Documentation
¶
Index ¶
- Constants
- Variables
- func Load(path string) error
- type AWSConf
- type AzureConf
- type ChatWorkConf
- type Config
- type Container
- type ContainerSetting
- type CtiConf
- type Distro
- type EOL
- type ExploitConf
- type GitHubConf
- type GoCveDictConf
- type GoogleChatConf
- type GostConf
- type GovalDictConf
- type HTTPConf
- type JSONLoader
- type KEVulnConf
- type Loader
- type MetasploitConf
- type PortScanConf
- type ProxyConfig
- type ReportConf
- type ReportOpts
- type SMTPConf
- type SaasConf
- type ScanMode
- type ScanModule
- type ScanOpts
- type ScanTechnique
- type Server
- type ServerInfo
- type SlackConf
- type TOMLLoader
- type TelegramConf
- type TrivyOpts
- type V1
- type VulnDict
- func (cnf VulnDict) CheckHTTPHealth() error
- func (cnf VulnDict) GetDebugSQL() bool
- func (cnf VulnDict) GetName() string
- func (cnf VulnDict) GetSQLite3Path() string
- func (cnf VulnDict) GetType() string
- func (cnf VulnDict) GetURL() string
- func (cnf VulnDict) Init()
- func (cnf VulnDict) IsFetchViaHTTP() bool
- func (cnf VulnDict) Validate() error
- type VulnDictInterface
- type WindowsConf
- type WordPressConf
- type WpScanConf
Constants ¶
View Source
const ( SystemDefault = 0 WSUS = 1 WinUpdateDirect = 2 LocalCab = 3 )
Windows const
View Source
const ( // Fast is fast scan mode Fast = byte(1 << iota) // FastRoot is scanmode FastRoot // Deep is scanmode Deep // Offline is scanmode Offline )
View Source
const ( // OSPkg is scanmodule OSPkg = byte(1 << iota) // WordPress is scanmodule WordPress // Lockfile is scanmodule Lockfile // Port is scanmodule Port )
View Source
const WinUpdateSrcVulsDefault = 2
WinUpdateSrcVulsDefault is default value of WinUpdateSrc
Variables ¶
View Source
var ( // Colors has ansi color list Colors = []string{ "\033[32m", "\033[33m", "\033[36m", "\033[35m", "\033[31m", "\033[34m", } // ResetColor is reset color ResetColor = "\033[0m" )
View Source
var Revision string
Revision of Git
View Source
var Version = "`make build` or `make install` will show the version"
Version of Vuls
Functions ¶
Types ¶
type AWSConf ¶ added in v0.15.0
type AWSConf struct {
// AWS profile to use
Profile string `json:"profile"`
// AWS region to use
Region string `json:"region"`
// S3 bucket name
S3Bucket string `json:"s3Bucket"`
// /bucket/path/to/results
S3ResultsDir string `json:"s3ResultsDir"`
// The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms).
S3ServerSideEncryption string `json:"s3ServerSideEncryption"`
Enabled bool `toml:"-" json:"-"`
}
AWSConf is aws config
type AzureConf ¶ added in v0.15.0
type AzureConf struct {
// Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified
AccountName string `json:"accountName"`
// Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified
AccountKey string `json:"-"`
// Azure storage container name
ContainerName string `json:"containerName"`
Enabled bool `toml:"-" json:"-"`
}
AzureConf is azure config
type ChatWorkConf ¶ added in v0.5.0
type ChatWorkConf struct {
APIToken string `json:"-"`
Room string `json:"-"`
Enabled bool `toml:"-" json:"-"`
}
ChatWorkConf is ChatWork config
func (*ChatWorkConf) Validate ¶ added in v0.5.0
func (c *ChatWorkConf) Validate() (errs []error)
Validate validates configuration
type Config ¶
type Config struct {
logging.LogOpts
// scan, report
HTTPProxy string `valid:"url" json:"httpProxy,omitempty"`
ResultsDir string `json:"resultsDir,omitempty"`
Pipe bool `json:"pipe,omitempty"`
Default ServerInfo `json:"default,omitempty"`
Servers map[string]ServerInfo `json:"servers,omitempty"`
ScanOpts
// report
CveDict GoCveDictConf `json:"cveDict,omitempty"`
OvalDict GovalDictConf `json:"ovalDict,omitempty"`
Gost GostConf `json:"gost,omitempty"`
Exploit ExploitConf `json:"exploit,omitempty"`
Metasploit MetasploitConf `json:"metasploit,omitempty"`
KEVuln KEVulnConf `json:"kevuln,omitempty"`
Cti CtiConf `json:"cti,omitempty"`
Slack SlackConf `json:"-"`
EMail SMTPConf `json:"-"`
HTTP HTTPConf `json:"-"`
Syslog syslog.Conf `json:"-"`
AWS AWSConf `json:"-"`
Azure AzureConf `json:"-"`
ChatWork ChatWorkConf `json:"-"`
GoogleChat GoogleChatConf `json:"-"`
Telegram TelegramConf `json:"-"`
WpScan WpScanConf `json:"-"`
Saas SaasConf `json:"-"`
ReportOpts
}
Config is struct of Configuration
var Conf Config
Conf has Configuration(v2)
func (Config) ValidateOnConfigtest ¶ added in v0.2.0
ValidateOnConfigtest validates
func (*Config) ValidateOnReport ¶ added in v0.2.0
ValidateOnReport validates configuration
func (Config) ValidateOnSaaS ¶ added in v0.15.0
ValidateOnSaaS validates configuration
func (Config) ValidateOnScan ¶ added in v0.2.0
ValidateOnScan validates configuration
type ContainerSetting ¶ added in v0.5.0
type ContainerSetting struct {
Cpes []string `json:"cpes,omitempty"`
OwaspDCXMLPath string `json:"owaspDCXMLPath,omitempty"`
IgnorePkgsRegexp []string `json:"ignorePkgsRegexp,omitempty"`
IgnoreCves []string `json:"ignoreCves,omitempty"`
}
ContainerSetting is used for loading container setting in config.toml
type Distro ¶ added in v0.1.6
Distro has distribution info
func (Distro) MajorVersion ¶ added in v0.3.0
MajorVersion returns Major version
type EOL ¶ added in v0.15.0
EOL has End-of-Life information
func GetEOL ¶ added in v0.15.0
GetEOL return EOL information for the OS-release passed by args https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/redhat/redhat.go#L20
func (EOL) IsExtendedSuppportEnded ¶ added in v0.15.0
IsExtendedSuppportEnded checks now is under extended support
type ExploitConf ¶ added in v0.6.0
type ExploitConf struct {
VulnDict
}
ExploitConf is exploit config
func (*ExploitConf) Init ¶ added in v0.14.1
func (cnf *ExploitConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type GitHubConf ¶ added in v0.6.3
type GitHubConf struct {
Token string `json:"-"`
IgnoreGitHubDismissed bool `json:"ignoreGitHubDismissed,omitempty"`
}
GitHubConf is used for GitHub Security Alerts
type GoCveDictConf ¶ added in v0.5.0
type GoCveDictConf struct {
VulnDict
}
GoCveDictConf is GoCveDict config
func (*GoCveDictConf) Init ¶ added in v0.14.1
func (cnf *GoCveDictConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type GoogleChatConf ¶ added in v0.15.13
type GoogleChatConf struct {
WebHookURL string `valid:"url" json:"-" toml:"webHookURL,omitempty"`
SkipIfNoCve bool `valid:"type(bool)" json:"-" toml:"skipIfNoCve"`
ServerNameRegexp string `valid:"type(string)" json:"-" toml:"serverNameRegexp,omitempty"`
Enabled bool `valid:"type(bool)" json:"-" toml:"-"`
}
GoogleChatConf is GoogleChat config
func (*GoogleChatConf) Validate ¶ added in v0.15.13
func (c *GoogleChatConf) Validate() (errs []error)
Validate validates configuration
type GovalDictConf ¶ added in v0.5.0
type GovalDictConf struct {
VulnDict
}
GovalDictConf is goval-dictionary config
func (*GovalDictConf) Init ¶ added in v0.14.1
func (cnf *GovalDictConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type JSONLoader ¶
type JSONLoader struct {
}
JSONLoader loads configuration
func (JSONLoader) Load ¶
func (c JSONLoader) Load(_, _, _ string) (err error)
Load load the configuration JSON file specified by path arg.
type KEVulnConf ¶ added in v0.19.0
type KEVulnConf struct {
VulnDict
}
KEVulnConf is go-kev config
func (*KEVulnConf) Init ¶ added in v0.19.0
func (cnf *KEVulnConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type MetasploitConf ¶ added in v0.11.0
type MetasploitConf struct {
VulnDict
}
MetasploitConf is go-msfdb config
func (*MetasploitConf) Init ¶ added in v0.14.1
func (cnf *MetasploitConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type PortScanConf ¶ added in v0.15.12
type PortScanConf struct {
IsUseExternalScanner bool `toml:"-" json:"-"`
// Path to external scanner
ScannerBinPath string `toml:"scannerBinPath,omitempty" json:"scannerBinPath,omitempty"`
// set user has privileged
HasPrivileged bool `toml:"hasPrivileged,omitempty" json:"hasPrivileged,omitempty"`
// set the ScanTechniques for ScannerBinPath
ScanTechniques []string `toml:"scanTechniques,omitempty" json:"scanTechniques,omitempty"`
// set the FIREWALL/IDS EVASION AND SPOOFING(Use given port number)
SourcePort string `toml:"sourcePort,omitempty" json:"sourcePort,omitempty"`
}
PortScanConf is the setting for using an external port scanner
func (*PortScanConf) GetScanTechniques ¶ added in v0.15.12
func (c *PortScanConf) GetScanTechniques() []ScanTechnique
GetScanTechniques converts ScanTechniques loaded from config.toml to []scanTechniques.
func (PortScanConf) IsZero ¶ added in v0.15.12
func (c PortScanConf) IsZero() bool
IsZero return whether this struct is not specified in config.toml
func (*PortScanConf) Validate ¶ added in v0.15.12
func (c *PortScanConf) Validate() (errs []error)
Validate validates configuration
type ProxyConfig ¶ added in v0.23.4
ProxyConfig is struct of Proxy configuration
type ReportConf ¶ added in v0.15.10
type ReportConf interface {
Validate() []error
}
ReportConf is an interface to Validate Report Config
type ReportOpts ¶ added in v0.15.10
type ReportOpts struct {
CvssScoreOver float64 `json:"cvssScoreOver,omitempty"`
ConfidenceScoreOver int `json:"confidenceScoreOver,omitempty"`
NoProgress bool `json:"noProgress,omitempty"`
RefreshCve bool `json:"refreshCve,omitempty"`
IgnoreUnfixed bool `json:"ignoreUnfixed,omitempty"`
IgnoreUnscoredCves bool `json:"ignoreUnscoredCves,omitempty"`
DiffPlus bool `json:"diffPlus,omitempty"`
DiffMinus bool `json:"diffMinus,omitempty"`
Diff bool `json:"diff,omitempty"`
Lang string `json:"lang,omitempty"`
TrivyOpts
}
ReportOpts is options for report
type SMTPConf ¶ added in v0.3.0
type SMTPConf struct {
SMTPAddr string `toml:"smtpAddr,omitempty" json:"-"`
SMTPPort string `toml:"smtpPort,omitempty" valid:"port" json:"-"`
TLSMode string `toml:"tlsMode,omitempty" json:"-"`
TLSInsecureSkipVerify bool `toml:"tlsInsecureSkipVerify,omitempty" json:"-"`
User string `toml:"user,omitempty" json:"-"`
Password string `toml:"password,omitempty" json:"-"`
From string `toml:"from,omitempty" json:"-"`
To []string `toml:"to,omitempty" json:"-"`
Cc []string `toml:"cc,omitempty" json:"-"`
SubjectPrefix string `toml:"subjectPrefix,omitempty" json:"-"`
Enabled bool `toml:"-" json:"-"`
}
SMTPConf is smtp config
type SaasConf ¶ added in v0.5.0
type SaasConf struct {
GroupID int64 `json:"GroupID"`
Token string `json:"Token"`
URL string `json:"URL"`
}
SaasConf is FutureVuls config
type ScanMode ¶ added in v0.5.0
type ScanMode struct {
// contains filtered or unexported fields
}
ScanMode has a type of scan mode. fast, fast-root, deep and offline
func (ScanMode) IsFastRoot ¶ added in v0.5.0
IsFastRoot return whether scan mode is fastroot
type ScanModule ¶ added in v0.15.0
type ScanModule struct {
// contains filtered or unexported fields
}
ScanModule has a type of scan module
func (ScanModule) IsScanLockFile ¶ added in v0.15.0
func (s ScanModule) IsScanLockFile() bool
IsScanLockFile whether scanning lock file
func (ScanModule) IsScanOSPkg ¶ added in v0.15.0
func (s ScanModule) IsScanOSPkg() bool
IsScanOSPkg return whether scanning os pkg
func (ScanModule) IsScanPort ¶ added in v0.15.0
func (s ScanModule) IsScanPort() bool
IsScanPort whether scanning listening ports
func (ScanModule) IsScanWordPress ¶ added in v0.15.0
func (s ScanModule) IsScanWordPress() bool
IsScanWordPress return whether scanning wordpress
func (ScanModule) IsZero ¶ added in v0.15.0
func (s ScanModule) IsZero() bool
IsZero return the struct value are all false
type ScanOpts ¶ added in v0.15.10
type ScanOpts struct {
Vvv bool `json:"vvv,omitempty"`
}
ScanOpts is options for scan
type ScanTechnique ¶ added in v0.15.12
type ScanTechnique int
ScanTechnique is implemented to represent the supported ScanTechniques in an Enum.
const ( // NotSupportTechnique is a ScanTechnique that is currently not supported. NotSupportTechnique ScanTechnique = iota // TCPSYN is SYN scan TCPSYN // TCPConnect is TCP connect scan TCPConnect // TCPACK is ACK scan TCPACK // TCPWindow is Window scan TCPWindow // TCPMaimon is Maimon scan TCPMaimon // TCPNull is Null scan TCPNull // TCPFIN is FIN scan TCPFIN // TCPXmas is Xmas scan TCPXmas )
func (ScanTechnique) String ¶ added in v0.15.12
func (s ScanTechnique) String() string
type Server ¶ added in v0.23.4
type Server struct {
Host string
UUID string
WinUpdateSrc string
WinUpdateSrcInt int `json:"-" toml:"-"` // for internal used (not specified in config.toml)
CabPath string
IgnoredJSONKeys []string
}
Server is Configuration of the server to be scanned.
type ServerInfo ¶
type ServerInfo struct {
BaseName string `toml:"-" json:"-"`
ServerName string `toml:"-" json:"serverName,omitempty"`
User string `toml:"user,omitempty" json:"user,omitempty"`
Host string `toml:"host,omitempty" json:"host,omitempty"`
IgnoreIPAddresses []string `toml:"ignoreIPAddresses,omitempty" json:"ignoreIPAddresses,omitempty"`
JumpServer []string `toml:"jumpServer,omitempty" json:"jumpServer,omitempty"`
Port string `toml:"port,omitempty" json:"port,omitempty"`
SSHConfigPath string `toml:"sshConfigPath,omitempty" json:"sshConfigPath,omitempty"`
KeyPath string `toml:"keyPath,omitempty" json:"keyPath,omitempty"`
CpeNames []string `toml:"cpeNames,omitempty" json:"cpeNames,omitempty"`
ScanMode []string `toml:"scanMode,omitempty" json:"scanMode,omitempty"`
ScanModules []string `toml:"scanModules,omitempty" json:"scanModules,omitempty"`
OwaspDCXMLPath string `toml:"owaspDCXMLPath,omitempty" json:"owaspDCXMLPath,omitempty"`
ContainersOnly bool `toml:"containersOnly,omitempty" json:"containersOnly,omitempty"`
ContainersIncluded []string `toml:"containersIncluded,omitempty" json:"containersIncluded,omitempty"`
ContainersExcluded []string `toml:"containersExcluded,omitempty" json:"containersExcluded,omitempty"`
ContainerType string `toml:"containerType,omitempty" json:"containerType,omitempty"`
Containers map[string]ContainerSetting `toml:"containers,omitempty" json:"containers,omitempty"`
IgnoreCves []string `toml:"ignoreCves,omitempty" json:"ignoreCves,omitempty"`
IgnorePkgsRegexp []string `toml:"ignorePkgsRegexp,omitempty" json:"ignorePkgsRegexp,omitempty"`
GitHubRepos map[string]GitHubConf `toml:"githubs" json:"githubs,omitempty"` // key: owner/repo
UUIDs map[string]string `toml:"uuids,omitempty" json:"uuids,omitempty"`
Memo string `toml:"memo,omitempty" json:"memo,omitempty"`
Enablerepo []string `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, Alma, Rocky, RHEL, Amazon
Optional map[string]interface{} `toml:"optional,omitempty" json:"optional,omitempty"` // Optional key-value set that will be outputted to JSON
Lockfiles []string `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"` // ie) path/to/package-lock.json
FindLock bool `toml:"findLock,omitempty" json:"findLock,omitempty"`
FindLockDirs []string `toml:"findLockDirs,omitempty" json:"findLockDirs,omitempty"`
Type string `toml:"type,omitempty" json:"type,omitempty"` // "pseudo" or ""
IgnoredJSONKeys []string `toml:"ignoredJSONKeys,omitempty" json:"ignoredJSONKeys,omitempty"`
WordPress *WordPressConf `toml:"wordpress,omitempty" json:"wordpress,omitempty"`
PortScan *PortScanConf `toml:"portscan,omitempty" json:"portscan,omitempty"`
Windows *WindowsConf `toml:"windows,omitempty" json:"windows,omitempty"`
IPv4Addrs []string `toml:"-" json:"ipv4Addrs,omitempty"`
IPv6Addrs []string `toml:"-" json:"ipv6Addrs,omitempty"`
IPSIdentifiers map[string]string `toml:"-" json:"ipsIdentifiers,omitempty"`
// internal use
LogMsgAnsiColor string `toml:"-" json:"-"` // DebugLog Color
Container Container `toml:"-" json:"-"`
Distro Distro `toml:"-" json:"-"`
Mode ScanMode `toml:"-" json:"-"`
Module ScanModule `toml:"-" json:"-"`
}
ServerInfo has SSH Info, additional CPE packages to scan.
func (ServerInfo) GetServerName ¶ added in v0.1.7
func (s ServerInfo) GetServerName() string
GetServerName returns ServerName if this serverInfo is about host. If this serverInfo is about a container, returns containerID@ServerName
func (ServerInfo) IsContainer ¶ added in v0.1.4
func (s ServerInfo) IsContainer() bool
IsContainer returns whether this ServerInfo is about container
func (*ServerInfo) SetContainer ¶ added in v0.1.4
func (s *ServerInfo) SetContainer(d Container)
SetContainer set container
type SlackConf ¶
type SlackConf struct {
HookURL string `valid:"url" json:"-" toml:"hookURL,omitempty"`
LegacyToken string `json:"-" toml:"legacyToken,omitempty"`
Channel string `json:"-" toml:"channel,omitempty"`
IconEmoji string `json:"-" toml:"iconEmoji,omitempty"`
AuthUser string `json:"-" toml:"authUser,omitempty"`
NotifyUsers []string `toml:"notifyUsers,omitempty" json:"-"`
Text string `json:"-"`
Enabled bool `toml:"-" json:"-"`
}
SlackConf is slack config
type TOMLLoader ¶
type TOMLLoader struct {
}
TOMLLoader loads config
func (TOMLLoader) Load ¶
func (c TOMLLoader) Load(pathToToml string) error
Load load the configuration TOML file specified by path arg.
type TelegramConf ¶ added in v0.6.2
type TelegramConf struct {
Token string `json:"-"`
ChatID string `json:"-"`
Enabled bool `toml:"-" json:"-"`
}
TelegramConf is Telegram config
func (*TelegramConf) Validate ¶ added in v0.6.2
func (c *TelegramConf) Validate() (errs []error)
Validate validates configuration
type TrivyOpts ¶ added in v0.25.0
type TrivyOpts struct {
TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
TrivyJavaDBRepository string `json:"trivyJavaDBRepository,omitempty"`
TrivySkipJavaDBUpdate bool `json:"trivySkipJavaDBUpdate,omitempty"`
}
TrivyOpts is options for trivy DBs
type V1 ¶ added in v0.23.4
type V1 struct {
Version string
Servers map[string]Server
Proxy ProxyConfig
}
V1 is Struct of Configuration
var ConfV1 V1
ConfV1 has old version Configuration for windows
type VulnDict ¶ added in v0.15.10
type VulnDict struct {
Name string
// DB type of CVE dictionary (sqlite3, mysql, postgres or redis)
Type string
// http://cve-dictionary.com:1323 or DB connection string
URL string `json:"-"`
// /path/to/cve.sqlite3
SQLite3Path string
DebugSQL bool
}
VulnDict is a base struct of vuln dicts
func (VulnDict) CheckHTTPHealth ¶ added in v0.15.10
CheckHTTPHealth checks http server status
func (VulnDict) GetDebugSQL ¶ added in v0.15.10
GetDebugSQL return debugSQL flag
func (VulnDict) GetSQLite3Path ¶ added in v0.15.10
GetSQLite3Path return the path of SQLite3
func (VulnDict) IsFetchViaHTTP ¶ added in v0.15.10
IsFetchViaHTTP returns if fetch via HTTP
type VulnDictInterface ¶ added in v0.15.10
type VulnDictInterface interface {
Init()
Validate() error
IsFetchViaHTTP() bool
CheckHTTPHealth() error
GetName() string
GetType() string
GetURL() string
GetSQLite3Path() string
GetDebugSQL() bool
}
VulnDictInterface is an interface of vulnsrc
type WindowsConf ¶ added in v0.23.0
type WindowsConf struct {
ServerSelection int `toml:"serverSelection,omitempty" json:"serverSelection,omitempty"`
CabPath string `toml:"cabPath,omitempty" json:"cabPath,omitempty"`
}
WindowsConf used for Windows Update Setting
func (*WindowsConf) Validate ¶ added in v0.23.0
func (c *WindowsConf) Validate() []error
Validate validates configuration
type WordPressConf ¶ added in v0.7.0
type WordPressConf struct {
OSUser string `toml:"osUser,omitempty" json:"osUser,omitempty"`
DocRoot string `toml:"docRoot,omitempty" json:"docRoot,omitempty"`
CmdPath string `toml:"cmdPath,omitempty" json:"cmdPath,omitempty"`
NoSudo bool `toml:"noSudo,omitempty" json:"noSudo,omitempty"`
}
WordPressConf used for WordPress Scanning
func (WordPressConf) IsZero ¶ added in v0.15.0
func (cnf WordPressConf) IsZero() bool
IsZero return whether this struct is not specified in config.toml
type WpScanConf ¶ added in v0.15.0
type WpScanConf struct {
Token string `toml:"token,omitempty" json:"-"`
DetectInactive bool `toml:"detectInactive,omitempty" json:"detectInactive,omitempty"`
}
WpScanConf is wpscan.com config
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.