Vuls2020 at AVTOKYO2020 HIVE

Transcript

1. Vuls 2020 AVTOKYO2020 HIVE @ 2020/10/31 MaineK00n

2. $ whoami MaineK00n Vuls Committer Twitter: @MaineK00n I’m at Ehime,

   Japan Ehime Univ. M2 2

3. Agenda - Do you know Vuls? - AVTOKYO HIVE and

   Vuls - About updating `$ vuls scan` - Latest `$ vuls scan` - Vuls Next Update - Conclusion 3

4. Do you know Vuls? 4 https://github.com/future-architect/vuls

5. CVE-2019-11510 5 VPN environment has increased due to working from

   home, etc Attacks that exploit vulnerabilities in VPN devices Needs daily vulnerability scanning!

6. $ vuls report -format-full-text 6

7. $ vuls tui 7

8. VulsRepo 8 https://github.com/ishiDACo/vulsrepo

9. AVTOKYO HIVE and Vuls Vuls has participated in AVTOKYO HIVE

   twice! - AVTOKYO2016 HIVE(Vuls v0.1.6) - AVTOKYO2018 HIVE(Vuls v0.6.0) And today is the third time AVTOKYO2020 HIVE (Vuls v0.13.2) So I'm going to talk about updates around the scan between Vuls v0.6.0 and v0.13.2 9

10. $ vuls scan(~v.0.3.0) 10 Around this time, Vuls mainly used

    Changelog The Pull Request on the left is caches the Changelog result and the scan is really fast! But, Vuls is almost no longer using Changelog ...

11. changelog parse It's certainly hard to do this for many

    packages ... $ apt-get changelog ffmpeg 11

12. $ vuls scan(v0.4.0~v.0.6.0) OVAL Support(v0.4.0) 12 support knqyf263/gost(v0.5.0) Display exploit

    codes info(v0.6.0)

13. OVAL:Open Vulnerability and Assessment Language $ goval-dictionary select -by-package ubuntu

    20 ffmpeg x86_64 13 https://github.com/kotakanbe/goval-dictionary

14. $ vuls scan(v.0.7.0) WordPress Vulnerability Scan (core, plugin, theme) 14

    VulsDoc: Scan vulnerabilities of WordPress

15. $ vuls scan(v.0.8.0) 15 VulsDoc: Library Vulns Scan

16. $ vuls scan(v.0.11.0) 16 https://github.com/takuzoo3868/go-msfdb

17. $ vuls scan(v.0.12.0) 17

18. $ vuls scan(v.0.13.0) 18

19. Motivation to implement Port Scan 19 https://github.com/future-architect/vuls/pull/859

20. So Vuls's Port Scan is Smart! 20 In Vuls, knowing

    the port used by the package with the remaining vulnerability means that the port scan destination becomes clear. That's why Vuls’s Port Scan is smart(Accurately scan to the minimum port, so fast and silently)… However, only TCP connect scan is used, and flexible port scan is not yet possible…

21. Latest `$ vuls scan` (PR#1066) 21 https://github.com/future-architect/vuls/pull/1066

22. $ vuls scan using nmap 22 $ vuls scan $

    vuls tui

23. nmap support status 23 Only this support now! Too many

    options ...

24. For now, in PR #1066 ... I would like to

    introduce the following two options! SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sN/sF/sX: TCP Null, FIN, and Xmas scans FIREWALL/IDS EVASION AND SPOOFING: -S <IP_Address>: Spoof source address -g/--source-port <portnum>: Use given port number 24

25. Vuls Next Update In the future, I plan to work

    on the following contents - nmap support (PR#1066) - UDP port scan - Improved Vuls Native port scanner - Security Tracker is prioritized over OVAL data in Debian (PR#1053) - Update to a richer TUI 25

26. FutureVuls 26 FutureVuls - Vulsクラウドサービス Sorry, the video is in

    Japanese, but just feel the atmosphere of FutureVuls!

27. Conclusion Vuls will evolve even more! Please tell me the

    following (mention on Twitter or Discord) - How to operate nmap (environment, options, etc...) - What kind of function do you want with vuls port scan? https://github.com/future-architect/vuls 27