest = "1:2ae8314c44cd413cfdb5b1df082b350116dd8d2fff973e62c01b285b7affd89e"
+  name = "go.opencensus.io"
+  packages = [
+    ".",
+    "exemplar",
+    "internal",
+    "internal/tagencoding",
+    "plugin/ochttp",
+    "plugin/ochttp/propagation/b3",
+    "plugin/ochttp/propagation/tracecontext",
+    "stats",
+    "stats/internal",
+    "stats/view",
+    "tag",
+    "trace",
+    "trace/internal",
+    "trace/propagation",
+    "trace/tracestate",
+  ]
+  pruneopts = "UT"
+  revision = "b7bf3cdb64150a8c8c53b769fdeb2ba581bd4d4b"
+  version = "v0.18.0"
+
 [[projects]]
  branch = "master"
-  digest = "1:1e63ada43d2806f05965163d1b7d0de9366d60a9077eb1b0c3618156b445e713"
+  digest = "1:29bbd24a92d33c22d209247c0d0e42caeb90ff17802d9c64faaa79299213cf0a"
  name = "golang.org/x/crypto"
  packages = [
    "curve25519",
@@ -676,30 +730,43 @@
    "ssh/terminal",
  ]
  pruneopts = "UT"
-  revision = "0c41d7ab0a0ee717d4590a44bcb987dfd9e183eb"
+  revision = "3d3f9f413869b949e48070b5bc593aa22cc2b8f2"

 [[projects]]
  branch = "master"
-  digest = "1:fa44bfbd6a531dbb03a45ba46765f876abd24579fcf6d1b64b8546b98a00f15b"
+  digest = "1:025c818c2258943954db285ddf18924b51f7ab6dd567b070299dc56c05bea037"
  name = "golang.org/x/net"
  packages = [
    "context",
+    "http/httpguts",
+    "http2",
+    "http2/hpack",
    "idna",
+    "internal/timeseries",
    "publicsuffix",
+    "trace",
  ]
  pruneopts = "UT"
-  revision = "04a2e542c03f1d053ab3e4d6e5abcd4b66e2be8e"
+  revision = "adae6a3d119ae4890b46832a2e88a95adc62b8e7"

 [[projects]]
  branch = "master"
-  digest = "1:f5aa274a0377f85735edc7fedfb0811d3cbc20af91633797cb359e29c3272271"
+  digest = "1:5e4d81c50cffcb124b899e4f3eabec3930c73532f0096c27f94476728ba03028"
+  name = "golang.org/x/sync"
+  packages = ["semaphore"]
+  pruneopts = "UT"
+  revision = "42b317875d0fa942474b76e1b46a6060d720ae6e"
+
+[[projects]]
+  branch = "master"
+  digest = "1:6a875550c3b582f6c2d7e2ce44aba792511f00016d7c46b0a4fb26f730ef3058"
  name = "golang.org/x/sys"
  packages = [
    "unix",
    "windows",
  ]
  pruneopts = "UT"
-  revision = "fa43e7bc11baaae89f3f902b2b4d832b68234844"
+  revision = "66b7b1311ac80bbafcd2daeef9a5e6e2cd1e2399"

 [[projects]]
  digest = "1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18"
@@ -724,13 +791,64 @@
  revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
  version = "v0.3.0"

+[[projects]]
+  branch = "master"
+  digest = "1:5f003878aabe31d7f6b842d4de32b41c46c214bb629bb485387dbcce1edf5643"
+  name = "google.golang.org/api"
+  packages = ["support/bundler"]
+  pruneopts = "UT"
+  revision = "83a9d304b1e613fc253e1e2710778642fe81af53"
+
 [[projects]]
  digest = "1:c25289f43ac4a68d88b02245742347c94f1e108c534dda442188015ff80669b3"
  name = "google.golang.org/appengine"
  packages = ["cloudsql"]
  pruneopts = "UT"
-  revision = "ae0ab99deb4dc413a2b4bd6c8bdd0eb67f1e4d06"
-  version = "v1.2.0"
+  revision = "4a4468ece617fc8205e99368fa2200e9d1fad421"
+  version = "v1.3.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:56b0bca90b7e5d1facf5fbdacba23e4e0ce069d25381b8e2f70ef1e7ebfb9c1a"
+  name = "google.golang.org/genproto"
+  packages = ["googleapis/rpc/status"]
+  pruneopts = "UT"
+  revision = "b5d43981345bdb2c233eb4bf3277847b48c6fdc6"
+
+[[projects]]
+  digest = "1:c3ad9841823db6da420a5625b367913b4ff54bbe60e8e3c98bd20e243e62e2d2"
+  name = "google.golang.org/grpc"
+  packages = [
+    ".",
+    "balancer",
+    "balancer/base",
+    "balancer/roundrobin",
+    "codes",
+    "connectivity",
+    "credentials",
+    "encoding",
+    "encoding/proto",
+    "grpclog",
+    "internal",
+    "internal/backoff",
+    "internal/channelz",
+    "internal/envconfig",
+    "internal/grpcrand",
+    "internal/transport",
+    "keepalive",
+    "metadata",
+    "naming",
+    "peer",
+    "resolver",
+    "resolver/dns",
+    "resolver/passthrough",
+    "stats",
+    "status",
+    "tap",
+  ]
+  pruneopts = "UT"
+  revision = "2e463a05d100327ca47ac218281906921038fd95"
+  version = "v1.16.0"

 [[projects]]
  digest = "1:e626376fab8608a972d47e91b3c1bbbddaecaf1d42b82be6dcc52d10a7557893"
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -32,6 +32,10 @@
  name = "github.com/kotakanbe/go-cve-dictionary"
  branch = "master"

+[[constraint]]
+  name = "github.com/mozqnet/go-exploitdb"
+  branch = "master"
+
 [prune]
  go-tests = true
  unused-packages = true
--- a/commands/report.go
+++ b/commands/report.go
@@ -86,18 +86,18 @@ func (*ReportCmd) Usage() string {
 		[-debug]
 		[-debug-sql]
 		[-pipe]
-		[-cvedb-type=sqlite3|mysql|postgres|redis]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
 		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
 		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
 		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
 		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis]
+		[-gostdb-type=sqlite3|mysql|redis|http]
 		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
 		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
-		[-exploitdb-type=sqlite3|mysql|redis]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
 		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
-		[-exploitdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
 		[-http="http://vuls-report-server"]

 		[RFC3339 datetime format under results dir]
@@ -171,25 +171,25 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
 	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE")

 	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
-		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
 		"http://go-cve-dictionary.com:1323 or DB connection string")

 	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
-		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
+		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
 		"http://goval-dictionary.com:1324 or DB connection string")

 	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
-		"DB type of gost (sqlite3, mysql, postgres or redis)")
+		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
 		"http://gost.com:1325 or DB connection string")

 	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
-		"DB type of exploit (sqlite3, mysql, postgres or redis)")
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
 		"http://exploit.com:1326 or DB connection string")
@@ -350,31 +350,21 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 			return subcommands.ExitUsageError
 		}

-		if err := report.CveClient.CheckHealth(); err != nil {
-			util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-sqlite3-path option instead of -cvedb-url")
-			return subcommands.ExitFailure
-		}
 		if c.Conf.CveDict.URL != "" {
-			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
-		} else {
-			if c.Conf.CveDict.Type == "sqlite3" {
-				util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
+			if err := report.CveClient.CheckHealth(); err != nil {
+				util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
+				util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+				return subcommands.ExitFailure
 			}
 		}

 		if c.Conf.OvalDict.URL != "" {
-			util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
 			err := oval.Base{}.CheckHTTPHealth()
 			if err != nil {
 				util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-				util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-sqlite3-path option instead of -ovaldb-url")
+				util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
 				return subcommands.ExitFailure
 			}
-		} else {
-			if c.Conf.OvalDict.Type == "sqlite3" {
-				util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
-			}
 		}

 		if c.Conf.Gost.URL != "" {
@@ -382,27 +372,18 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 			err := gost.Base{}.CheckHTTPHealth()
 			if err != nil {
 				util.Log.Errorf("gost HTTP server is not running. err: %s", err)
-				util.Log.Errorf("Run gost as server mode before reporting or run with -gostdb-sqlite3-path option instead of -gostdb-url")
+				util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
 				return subcommands.ExitFailure
 			}
-		} else {
-			if c.Conf.Gost.Type == "sqlite3" {
-				util.Log.Infof("gost: %s", c.Conf.Gost.SQLite3Path)
-			}
 		}

 		if c.Conf.Exploit.URL != "" {
-			util.Log.Infof("exploit: %s", c.Conf.Exploit.URL)
 			err := exploit.CheckHTTPHealth()
 			if err != nil {
 				util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
-				util.Log.Errorf("Run exploit as server mode before reporting or run with -exploitdb-sqlite3-path option instead of -exploitdb-url")
+				util.Log.Errorf("Run go-exploitdb as server mode before reporting")
 				return subcommands.ExitFailure
 			}
-		} else {
-			if c.Conf.Exploit.Type == "sqlite3" {
-				util.Log.Infof("exploit: %s", c.Conf.Exploit.SQLite3Path)
-			}
 		}
 		dbclient, locked, err := report.NewDBClient(report.DBClientConf{
 			CveDictCnf:  c.Conf.CveDict,
--- a/commands/server.go
+++ b/commands/server.go
@@ -28,6 +28,8 @@ import (
 	// "github.com/future-architect/vuls/Server"

 	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/server"
@@ -38,11 +40,12 @@ import (

 // ServerCmd is subcommand for server
 type ServerCmd struct {
-	configPath string
-	listen     string
-	cvelDict   c.GoCveDictConf
-	ovalDict   c.GovalDictConf
-	gostConf   c.GostConf
+	configPath  string
+	listen      string
+	cveDict     c.GoCveDictConf
+	ovalDict    c.GovalDictConf
+	gostConf    c.GostConf
+	exploitConf c.ExploitConf
 }

 // Name return subcommand name
@@ -59,36 +62,26 @@ func (*ServerCmd) Usage() string {
 		[-config=/path/to/config.toml]
 		[-log-dir=/path/to/log]
 		[-cvss-over=7]
-		[-diff]
 		[-ignore-unscored-cves]
 		[-ignore-unfixed]
-		[-to-email]
-		[-to-slack]
-		[-to-stride]
-		[-to-hipchat]
-		[-to-chatwork]
 		[-to-localfile]
-		[-to-s3]
-		[-to-azure-blob]
 		[-format-json]
-		[-format-xml]
-		[-format-one-email]
-		[-format-one-line-text]
-		[-format-list]
-		[-format-full-text]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-debug]
 		[-debug-sql]
 		[-listen=localhost:5515]
-		[-cvedb-type=sqlite3|mysql|postgres|redis]
-		[-cvedb-path=/path/to/cve.sqlite3]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
 		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis]
-		[-ovaldb-path=/path/to/oval.sqlite3]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
 		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis]
-		[-gostdb-path=/path/to/gost.sqlite3]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
 		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]

 		[RFC3339 datetime format under results dir]
 `
@@ -128,23 +121,29 @@ func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
 	f.StringVar(&p.listen, "listen", "localhost:5515",
 		"host:port (default: localhost:5515)")

-	f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
-		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
 		"http://go-cve-dictionary.com:1323 or DB connection string")

 	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
-		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3")
+		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
 		"http://goval-dictionary.com:1324 or DB connection string")

 	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
-		"DB type of gost (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
+		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
 		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
+		"http://exploit.com:1326 or DB connection string")
 }

 // Execute execute
@@ -152,39 +151,59 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	util.Log = util.NewCustomLogger(c.ServerInfo{})
 	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)

-	c.Conf.CveDict.Overwrite(p.cvelDict)
+	if err := c.Load(p.configPath, ""); err != nil {
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		return subcommands.ExitUsageError
+	}
+
+	c.Conf.CveDict.Overwrite(p.cveDict)
 	c.Conf.OvalDict.Overwrite(p.ovalDict)
 	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.Exploit.Overwrite(p.exploitConf)

 	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnReport() {
 		return subcommands.ExitUsageError
 	}

-	if err := report.CveClient.CheckHealth(); err != nil {
-		util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
-		util.Log.Errorf("Run go-cve-dictionary as server mode before Servering or run with -cvedb-path option")
-		return subcommands.ExitFailure
+	util.Log.Info("Validating db config...")
+	if !c.Conf.ValidateOnReportDB() {
+		return subcommands.ExitUsageError
 	}
+
 	if c.Conf.CveDict.URL != "" {
-		util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
-	} else {
-		if c.Conf.CveDict.Type == "sqlite3" {
-			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+			return subcommands.ExitFailure
 		}
 	}

 	if c.Conf.OvalDict.URL != "" {
-		util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
 		err := oval.Base{}.CheckHTTPHealth()
 		if err != nil {
 			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before Servering or run with -ovaldb-path option")
+			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
 			return subcommands.ExitFailure
 		}
-	} else {
-		if c.Conf.OvalDict.Type == "sqlite3" {
-			util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
+	}
+
+	if c.Conf.Gost.URL != "" {
+		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+		err := gost.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("gost HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Exploit.URL != "" {
+		err := exploit.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
+			return subcommands.ExitFailure
 		}
 	}

@@ -192,6 +211,7 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		CveDictCnf:  c.Conf.CveDict,
 		OvalDictCnf: c.Conf.OvalDict,
 		GostCnf:     c.Conf.Gost,
+		ExploitCnf:  c.Conf.Exploit,
 		DebugSQL:    c.Conf.DebugSQL,
 	})
 	if locked {
--- a/commands/tui.go
+++ b/commands/tui.go
@@ -37,7 +37,7 @@ import (
 // TuiCmd is Subcommand of host discovery mode
 type TuiCmd struct {
 	configPath  string
-	cvelDict    c.GoCveDictConf
+	cveDict     c.GoCveDictConf
 	ovalDict    c.GovalDictConf
 	gostConf    c.GostConf
 	exploitConf c.ExploitConf
@@ -64,15 +64,18 @@ func (*TuiCmd) Usage() string {
 		[-debug]
 		[-debug-sql]
 		[-pipe]
-		[-cvedb-type=sqlite3|mysql|postgres|redis]
-		[-cvedb-path=/path/to/cve.sqlite3]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
 		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis]
-		[-ovaldb-path=/path/to/oval.sqlite3]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
 		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis]
-		[-gostdb-path=/path/to/gost.sqlite3]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
 		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]

 `
 }
@@ -111,10 +114,10 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {

 	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")

-	f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
 		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
 		"http://go-cve-dictionary.com:1323 or DB connection string")

 	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
@@ -130,7 +133,7 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
 		"http://gost.com:1325 or DB connection string")

 	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
-		"DB type of exploit (sqlite3, mysql, postgres or redis)")
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
 		"http://exploit.com:1326 or DB connection string")
@@ -150,7 +153,7 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 		return subcommands.ExitUsageError
 	}

-	c.Conf.CveDict.Overwrite(p.cvelDict)
+	c.Conf.CveDict.Overwrite(p.cveDict)
 	c.Conf.OvalDict.Overwrite(p.ovalDict)
 	c.Conf.Gost.Overwrite(p.gostConf)
 	c.Conf.Exploit.Overwrite(p.exploitConf)
@@ -179,31 +182,26 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 	}
 	util.Log.Infof("Loaded: %s", dir)

-	if err := report.CveClient.CheckHealth(); err != nil {
-		util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
-		util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-sqlite3-path option instead of -cvedb-url")
-		return subcommands.ExitFailure
+	util.Log.Info("Validating db config...")
+	if !c.Conf.ValidateOnReportDB() {
+		return subcommands.ExitUsageError
 	}
+
 	if c.Conf.CveDict.URL != "" {
-		util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
-	} else {
-		if c.Conf.CveDict.Type == "sqlite3" {
-			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+			return subcommands.ExitFailure
 		}
 	}

 	if c.Conf.OvalDict.URL != "" {
-		util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
 		err := oval.Base{}.CheckHTTPHealth()
 		if err != nil {
 			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-sqlite3-path option instead of -ovaldb-url")
+			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
 			return subcommands.ExitFailure
 		}
-	} else {
-		if c.Conf.OvalDict.Type == "sqlite3" {
-			util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
-		}
 	}

 	if c.Conf.Gost.URL != "" {
@@ -211,27 +209,18 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 		err := gost.Base{}.CheckHTTPHealth()
 		if err != nil {
 			util.Log.Errorf("gost HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run gost as server mode before reporting or run with -gostdb-sqlite3-path option instead of -gostdb-url")
+			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
 			return subcommands.ExitFailure
 		}
-	} else {
-		if c.Conf.Gost.Type == "sqlite3" {
-			util.Log.Infof("gost: %s", c.Conf.Gost.SQLite3Path)
-		}
 	}

 	if c.Conf.Exploit.URL != "" {
-		util.Log.Infof("exploit: %s", c.Conf.Exploit.URL)
 		err := exploit.CheckHTTPHealth()
 		if err != nil {
 			util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run exploit as server mode before reporting or run with -exploitdb-sqlite3-path option instead of -exploitdb-url")
+			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
 			return subcommands.ExitFailure
 		}
-	} else {
-		if c.Conf.Exploit.Type == "sqlite3" {
-			util.Log.Infof("exploit: %s", c.Conf.Exploit.SQLite3Path)
-		}
 	}
 	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
 		CveDictCnf:  c.Conf.CveDict,
--- a/config/config.go
+++ b/config/config.go
@@ -33,7 +33,7 @@ import (
 )

 // Version of Vuls
-var Version = "0.5.0"
+var Version = "0.6.1"

 // Revision of Git
 var Revision string
@@ -236,6 +236,14 @@ func (c Config) ValidateOnReportDB() bool {
 		errs = append(errs, err)
 	}

+	if err := validateDB("gostdb", c.Gost.Type, c.Gost.SQLite3Path, c.Gost.URL); err != nil {
+		errs = append(errs, err)
+	}
+
+	if err := validateDB("exploitdb", c.Exploit.Type, c.Exploit.SQLite3Path, c.Exploit.URL); err != nil {
+		errs = append(errs, err)
+	}
+
 	for _, err := range errs {
 		log.Error(err)
 	}
@@ -328,39 +336,42 @@ func (c Config) ValidateOnTui() bool {
 // validateDB validates configuration
 //  dictionaryDB name is 'cvedb' or 'ovaldb'
 func validateDB(dictionaryDBName, dbType, dbPath, dbURL string) error {
+	log.Infof("-%s-type: %s, -%s-url: %s, -%s-path: %s",
+		dictionaryDBName, dbType, dictionaryDBName, dbURL, dictionaryDBName, dbPath)
+
 	switch dbType {
 	case "sqlite3":
+		if dbURL != "" {
+			return fmt.Errorf("To use SQLite3, specify -%s-type=sqlite3 and -%s-path. To use as http server mode, specify -%s-type=http and -%s-url",
+				dictionaryDBName, dictionaryDBName, dictionaryDBName, dictionaryDBName)
+		}
 		if ok, _ := valid.IsFilePath(dbPath); !ok {
-			return fmt.Errorf(
-				"SQLite3 DB path (%s) must be a *Absolute* file path. -%s-path: %s",
-				dictionaryDBName,
-				dictionaryDBName,
-				dbPath)
+			return fmt.Errorf("SQLite3 path must be a *Absolute* file path. -%s-path: %s",
+				dictionaryDBName, dbPath)
 		}
 	case "mysql":
 		if dbURL == "" {
-			return fmt.Errorf(
-				`MySQL connection string is needed. -%s-url="user:pass@tcp(localhost:3306)/dbname"`,
+			return fmt.Errorf(`MySQL connection string is needed. -%s-url="user:pass@tcp(localhost:3306)/dbname"`,
 				dictionaryDBName)
 		}
 	case "postgres":
 		if dbURL == "" {
-			return fmt.Errorf(
-				`PostgreSQL connection string is needed. -%s-url="host=myhost user=user dbname=dbname sslmode=disable password=password"`,
+			return fmt.Errorf(`PostgreSQL connection string is needed. -%s-url="host=myhost user=user dbname=dbname sslmode=disable password=password"`,
 				dictionaryDBName)
 		}
 	case "redis":
 		if dbURL == "" {
-			return fmt.Errorf(
-				`Redis connection string is needed. -%s-url="redis://localhost/0"`,
+			return fmt.Errorf(`Redis connection string is needed. -%s-url="redis://localhost/0"`,
+				dictionaryDBName)
+		}
+	case "http":
+		if dbURL == "" {
+			return fmt.Errorf(`URL is needed. -%s-url="http://localhost:1323"`,
 				dictionaryDBName)
 		}
 	default:
-		return fmt.Errorf(
-			"%s type must be either 'sqlite3', 'mysql', 'postgres' or 'redis'.  -%s-type: %s",
-			dictionaryDBName,
-			dictionaryDBName,
-			dbType)
+		return fmt.Errorf("%s type must be either 'sqlite3', 'mysql', 'postgres', 'redis' or 'http'.  -%s-type: %s",
+			dictionaryDBName, dictionaryDBName, dbType)
 	}
 	return nil
 }
@@ -783,6 +794,11 @@ func (cnf *GoCveDictConf) Overwrite(cmdOpt GoCveDictConf) {
 	cnf.setDefault()
 }

+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GoCveDictConf) IsFetchViaHTTP() bool {
+	return Conf.CveDict.Type == "http"
+}
+
 // GovalDictConf is goval-dictionary config
 type GovalDictConf struct {

@@ -837,6 +853,11 @@ func (cnf *GovalDictConf) Overwrite(cmdOpt GovalDictConf) {
 	cnf.setDefault()
 }

+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GovalDictConf) IsFetchViaHTTP() bool {
+	return Conf.OvalDict.Type == "http"
+}
+
 // GostConf is gost config
 type GostConf struct {
 	// DB type for gost dictionary (sqlite3, mysql, postgres or redis)
@@ -890,6 +911,11 @@ func (cnf *GostConf) Overwrite(cmdOpt GostConf) {
 	cnf.setDefault()
 }

+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GostConf) IsFetchViaHTTP() bool {
+	return Conf.Gost.Type == "http"
+}
+
 // ExploitConf is exploit config
 type ExploitConf struct {
 	// DB type for exploit dictionary (sqlite3, mysql, postgres or redis)
@@ -943,6 +969,11 @@ func (cnf *ExploitConf) Overwrite(cmdOpt ExploitConf) {
 	cnf.setDefault()
 }

+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *ExploitConf) IsFetchViaHTTP() bool {
+	return Conf.Exploit.Type == "http"
+}
+
 // AWS is aws config
 type AWS struct {
 	// AWS profile to use
--- a/exploit/exploit.go
+++ b/exploit/exploit.go
@@ -18,11 +18,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package exploit

 import (
+	"encoding/json"
 	"fmt"
 	"net/http"

 	cnf "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
 	"github.com/mozqnet/go-exploitdb/db"
 	exploitmodels "github.com/mozqnet/go-exploitdb/models"
 	"github.com/parnurzeal/gorequest"
@@ -30,49 +32,68 @@ import (

 // FillWithExploit fills exploit information that has in Exploit
 func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
-	if isFetchViaHTTP() {
-		// TODO
-		return 0, fmt.Errorf("We are not yet supporting data acquisition in exploitdb server mode")
-	}
-
-	if driver == nil {
-		return 0, nil
-	}
-	for cveID, vuln := range r.ScannedCves {
-		es := driver.GetExploitByCveID(cveID)
-		if len(es) == 0 {
-			continue
+	if cnf.Conf.Exploit.IsFetchViaHTTP() {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves")
+		responses, err := getCvesViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			exps := []*exploitmodels.Exploit{}
+			if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
+				return 0, err
+			}
+			exploits := convertToModels(exps)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.Exploits = exploits
+			}
+			r.ScannedCves[res.request.cveID] = v
+			nExploitCve++
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for cveID, vuln := range r.ScannedCves {
+			es := driver.GetExploitByCveID(cveID)
+			if len(es) == 0 {
+				continue
+			}
+			exploits := convertToModels(es)
+			vuln.Exploits = exploits
+			r.ScannedCves[cveID] = vuln
+			nExploitCve++
 		}
-		exploits := ConvertToModel(es)
-		vuln.Exploits = exploits
-		r.ScannedCves[cveID] = vuln
-		nExploitCve++
 	}
 	return nExploitCve, nil
 }

-// ConvertToModel converts gost model to vuls model
-func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
+// convertToModels converts gost model to vuls model
+func convertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
 	for _, e := range es {
 		var documentURL, paperURL, shellURL *string
-		var description string
-		if e.Document != nil {
-			documentURL = &e.Document.DocumentURL
-			description = e.Document.Description
-		}
-		if e.ShellCode != nil {
-			shellURL = &e.ShellCode.ShellCodeURL
-			description = e.ShellCode.Description
-		}
-		if e.Paper != nil {
-			paperURL = &e.Paper.PaperURL
-			description = e.Paper.Description
+		if e.OffensiveSecurity != nil {
+			os := e.OffensiveSecurity
+			if os.Document != nil {
+				documentURL = &os.Document.DocumentURL
+			}
+			if os.ShellCode != nil {
+				shellURL = &os.ShellCode.ShellCodeURL
+			}
+			if os.Paper != nil {
+				paperURL = &os.Paper.PaperURL
+			}
 		}
 		exploit := models.Exploit{
-			ExploitType:  models.ExploitDB,
-			ID:           e.ExploitDBID,
-			URL:          e.ExploitDBURL,
-			Description:  description,
+			ExploitType:  e.ExploitType,
+			ID:           e.ExploitUniqueID,
+			URL:          e.URL,
+			Description:  e.Description,
 			DocumentURL:  documentURL,
 			ShellCodeURL: shellURL,
 			PaperURL:     paperURL,
@@ -84,7 +105,7 @@ func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) {

 // CheckHTTPHealth do health check
 func CheckHTTPHealth() error {
-	if !isFetchViaHTTP() {
+	if !cnf.Conf.Exploit.IsFetchViaHTTP() {
 		return nil
 	}

@@ -112,8 +133,3 @@ func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
 	//TODO
 	return true, nil
 }
-
-func isFetchViaHTTP() bool {
-	// Default value of OvalDBType is sqlite3
-	return cnf.Conf.Exploit.URL != "" && cnf.Conf.Exploit.Type == "sqlite3"
-}
--- a/gost/debian.go
+++ b/gost/debian.go
@@ -55,7 +55,7 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, e
 	}

 	packCvesList := []packCves{}
-	if deb.isFetchViaHTTP() {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
 		responses, err := getAllUnfixedCvesViaHTTP(r, url)
 		if err != nil {
@@ -115,7 +115,11 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, e
 		for _, cve := range p.cves {
 			v, ok := r.ScannedCves[cve.CveID]
 			if ok {
-				v.CveContents[models.DebianSecurityTracker] = cve
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(cve)
+				} else {
+					v.CveContents[models.DebianSecurityTracker] = cve
+				}
 			} else {
 				v = models.VulnInfo{
 					CveID:       cve.CveID,
--- a/gost/gost.go
+++ b/gost/gost.go
@@ -60,7 +60,7 @@ type Base struct {

 // CheckHTTPHealth do health check
 func (b Base) CheckHTTPHealth() error {
-	if !b.isFetchViaHTTP() {
+	if !cnf.Conf.Gost.IsFetchViaHTTP() {
 		return nil
 	}

@@ -89,11 +89,6 @@ func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err erro
 	return true, nil
 }

-func (b Base) isFetchViaHTTP() bool {
-	// Default value of OvalDBType is sqlite3
-	return cnf.Conf.Gost.URL != "" && cnf.Conf.Gost.Type == "sqlite3"
-}
-
 // Pseudo is Gost client except for RedHat family and Debian
 type Pseudo struct {
 	Base
--- a/gost/microsoft.go
+++ b/gost/microsoft.go
@@ -45,6 +45,9 @@ func (ms Microsoft) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int,
 		}
 		cveCont := ms.ConvertToModel(&msCve)
 		v, _ := r.ScannedCves[cveID]
+		if v.CveContents == nil {
+			v.CveContents = models.CveContents{}
+		}
 		v.CveContents[models.Microsoft] = *cveCont
 		r.ScannedCves[cveID] = v
 	}
--- a/gost/redhat.go
+++ b/gost/redhat.go
@@ -51,7 +51,7 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 		cveIDs = append(cveIDs, cveID)
 	}

-	if red.isFetchViaHTTP() {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
 			"redhat", "cves")
 		responses, err := getCvesViaHTTP(cveIDs, prefix)
@@ -67,8 +67,20 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 				continue
 			}
 			cveCont := red.ConvertToModel(&redCve)
-			v, _ := r.ScannedCves[res.request.cveID]
-			v.CveContents[models.RedHatAPI] = *cveCont
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(*cveCont)
+				} else {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cveCont.CveID,
+					CveContents: models.NewCveContents(*cveCont),
+					Confidences: models.Confidences{models.RedHatAPIMatch},
+				}
+			}
 			r.ScannedCves[res.request.cveID] = v
 		}
 	} else {
@@ -80,8 +92,20 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 				continue
 			}
 			cveCont := red.ConvertToModel(&redCve)
-			v, _ := r.ScannedCves[cveID]
-			v.CveContents[models.RedHatAPI] = *cveCont
+			v, ok := r.ScannedCves[cveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(*cveCont)
+				} else {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cveCont.CveID,
+					CveContents: models.NewCveContents(*cveCont),
+					Confidences: models.Confidences{models.RedHatAPIMatch},
+				}
+			}
 			r.ScannedCves[cveID] = v
 		}
 	}
@@ -90,7 +114,7 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 }

 func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
-	if red.isFetchViaHTTP() {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
 			"redhat", major(r.Release), "pkgs")
 		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
@@ -108,14 +132,10 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
 				cveCont := red.ConvertToModel(&cve)
 				v, ok := r.ScannedCves[cve.Name]
 				if ok {
-					if _, ok := v.CveContents[models.RedHatAPI]; ok {
-						v.CveContents[models.RedHatAPI] = *cveCont
+					if v.CveContents == nil {
+						v.CveContents = models.NewCveContents(*cveCont)
 					} else {
-						v = models.VulnInfo{
-							CveID:       cveCont.CveID,
-							CveContents: models.NewCveContents(*cveCont),
-							Confidences: models.Confidences{models.RedHatAPIMatch},
-						}
+						v.CveContents[models.RedHatAPI] = *cveCont
 					}
 				} else {
 					v = models.VulnInfo{
@@ -125,7 +145,6 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
 					}
 					nCVEs++
 				}
-
 				pkgStats := red.mergePackageStates(v,
 					cve.PackageState, r.Packages, r.Release)
 				if 0 < len(pkgStats) {
@@ -146,14 +165,10 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
 				cveCont := red.ConvertToModel(&cve)
 				v, ok := r.ScannedCves[cve.Name]
 				if ok {
-					if _, ok := v.CveContents[models.RedHatAPI]; ok {
-						v.CveContents[models.RedHatAPI] = *cveCont
+					if v.CveContents == nil {
+						v.CveContents = models.NewCveContents(*cveCont)
 					} else {
-						v = models.VulnInfo{
-							CveID:       cveCont.CveID,
-							CveContents: models.NewCveContents(*cveCont),
-							Confidences: models.Confidences{models.RedHatAPIMatch},
-						}
+						v.CveContents[models.RedHatAPI] = *cveCont
 					}
 				} else {
 					v = models.VulnInfo{
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -45,6 +45,7 @@ type ScanResult struct {
 	IPv4Addrs        []string               `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
 	IPv6Addrs        []string               `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
 	ScannedAt        time.Time              `json:"scannedAt"`
+	ScanMode         string                 `json:"scanMode"`
 	ScannedVersion   string                 `json:"scannedVersion"`
 	ScannedRevision  string                 `json:"scannedRevision"`
 	ScannedBy        string                 `json:"scannedBy"`
@@ -347,7 +348,7 @@ func (r ScanResult) FormatExploitCveSummary() string {
 			nExploitCve++
 		}
 	}
-	return fmt.Sprintf("%d cves with exploit", nExploitCve)
+	return fmt.Sprintf("%d exploits", nExploitCve)
 }

 func (r ScanResult) isDisplayUpdatableNum() bool {
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -25,6 +25,7 @@ import (
 	"time"

 	"github.com/future-architect/vuls/config"
+	exploitmodels "github.com/mozqnet/go-exploitdb/models"
 )

 // VulnInfos has a map of VulnInfo
@@ -714,24 +715,16 @@ func (p DistroAdvisory) Format() string {
 	return strings.Join(buf, "\n")
 }

-// ExploitType is exploit type
-type ExploitType string
-
-const (
-	// ExploitDB : https://www.exploit-db.com/
-	ExploitDB ExploitType = "exploitdb"
-)
-
 // Exploit :
 type Exploit struct {
-	ExploitType  ExploitType `json:"exploitType"`
-	ID           string      `json:"id"`
-	URL          string      `json:"url"`
-	Description  string      `json:"description"`
-	DocumentURL  *string     `json:"documentURL,omitempty"`
-	PaperURL     *string     `json:"paperURL,omitempty"`
-	ShellCodeURL *string     `json:"shellCodeURL,omitempty"`
-	BinaryURL    *string     `json:"binaryURL,omitempty"`
+	ExploitType  exploitmodels.ExploitType `json:"exploitType"`
+	ID           string                    `json:"id"`
+	URL          string                    `json:"url"`
+	Description  string                    `json:"description"`
+	DocumentURL  *string                   `json:"documentURL,omitempty"`
+	PaperURL     *string                   `json:"paperURL,omitempty"`
+	ShellCodeURL *string                   `json:"shellCodeURL,omitempty"`
+	BinaryURL    *string                   `json:"binaryURL,omitempty"`
 }

 // Confidences is a list of Confidence
--- a/oval/alpine.go
+++ b/oval/alpine.go
@@ -41,7 +41,7 @@ func NewAlpine() Alpine {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o Alpine) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -133,7 +133,7 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 	}

 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
@@ -243,7 +243,7 @@ func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 	}

 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
--- a/oval/oval.go
+++ b/oval/oval.go
@@ -38,7 +38,6 @@ type Client interface {
 	// CheckIfOvalFetched checks if oval entries are in DB by family, release.
 	CheckIfOvalFetched(db.DB, string, string) (bool, error)
 	CheckIfOvalFresh(db.DB, string, string) (bool, error)
-	IsFetchViaHTTP() bool
 }

 // Base is a base struct
@@ -48,7 +47,7 @@ type Base struct {

 // CheckHTTPHealth do health check
 func (b Base) CheckHTTPHealth() error {
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		return nil
 	}

@@ -67,7 +66,7 @@ func (b Base) CheckHTTPHealth() error {

 // CheckIfOvalFetched checks if oval entries are in DB by family, release.
 func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) {
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		count, err := driver.CountDefs(osFamily, release)
 		if err != nil {
 			return false, fmt.Errorf("Failed to count OVAL defs: %s, %s, %v",
@@ -93,7 +92,7 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche
 // CheckIfOvalFresh checks if oval entries are fresh enough
 func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, err error) {
 	var lastModified time.Time
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		lastModified = driver.GetLastModified(osFamily, release)
 	} else {
 		url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release)
@@ -119,9 +118,3 @@ func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool,
 	util.Log.Infof("OVAL is fresh: %s %s ", osFamily, release)
 	return true, nil
 }
-
-// IsFetchViaHTTP checks whether fetch via HTTP
-func (b Base) IsFetchViaHTTP() bool {
-	// Default value of OvalDBType is sqlite3
-	return cnf.Conf.OvalDict.URL != "" && cnf.Conf.OvalDict.Type == "sqlite3"
-}
--- a/oval/redhat.go
+++ b/oval/redhat.go
@@ -37,7 +37,7 @@ type RedHatBase struct {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o RedHatBase) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
--- a/oval/suse.go
+++ b/oval/suse.go
@@ -43,7 +43,7 @@ func NewSUSE() SUSE {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o SUSE) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
--- a/report/cve_client.go
+++ b/report/cve_client.go
@@ -45,7 +45,7 @@ func (api *cvedictClient) initialize() {
 }

 func (api cvedictClient) CheckHealth() error {
-	if !api.isFetchViaHTTP() {
+	if !config.Conf.CveDict.IsFetchViaHTTP() {
 		util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDict.Type)
 		return nil
 	}
@@ -69,7 +69,7 @@ type response struct {
 }

 func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveDetails []cve.CveDetail, err error) {
-	if !api.isFetchViaHTTP() {
+	if !config.Conf.CveDict.IsFetchViaHTTP() {
 		for _, cveID := range cveIDs {
 			cveDetail, err := driver.Get(cveID)
 			if err != nil {
@@ -176,16 +176,8 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 	}
 }

-func (api cvedictClient) isFetchViaHTTP() bool {
-	// Default value of CveDBType is sqlite3
-	if config.Conf.CveDict.URL != "" && config.Conf.CveDict.Type == "sqlite3" {
-		return true
-	}
-	return false
-}
-
 func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName string) ([]cve.CveDetail, error) {
-	if api.isFetchViaHTTP() {
+	if config.Conf.CveDict.IsFetchViaHTTP() {
 		api.baseURL = config.Conf.CveDict.URL
 		url, err := util.URLPathJoin(api.baseURL, "cpes")
 		if err != nil {
--- a/report/db_client.go
+++ b/report/db_client.go
@@ -29,26 +29,13 @@ type DBClientConf struct {
 	DebugSQL    bool
 }

-func (c DBClientConf) isCveDBViaHTTP() bool {
-	return c.CveDictCnf.URL != "" && c.CveDictCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isOvalViaHTTP() bool {
-	return c.OvalDictCnf.URL != "" && c.OvalDictCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isGostViaHTTP() bool {
-	return c.GostCnf.URL != "" && c.GostCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isExploitViaHTTP() bool {
-	return c.ExploitCnf.URL != "" && c.ExploitCnf.Type == "sqlite3"
-}
-
 // NewDBClient returns db clients
 func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error) {
 	cveDriver, locked, err := NewCveDB(cnf)
-	if err != nil {
+	if locked {
+		return nil, true, fmt.Errorf("CveDB is locked: %s",
+			cnf.OvalDictCnf.SQLite3Path)
+	} else if err != nil {
 		return nil, locked, err
 	}

@@ -89,7 +76,7 @@ func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error)

 // NewCveDB returns cve db client
 func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {
-	if cnf.isCveDBViaHTTP() {
+	if config.Conf.CveDict.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	util.Log.Debugf("open cve-dictionary db (%s)", cnf.CveDictCnf.Type)
@@ -109,7 +96,7 @@ func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {

 // NewOvalDB returns oval db client
 func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
-	if cnf.isOvalViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.OvalDictCnf.URL
@@ -136,7 +123,7 @@ func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {

 // NewGostDB returns db client for Gost
 func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
-	if cnf.isGostViaHTTP() {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.GostCnf.URL
@@ -162,7 +149,7 @@ func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {

 // NewExploitDB returns db client for Exploit
 func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error) {
-	if cnf.isExploitViaHTTP() {
+	if config.Conf.Exploit.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.ExploitCnf.URL
--- a/report/report.go
+++ b/report/report.go
@@ -56,6 +56,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 	hostname, _ := os.Hostname()
 	for _, r := range rs {
 		if c.Conf.RefreshCve || needToRefreshCve(r) {
+			r.ScannedCves = models.VulnInfos{}
 			cpeURIs := []string{}
 			if len(r.Container.ContainerID) == 0 {
 				cpeURIs = c.Conf.Servers[r.ServerName].CpeNames
@@ -178,12 +179,12 @@ func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) erro
 		return fmt.Errorf("Failed to fill with CVE: %s", err)
 	}

-	util.Log.Infof("Fill Exploit information with Exploit-DB")
+	util.Log.Infof("Fill exploit information with Exploit-DB")
 	nExploitCve, err := FillWithExploit(dbclient.ExploitDB, r)
 	if err != nil {
 		return fmt.Errorf("Failed to fill with exploit: %s", err)
 	}
-	util.Log.Infof("%s: %d Exploits are detected with exploit",
+	util.Log.Infof("%s: %d exploits are detected",
 		r.FormatServerName(), nExploitCve)

 	fillCweDict(r)
@@ -266,16 +267,16 @@ func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error)
 		return 0, fmt.Errorf("OVAL for %s is not implemented yet", r.Family)
 	}

-	if !ovalClient.IsFetchViaHTTP() && driver == nil {
-		return 0, nil
+	if !c.Conf.OvalDict.IsFetchViaHTTP() {
+		if driver == nil {
+			return 0, nil
+		}
+		if err = driver.NewOvalDB(ovalFamily); err != nil {
+			return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
+		}
 	}

-	if err = driver.NewOvalDB(ovalFamily); err != nil {
-		return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
-	}
-
-	util.Log.Debugf("Check whether oval fetched: %s %s",
-		ovalFamily, r.Release)
+	util.Log.Debugf("Check whether oval fetched: %s %s", ovalFamily, r.Release)
 	ok, err := ovalClient.CheckIfOvalFetched(driver, ovalFamily, r.Release)
 	if err != nil {
 		return 0, err
--- a/scan/base.go
+++ b/scan/base.go
@@ -391,6 +391,7 @@ func (l *base) convertToModel() models.ScanResult {
 		JSONVersion:   models.JSONVersion,
 		ServerName:    l.ServerInfo.ServerName,
 		ScannedAt:     time.Now(),
+		ScanMode:      l.ServerInfo.Mode.String(),
 		Family:        l.Distro.Family,
 		Release:       l.Distro.Release,
 		Container:     container,
Author	SHA1	Message	Date
Kota Kanbe	7585f9d537	fix(report): fix cvedb-url, add -cvedb-type=http (#734 ) * fix(report): fix cvedb-url, add -cvedb-type=http * feat(report): support go-exploitdb server mode * update deps * implement tui * fix server mode * fix(tui): default value of cvedb-type to "" * update deps	2018-11-16 21:22:18 +09:00
sadayuki-matsuno	76037cdf72	fix new cve contents (#735 )	2018-11-15 13:43:06 +09:00
sadayuki-matsuno	98c5421edc	fix exploit db (#733 )	2018-11-12 17:36:53 +09:00
Kota Kanbe	e63fc7e3f5	fix(report): nil pointer in deep scan mode #728 (#732 )	2018-11-10 12:36:12 +09:00
sadayuki-matsuno	6ed9cf3fb4	add scan mode (#731 )	2018-11-05 15:35:50 +09:00