Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Vuls2020 at AVTOKYO2020 HIVE

October 31, 2020

Vuls2020 at AVTOKYO2020 HIVE

I will edit some of the slides I presented at AVTOKYO 2020 HIVE and publish them.


October 31, 2020

More Decks by MaineK00n

Other Decks in Programming


  1. Agenda - Do you know Vuls? - AVTOKYO HIVE and

    Vuls - About updating `$ vuls scan` - Latest `$ vuls scan` - Vuls Next Update - Conclusion 3
  2. CVE-2019-11510 5 VPN environment has increased due to working from

    home, etc Attacks that exploit vulnerabilities in VPN devices Needs daily vulnerability scanning!
  3. AVTOKYO HIVE and Vuls Vuls has participated in AVTOKYO HIVE

    twice! - AVTOKYO2016 HIVE(Vuls v0.1.6) - AVTOKYO2018 HIVE(Vuls v0.6.0) And today is the third time AVTOKYO2020 HIVE (Vuls v0.13.2) So I'm going to talk about updates around the scan between Vuls v0.6.0 and v0.13.2 9
  4. $ vuls scan(~v.0.3.0) 10 Around this time, Vuls mainly used

    Changelog The Pull Request on the left is caches the Changelog result and the scan is really fast! But, Vuls is almost no longer using Changelog ...
  5. changelog parse It's certainly hard to do this for many

    packages ... $ apt-get changelog ffmpeg 11
  6. OVAL:Open Vulnerability and Assessment Language $ goval-dictionary select -by-package ubuntu

    20 ffmpeg x86_64 13 https://github.com/kotakanbe/goval-dictionary
  7. So Vuls's Port Scan is Smart! 20 In Vuls, knowing

    the port used by the package with the remaining vulnerability means that the port scan destination becomes clear. That's why Vuls’s Port Scan is smart(Accurately scan to the minimum port, so fast and silently)… However, only TCP connect scan is used, and flexible port scan is not yet possible…
  8. For now, in PR #1066 ... I would like to

    introduce the following two options! SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sN/sF/sX: TCP Null, FIN, and Xmas scans FIREWALL/IDS EVASION AND SPOOFING: -S <IP_Address>: Spoof source address -g/--source-port <portnum>: Use given port number 24
  9. Vuls Next Update In the future, I plan to work

    on the following contents - nmap support (PR#1066) - UDP port scan - Improved Vuls Native port scanner - Security Tracker is prioritized over OVAL data in Debian (PR#1053) - Update to a richer TUI 25
  10. FutureVuls 26 FutureVuls - Vulsクラウドサービス Sorry, the video is in

    Japanese, but just feel the atmosphere of FutureVuls!
  11. Conclusion Vuls will evolve even more! Please tell me the

    following (mention on Twitter or Discord) - How to operate nmap (environment, options, etc...) - What kind of function do you want with vuls port scan? https://github.com/future-architect/vuls 27