Documentation ¶
Index ¶
- Constants
- Variables
- func Load(path, keyPass string) error
- type AWSConf
- type AzureConf
- type ChatWorkConf
- type Config
- type Container
- type ContainerSetting
- type Distro
- type EOL
- type ExploitConf
- type GitHubConf
- type GoCveDictConf
- type GostConf
- type GovalDictConf
- type HTTPConf
- type IPS
- type JSONLoader
- type Loader
- type MetasploitConf
- type SMTPConf
- type SaasConf
- type ScanMode
- type ScanModule
- type ServerInfo
- type SlackConf
- type SyslogConf
- type TOMLLoader
- type TelegramConf
- type WordPressConf
- type WpScanConf
Constants ¶
const ( // RedHat is RedHat = "redhat" // Debian is Debian = "debian" // Ubuntu is Ubuntu = "ubuntu" // CentOS is CentOS = "centos" // Amazon is Amazon = "amazon" // Oracle is Oracle = "oracle" // FreeBSD is FreeBSD = "freebsd" // Raspbian is Raspbian = "raspbian" // Windows is Windows = "windows" // OpenSUSE is OpenSUSE = "opensuse" // OpenSUSELeap is OpenSUSELeap = "opensuse.leap" // SUSEEnterpriseServer is SUSEEnterpriseServer = "suse.linux.enterprise.server" // SUSEEnterpriseDesktop is SUSEEnterpriseDesktop = "suse.linux.enterprise.desktop" // SUSEOpenstackCloud is SUSEOpenstackCloud = "suse.openstack.cloud" // Alpine is Alpine = "alpine" // ServerTypePseudo is used for ServerInfo.Type, r.Family ServerTypePseudo = "pseudo" )
const ( // Fast is fast scan mode Fast = byte(1 << iota) // FastRoot is scanmode FastRoot // Deep is scanmode Deep // Offline is scanmode Offline )
const ( // OSPkg is scanmodule OSPkg = byte(1 << iota) // WordPress is scanmodule WordPress // Lockfile is scanmodule Lockfile // Port is scanmodule Port )
Variables ¶
var ( // Colors has ansi color list Colors = []string{ "\033[32m", "\033[33m", "\033[36m", "\033[35m", "\033[31m", "\033[34m", } // ResetColor is reset color ResetColor = "\033[0m" )
var Revision string
Revision of Git
var Version = "`make build` or `make install` will show the version"
Version of Vuls
Functions ¶
Types ¶
type AWSConf ¶ added in v0.15.0
type AWSConf struct { // AWS profile to use Profile string `json:"profile"` // AWS region to use Region string `json:"region"` // S3 bucket name S3Bucket string `json:"s3Bucket"` // /bucket/path/to/results S3ResultsDir string `json:"s3ResultsDir"` // The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms). S3ServerSideEncryption string `json:"s3ServerSideEncryption"` }
AWSConf is aws config
type AzureConf ¶ added in v0.15.0
type AzureConf struct { // Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified AccountName string `json:"accountName"` // Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified AccountKey string `json:"-"` // Azure storage container name ContainerName string `json:"containerName"` }
AzureConf is azure config
type ChatWorkConf ¶ added in v0.5.0
ChatWorkConf is ChatWork config
func (*ChatWorkConf) Validate ¶ added in v0.5.0
func (c *ChatWorkConf) Validate() (errs []error)
Validate validates configuration
type Config ¶
type Config struct { Debug bool `json:"debug,omitempty"` DebugSQL bool `json:"debugSQL,omitempty"` Lang string `json:"lang,omitempty"` HTTPProxy string `valid:"url" json:"httpProxy,omitempty"` LogDir string `json:"logDir,omitempty"` ResultsDir string `json:"resultsDir,omitempty"` Pipe bool `json:"pipe,omitempty"` Quiet bool `json:"quiet,omitempty"` NoProgress bool `json:"noProgress,omitempty"` SSHNative bool `json:"sshNative,omitempty"` Vvv bool `json:"vvv,omitempty"` Default ServerInfo `json:"default,omitempty"` Servers map[string]ServerInfo `json:"servers,omitempty"` CvssScoreOver float64 `json:"cvssScoreOver,omitempty"` IgnoreUnscoredCves bool `json:"ignoreUnscoredCves,omitempty"` IgnoreUnfixed bool `json:"ignoreUnfixed,omitempty"` IgnoreGitHubDismissed bool `json:"ignore_git_hub_dismissed,omitempty"` CacheDBPath string `json:"cacheDBPath,omitempty"` TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"` CveDict GoCveDictConf `json:"cveDict,omitempty"` OvalDict GovalDictConf `json:"ovalDict,omitempty"` Gost GostConf `json:"gost,omitempty"` Exploit ExploitConf `json:"exploit,omitempty"` Metasploit MetasploitConf `json:"metasploit,omitempty"` Slack SlackConf `json:"-"` EMail SMTPConf `json:"-"` HTTP HTTPConf `json:"-"` Syslog SyslogConf `json:"-"` AWS AWSConf `json:"-"` Azure AzureConf `json:"-"` ChatWork ChatWorkConf `json:"-"` Telegram TelegramConf `json:"-"` WpScan WpScanConf `json:"WpScan,omitempty"` Saas SaasConf `json:"-"` DetectIPS bool `json:"detectIps,omitempty"` RefreshCve bool `json:"refreshCve,omitempty"` ToSlack bool `json:"toSlack,omitempty"` ToChatWork bool `json:"toChatWork,omitempty"` ToTelegram bool `json:"ToTelegram,omitempty"` ToEmail bool `json:"toEmail,omitempty"` ToSyslog bool `json:"toSyslog,omitempty"` ToLocalFile bool `json:"toLocalFile,omitempty"` ToS3 bool `json:"toS3,omitempty"` ToAzureBlob bool `json:"toAzureBlob,omitempty"` ToHTTP bool `json:"toHTTP,omitempty"` FormatXML bool `json:"formatXML,omitempty"` FormatJSON bool `json:"formatJSON,omitempty"` FormatOneEMail bool `json:"formatOneEMail,omitempty"` FormatOneLineText bool `json:"formatOneLineText,omitempty"` FormatList bool `json:"formatList,omitempty"` FormatFullText bool `json:"formatFullText,omitempty"` FormatCsvList bool `json:"formatCsvList,omitempty"` GZIP bool `json:"gzip,omitempty"` Diff bool `json:"diff,omitempty"` }
Config is struct of Configuration
var Conf Config
Conf has Configuration
func (Config) ValidateOnConfigtest ¶ added in v0.2.0
ValidateOnConfigtest validates
func (Config) ValidateOnReport ¶ added in v0.2.0
ValidateOnReport validates configuration
func (Config) ValidateOnReportDB ¶ added in v0.5.0
ValidateOnReportDB validates configuration
func (Config) ValidateOnSaaS ¶ added in v0.15.0
ValidateOnSaaS validates configuration
func (Config) ValidateOnScan ¶ added in v0.2.0
ValidateOnScan validates configuration
func (Config) ValidateOnTui ¶ added in v0.2.0
ValidateOnTui validates configuration
type ContainerSetting ¶ added in v0.5.0
type ContainerSetting struct { Cpes []string `json:"cpes,omitempty"` OwaspDCXMLPath string `json:"owaspDCXMLPath,omitempty"` IgnorePkgsRegexp []string `json:"ignorePkgsRegexp,omitempty"` IgnoreCves []string `json:"ignoreCves,omitempty"` }
ContainerSetting is used for loading container setting in config.toml
type Distro ¶ added in v0.1.6
Distro has distribution info
func (Distro) MajorVersion ¶ added in v0.3.0
MajorVersion returns Major version
type EOL ¶ added in v0.15.0
EOL has End-of-Life information
func GetEOL ¶ added in v0.15.0
GetEOL return EOL information for the OS-release passed by args https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/redhat/redhat.go#L20
func (EOL) IsExtendedSuppportEnded ¶ added in v0.15.0
IsExtendedSuppportEnded checks now is under extended support
type ExploitConf ¶ added in v0.6.0
type ExploitConf struct { // DB type for exploit dictionary (sqlite3, mysql, postgres or redis) Type string // http://exploit-dictionary.com:1324 or DB connection string URL string `json:"-"` // /path/to/exploit.sqlite3 SQLite3Path string `json:"-"` }
ExploitConf is exploit config
func (*ExploitConf) Init ¶ added in v0.14.1
func (cnf *ExploitConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
func (*ExploitConf) IsFetchViaHTTP ¶ added in v0.6.1
func (cnf *ExploitConf) IsFetchViaHTTP() bool
IsFetchViaHTTP returns wether fetch via http
type GitHubConf ¶ added in v0.6.3
type GitHubConf struct {
Token string `json:"-"`
}
GitHubConf is used for GitHub Security Alerts
type GoCveDictConf ¶ added in v0.5.0
type GoCveDictConf struct { // DB type of CVE dictionary (sqlite3, mysql, postgres or redis) Type string // http://cve-dictionary.com:1323 or DB connection string URL string `json:"-"` // /path/to/cve.sqlite3 SQLite3Path string `json:"-"` }
GoCveDictConf is go-cve-dictionary config
func (*GoCveDictConf) Init ¶ added in v0.14.1
func (cnf *GoCveDictConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
func (*GoCveDictConf) IsFetchViaHTTP ¶ added in v0.6.1
func (cnf *GoCveDictConf) IsFetchViaHTTP() bool
IsFetchViaHTTP returns wether fetch via http
type GostConf ¶ added in v0.5.0
type GostConf struct { // DB type for gost dictionary (sqlite3, mysql, postgres or redis) Type string // http://gost-dictionary.com:1324 or DB connection string URL string `json:"-"` // /path/to/gost.sqlite3 SQLite3Path string `json:"-"` }
GostConf is gost config
func (*GostConf) Init ¶ added in v0.14.1
func (cnf *GostConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
func (*GostConf) IsFetchViaHTTP ¶ added in v0.6.1
IsFetchViaHTTP returns wether fetch via http
type GovalDictConf ¶ added in v0.5.0
type GovalDictConf struct { // DB type of OVAL dictionary (sqlite3, mysql, postgres or redis) Type string // http://goval-dictionary.com:1324 or DB connection string URL string `json:"-"` // /path/to/oval.sqlite3 SQLite3Path string `json:"-"` }
GovalDictConf is goval-dictionary config
func (*GovalDictConf) Init ¶ added in v0.14.1
func (cnf *GovalDictConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
func (*GovalDictConf) IsFetchViaHTTP ¶ added in v0.6.1
func (cnf *GovalDictConf) IsFetchViaHTTP() bool
IsFetchViaHTTP returns wether fetch via http
type HTTPConf ¶ added in v0.5.0
type HTTPConf struct {
URL string `valid:"url" json:"-"`
}
HTTPConf is HTTP config
type IPS ¶ added in v0.8.3
type IPS string
IPS is
const ( // DeepSecurity is DeepSecurity IPS = "deepsecurity" )
type JSONLoader ¶
type JSONLoader struct { }
JSONLoader loads configuration
func (JSONLoader) Load ¶
func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error)
Load load the configuration JSON file specified by path arg.
type MetasploitConf ¶ added in v0.11.0
type MetasploitConf struct { // DB type for metasploit dictionary (sqlite3, mysql, postgres or redis) Type string // http://metasploit-dictionary.com:1324 or DB connection string URL string `json:"-"` // /path/to/metasploit.sqlite3 SQLite3Path string `json:"-"` }
MetasploitConf is metasploit config
func (*MetasploitConf) Init ¶ added in v0.14.1
func (cnf *MetasploitConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
func (*MetasploitConf) IsFetchViaHTTP ¶ added in v0.11.0
func (cnf *MetasploitConf) IsFetchViaHTTP() bool
IsFetchViaHTTP returns wether fetch via http
type SMTPConf ¶ added in v0.3.0
type SMTPConf struct { SMTPAddr string `toml:"smtpAddr,omitempty" json:"-"` SMTPPort string `toml:"smtpPort,omitempty" valid:"port" json:"-"` User string `toml:"user,omitempty" json:"-"` Password string `toml:"password,omitempty" json:"-"` From string `toml:"from,omitempty" json:"-"` To []string `toml:"to,omitempty" json:"-"` Cc []string `toml:"cc,omitempty" json:"-"` SubjectPrefix string `toml:"subjectPrefix,omitempty" json:"-"` }
SMTPConf is smtp config
type ScanMode ¶ added in v0.5.0
type ScanMode struct {
// contains filtered or unexported fields
}
ScanMode has a type of scan mode. fast, fast-root, deep and offline
func (ScanMode) IsFastRoot ¶ added in v0.5.0
IsFastRoot return whether scan mode is fastroot
type ScanModule ¶ added in v0.15.0
type ScanModule struct {
// contains filtered or unexported fields
}
ScanModule has a type of scan module
func (ScanModule) IsScanLockFile ¶ added in v0.15.0
func (s ScanModule) IsScanLockFile() bool
IsScanLockFile whether scanning lock file
func (ScanModule) IsScanOSPkg ¶ added in v0.15.0
func (s ScanModule) IsScanOSPkg() bool
IsScanOSPkg return whether scanning os pkg
func (ScanModule) IsScanPort ¶ added in v0.15.0
func (s ScanModule) IsScanPort() bool
IsScanPort whether scanning listening ports
func (ScanModule) IsScanWordPress ¶ added in v0.15.0
func (s ScanModule) IsScanWordPress() bool
IsScanWordPress return whether scanning wordpress
func (ScanModule) IsZero ¶ added in v0.15.0
func (s ScanModule) IsZero() bool
IsZero return the struct value are all false
type ServerInfo ¶
type ServerInfo struct { ServerName string `toml:"-" json:"serverName,omitempty"` User string `toml:"user,omitempty" json:"user,omitempty"` Host string `toml:"host,omitempty" json:"host,omitempty"` JumpServer []string `toml:"jumpServer,omitempty" json:"jumpServer,omitempty"` Port string `toml:"port,omitempty" json:"port,omitempty"` SSHConfigPath string `toml:"sshConfigPath,omitempty" json:"sshConfigPath,omitempty"` KeyPath string `toml:"keyPath,omitempty" json:"keyPath,omitempty"` KeyPassword string `json:"-" toml:"-"` CpeNames []string `toml:"cpeNames,omitempty" json:"cpeNames,omitempty"` ScanMode []string `toml:"scanMode,omitempty" json:"scanMode,omitempty"` ScanModules []string `toml:"scanModules,omitempty" json:"scanModules,omitempty"` OwaspDCXMLPath string `toml:"owaspDCXMLPath,omitempty" json:"owaspDCXMLPath,omitempty"` ContainersOnly bool `toml:"containersOnly,omitempty" json:"containersOnly,omitempty"` ContainersIncluded []string `toml:"containersIncluded,omitempty" json:"containersIncluded,omitempty"` ContainersExcluded []string `toml:"containersExcluded,omitempty" json:"containersExcluded,omitempty"` ContainerType string `toml:"containerType,omitempty" json:"containerType,omitempty"` Containers map[string]ContainerSetting `toml:"containers,omitempty" json:"containers,omitempty"` IgnoreCves []string `toml:"ignoreCves,omitempty" json:"ignoreCves,omitempty"` IgnorePkgsRegexp []string `toml:"ignorePkgsRegexp,omitempty" json:"ignorePkgsRegexp,omitempty"` GitHubRepos map[string]GitHubConf `toml:"githubs" json:"githubs,omitempty"` // key: owner/repo UUIDs map[string]string `toml:"uuids,omitempty" json:"uuids,omitempty"` Memo string `toml:"memo,omitempty" json:"memo,omitempty"` Enablerepo []string `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, RHEL, Amazon Optional map[string]interface{} `toml:"optional,omitempty" json:"optional,omitempty"` // Optional key-value set that will be outputted to JSON Lockfiles []string `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"` // ie) path/to/package-lock.json FindLock bool `toml:"findLock,omitempty" json:"findLock,omitempty"` Type string `toml:"type,omitempty" json:"type,omitempty"` // "pseudo" or "" IgnoredJSONKeys []string `toml:"ignoredJSONKeys,omitempty" json:"ignoredJSONKeys,omitempty"` IPv4Addrs []string `toml:"-" json:"ipv4Addrs,omitempty"` IPv6Addrs []string `toml:"-" json:"ipv6Addrs,omitempty"` IPSIdentifiers map[IPS]string `toml:"-" json:"ipsIdentifiers,omitempty"` WordPress *WordPressConf `toml:"wordpress,omitempty" json:"wordpress,omitempty"` // internal use LogMsgAnsiColor string `toml:"-" json:"-"` // DebugLog Color Container Container `toml:"-" json:"-"` Distro Distro `toml:"-" json:"-"` Mode ScanMode `toml:"-" json:"-"` Module ScanModule `toml:"-" json:"-"` }
ServerInfo has SSH Info, additional CPE packages to scan.
func (ServerInfo) GetServerName ¶ added in v0.1.7
func (s ServerInfo) GetServerName() string
GetServerName returns ServerName if this serverInfo is about host. If this serverInfo is about a container, returns containerID@ServerName
func (ServerInfo) IsContainer ¶ added in v0.1.4
func (s ServerInfo) IsContainer() bool
IsContainer returns whether this ServerInfo is about container
func (*ServerInfo) SetContainer ¶ added in v0.1.4
func (s *ServerInfo) SetContainer(d Container)
SetContainer set container
type SlackConf ¶
type SlackConf struct { HookURL string `valid:"url" json:"-" toml:"hookURL,omitempty"` LegacyToken string `json:"-" toml:"legacyToken,omitempty"` Channel string `json:"-" toml:"channel,omitempty"` IconEmoji string `json:"-" toml:"iconEmoji,omitempty"` AuthUser string `json:"-" toml:"authUser,omitempty"` NotifyUsers []string `toml:"notifyUsers,omitempty" json:"-"` Text string `json:"-"` }
SlackConf is slack config
type SyslogConf ¶ added in v0.5.0
type SyslogConf struct { Protocol string `json:"-"` Host string `valid:"host" json:"-"` Port string `valid:"port" json:"-"` Severity string `json:"-"` Facility string `json:"-"` Tag string `json:"-"` Verbose bool `json:"-"` }
SyslogConf is syslog config
func (*SyslogConf) GetFacility ¶ added in v0.5.0
func (c *SyslogConf) GetFacility() (syslog.Priority, error)
GetFacility gets facility
func (*SyslogConf) GetSeverity ¶ added in v0.5.0
func (c *SyslogConf) GetSeverity() (syslog.Priority, error)
GetSeverity gets severity
func (*SyslogConf) Validate ¶ added in v0.5.0
func (c *SyslogConf) Validate() (errs []error)
Validate validates configuration
type TOMLLoader ¶
type TOMLLoader struct { }
TOMLLoader loads config
func (TOMLLoader) Load ¶
func (c TOMLLoader) Load(pathToToml, keyPass string) error
Load load the configuration TOML file specified by path arg.
type TelegramConf ¶ added in v0.6.2
TelegramConf is Telegram config
func (*TelegramConf) Validate ¶ added in v0.6.2
func (c *TelegramConf) Validate() (errs []error)
Validate validates configuration
type WordPressConf ¶ added in v0.7.0
type WordPressConf struct { OSUser string `toml:"osUser,omitempty" json:"osUser,omitempty"` DocRoot string `toml:"docRoot,omitempty" json:"docRoot,omitempty"` CmdPath string `toml:"cmdPath,omitempty" json:"cmdPath,omitempty"` }
WordPressConf used for WordPress Scanning
func (WordPressConf) IsZero ¶ added in v0.15.0
func (cnf WordPressConf) IsZero() bool
IsZero return whether this struct is not specified in config.toml
type WpScanConf ¶ added in v0.15.0
type WpScanConf struct { Token string `toml:"Token,omitempty" json:"-"` DetectInactive bool `toml:"detectInactive,omitempty" json:"detectInactive,omitempty"` }
WpScanConf is wpscan.com config