Check Windows Vulnerabilities Right Now with Vuls!

ReiPenguin — Tue, 16 May 2023 10:24:53 +0000

Introduction

Hi, I'm Rei, an engineer at Future Corporation.
I'm currently responsible for development and support at FutureVuls, a vulnerability management cloud service.
In this post, I would like to introduce a new feature of "Vuls," an open-source software that our team maintains.

Vulnerability Detection

How do you check for vulnerabilities in your company's servers and software? Leaving vulnerabilities unaddressed can pose a significant risk of cyberattacks and result in significant damages to the company.
Therefore, it is essential to take measures to address them.
However, vulnerability management that involves manual information gathering and impact investigation can be overwhelming and cause frustration.

Try using Vuls in such situations, our solution to this problem.
Vuls is a tool that automatically detects vulnerabilities in servers and software by consolidating information from various sources, such as OVAL, SecurityTracker, NVD, and JVN vulnerability databases.

Moreover, our commercial vulnerability management cloud service, FutureVuls, provides features like automatic risk assessment of detected vulnerabilities and differential management through ticketing, enabling you to automate the entire vulnerability management process.

We're proud to share that Vuls has nearly 10,000 stars on GitHub!

Until now, Vuls did not support Windows.

According to a report by the Cybersecurity & Infrastructure Security Agency (CISA) in the United States, in 2021, more than half of the top 15 vulnerabilities frequently used in cyber attacks were related to Windows.
Therefore, it is crucial to focus on updating Windows and managing vulnerabilities, but there are very few open-source vulnerability scanners for Windows that are continuously maintained.

"Do I have to buy the commercial version to detect vulnerabilities on Windows? Is this the limit of open-source software?"
You might have been struggling like this, but we have good news for you!

The Windows scanning functionality that was previously only available for the cloud service version has been ported to allow OSS Vuls to scan Windows as well.

To introduce this new feature, we will try scanning Windows servers in this article!

Trying vulnerability scanning with Vuls on a Windows server

I am going to create a Vuls execution environment on a Windows server and try server scanning.
The target server for this is a Windows Server 2012 that I have at home.

The execution steps are as follows:

Obtain the Vuls vulnerability scanning tool and the Gost vulnerability database creation tool.
Execute Gost to create a database for detecting vulnerabilities on Windows.
Execute vuls.exe scan and vuls.exe report to perform the vulnerability scan and check the results.

It's amazing that vulnerability detection can be done with just these steps, it's so simple!
Let's take a look at the actual operational procedures below.

Obtaining the tools

Download the executable file from the GitHub repository according to your environment.

vuls : Select the latest version of the vuls executable from here
gost : Select the latest version of the gost executable from here

Create vulnerability database for detection

We will create a database locally to detect vulnerabilities on Windows.

gost.exe fetch microsoft

Create a configuration file (config.toml) for the scan, and define the path to the database created here.
(Please adjust the part of sqlite3Path according to your own environment)

# config.toml 
[gost]
type = "sqlite3"
sqlite3Path =  "C:\\Users\\User\\vuls\\gost.sqlite3"  # Edit here
[servers]
[servers.localhost]
host = "localhost"
port = "local"

Execute scan and report

With the above steps, the preparation for Windows scan is completed!
Let's perform the scan.

vuls.exe scan

The scan results will be displayed.

Let's display the list of detected vulnerabilities.

vuls.exe report

The detected vulnerabilities on your server and their CVSS scores were displayed in tabular format.

Windows updates are provided in units of KB, but it can be cumbersome to associate KB with CVSS scores and other information on the internet.
With Vuls, vulnerabilities contained in unapplied KBs are expanded into CVEs and their CVSS scores are displayed, making it easier to determine whether or not to address them.

Note that items with evaluation of 0.0 or '?' are those without CVSS scores set.

It's convenient to be able to automate the usual cumbersome vulnerability detection process with simple setup steps! The final output is presented in a table format, which makes it very easy to read.

Conclusion: Vuls is the Go-To Vulnerability Scanner

Vuls scanner is a free and open-source tool that anyone can use. In this article, we introduced how to use Vuls for Windows scanning, but Vuls is compatible with various operating systems. Please make use of it as one of the tools for vulnerability detection.

However, simply finding vulnerabilities is not enough. Vulnerability response involves appropriately addressing the risks based on their severity. The cloud-based version of FutureVuls supports for vulnerabilities detected by Vuls, from automatic determination of response priority to resolution.

This is the end of my introduction to Windows scan using the open-source Vuls tool.

Thank you!!

DEV Community: ReiPenguin