Documentation ¶
Index ¶
- Constants
- Variables
- func Load(path, keyPass string) error
- type AWSConf
- type AzureConf
- type ChatWorkConf
- type Config
- type Container
- type ContainerSetting
- type Distro
- type EOL
- type ExploitConf
- type GitHubConf
- type GoCveDictConf
- type GostConf
- type GovalDictConf
- type HTTPConf
- type JSONLoader
- type Loader
- type MetasploitConf
- type ReportConf
- type ReportOpts
- type SMTPConf
- type SaasConf
- type ScanMode
- type ScanModule
- type ScanOpts
- type ServerInfo
- type SlackConf
- type SyslogConf
- type TOMLLoader
- type TelegramConf
- type VulnDict
- func (cnf VulnDict) CheckHTTPHealth() error
- func (cnf VulnDict) GetDebugSQL() bool
- func (cnf VulnDict) GetName() string
- func (cnf VulnDict) GetSQLite3Path() string
- func (cnf VulnDict) GetType() string
- func (cnf VulnDict) GetURL() string
- func (cnf VulnDict) Init()
- func (cnf VulnDict) IsFetchViaHTTP() bool
- func (cnf VulnDict) Validate() error
- type VulnDictInterface
- type WordPressConf
- type WpScanConf
Constants ¶
const ( // Fast is fast scan mode Fast = byte(1 << iota) // FastRoot is scanmode FastRoot // Deep is scanmode Deep // Offline is scanmode Offline )
const ( // OSPkg is scanmodule OSPkg = byte(1 << iota) // WordPress is scanmodule WordPress // Lockfile is scanmodule Lockfile // Port is scanmodule Port )
Variables ¶
var ( // Colors has ansi color list Colors = []string{ "\033[32m", "\033[33m", "\033[36m", "\033[35m", "\033[31m", "\033[34m", } // ResetColor is reset color ResetColor = "\033[0m" )
var Revision string
Revision of Git
var Version = "`make build` or `make install` will show the version"
Version of Vuls
Functions ¶
Types ¶
type AWSConf ¶ added in v0.15.0
type AWSConf struct { // AWS profile to use Profile string `json:"profile"` // AWS region to use Region string `json:"region"` // S3 bucket name S3Bucket string `json:"s3Bucket"` // /bucket/path/to/results S3ResultsDir string `json:"s3ResultsDir"` // The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms). S3ServerSideEncryption string `json:"s3ServerSideEncryption"` Enabled bool `toml:"-" json:"-"` }
AWSConf is aws config
type AzureConf ¶ added in v0.15.0
type AzureConf struct { // Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified AccountName string `json:"accountName"` // Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified AccountKey string `json:"-"` // Azure storage container name ContainerName string `json:"containerName"` Enabled bool `toml:"-" json:"-"` }
AzureConf is azure config
type ChatWorkConf ¶ added in v0.5.0
type ChatWorkConf struct { APIToken string `json:"-"` Room string `json:"-"` Enabled bool `toml:"-" json:"-"` }
ChatWorkConf is ChatWork config
func (*ChatWorkConf) Validate ¶ added in v0.5.0
func (c *ChatWorkConf) Validate() (errs []error)
Validate validates configuration
type Config ¶
type Config struct { logging.LogOpts // scan, report HTTPProxy string `valid:"url" json:"httpProxy,omitempty"` ResultsDir string `json:"resultsDir,omitempty"` Pipe bool `json:"pipe,omitempty"` Default ServerInfo `json:"default,omitempty"` Servers map[string]ServerInfo `json:"servers,omitempty"` ScanOpts // report CveDict GoCveDictConf `json:"cveDict,omitempty"` OvalDict GovalDictConf `json:"ovalDict,omitempty"` Gost GostConf `json:"gost,omitempty"` Exploit ExploitConf `json:"exploit,omitempty"` Metasploit MetasploitConf `json:"metasploit,omitempty"` Slack SlackConf `json:"-"` EMail SMTPConf `json:"-"` HTTP HTTPConf `json:"-"` Syslog SyslogConf `json:"-"` AWS AWSConf `json:"-"` Azure AzureConf `json:"-"` ChatWork ChatWorkConf `json:"-"` Telegram TelegramConf `json:"-"` WpScan WpScanConf `json:"-"` Saas SaasConf `json:"-"` ReportOpts }
Config is struct of Configuration
var Conf Config
Conf has Configuration
func (Config) ValidateOnConfigtest ¶ added in v0.2.0
ValidateOnConfigtest validates
func (*Config) ValidateOnReport ¶ added in v0.2.0
ValidateOnReport validates configuration
func (Config) ValidateOnSaaS ¶ added in v0.15.0
ValidateOnSaaS validates configuration
func (Config) ValidateOnScan ¶ added in v0.2.0
ValidateOnScan validates configuration
type ContainerSetting ¶ added in v0.5.0
type ContainerSetting struct { Cpes []string `json:"cpes,omitempty"` OwaspDCXMLPath string `json:"owaspDCXMLPath,omitempty"` IgnorePkgsRegexp []string `json:"ignorePkgsRegexp,omitempty"` IgnoreCves []string `json:"ignoreCves,omitempty"` }
ContainerSetting is used for loading container setting in config.toml
type Distro ¶ added in v0.1.6
Distro has distribution info
func (Distro) MajorVersion ¶ added in v0.3.0
MajorVersion returns Major version
type EOL ¶ added in v0.15.0
EOL has End-of-Life information
func GetEOL ¶ added in v0.15.0
GetEOL return EOL information for the OS-release passed by args https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/redhat/redhat.go#L20
func (EOL) IsExtendedSuppportEnded ¶ added in v0.15.0
IsExtendedSuppportEnded checks now is under extended support
type ExploitConf ¶ added in v0.6.0
type ExploitConf struct {
VulnDict
}
ExploitConf is exploit config
func (*ExploitConf) Init ¶ added in v0.14.1
func (cnf *ExploitConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type GitHubConf ¶ added in v0.6.3
type GitHubConf struct {
Token string `json:"-"`
}
GitHubConf is used for GitHub Security Alerts
type GoCveDictConf ¶ added in v0.5.0
type GoCveDictConf struct {
VulnDict
}
GoCveDictConf is GoCveDict config
func (*GoCveDictConf) Init ¶ added in v0.14.1
func (cnf *GoCveDictConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type GovalDictConf ¶ added in v0.5.0
type GovalDictConf struct {
VulnDict
}
GovalDictConf is goval-dictionary config
func (*GovalDictConf) Init ¶ added in v0.14.1
func (cnf *GovalDictConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type JSONLoader ¶
type JSONLoader struct { }
JSONLoader loads configuration
func (JSONLoader) Load ¶
func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error)
Load load the configuration JSON file specified by path arg.
type MetasploitConf ¶ added in v0.11.0
type MetasploitConf struct {
VulnDict
}
MetasploitConf is gost go-metasploitdb
func (*MetasploitConf) Init ¶ added in v0.14.1
func (cnf *MetasploitConf) Init()
Init set options with the following priority. 1. Environment variable 2. config.toml
type ReportConf ¶ added in v0.15.10
type ReportConf interface {
Validate() []error
}
ReportConf is an interface to Validate Report Config
type ReportOpts ¶ added in v0.15.10
type ReportOpts struct { // refactored CvssScoreOver float64 `json:"cvssScoreOver,omitempty"` TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"` NoProgress bool `json:"noProgress,omitempty"` RefreshCve bool `json:"refreshCve,omitempty"` IgnoreUnfixed bool `json:"ignoreUnfixed,omitempty"` IgnoreUnscoredCves bool `json:"ignoreUnscoredCves,omitempty"` DiffPlus bool `json:"diffPlus,omitempty"` DiffMinus bool `json:"diffMinus,omitempty"` Diff bool `json:"diff,omitempty"` Lang string `json:"lang,omitempty"` //TODO move to GitHubConf IgnoreGitHubDismissed bool `json:"ignore_git_hub_dismissed,omitempty"` }
ReportOpts is options for report
type SMTPConf ¶ added in v0.3.0
type SMTPConf struct { SMTPAddr string `toml:"smtpAddr,omitempty" json:"-"` SMTPPort string `toml:"smtpPort,omitempty" valid:"port" json:"-"` User string `toml:"user,omitempty" json:"-"` Password string `toml:"password,omitempty" json:"-"` From string `toml:"from,omitempty" json:"-"` To []string `toml:"to,omitempty" json:"-"` Cc []string `toml:"cc,omitempty" json:"-"` SubjectPrefix string `toml:"subjectPrefix,omitempty" json:"-"` Enabled bool `toml:"-" json:"-"` }
SMTPConf is smtp config
type ScanMode ¶ added in v0.5.0
type ScanMode struct {
// contains filtered or unexported fields
}
ScanMode has a type of scan mode. fast, fast-root, deep and offline
func (ScanMode) IsFastRoot ¶ added in v0.5.0
IsFastRoot return whether scan mode is fastroot
type ScanModule ¶ added in v0.15.0
type ScanModule struct {
// contains filtered or unexported fields
}
ScanModule has a type of scan module
func (ScanModule) IsScanLockFile ¶ added in v0.15.0
func (s ScanModule) IsScanLockFile() bool
IsScanLockFile whether scanning lock file
func (ScanModule) IsScanOSPkg ¶ added in v0.15.0
func (s ScanModule) IsScanOSPkg() bool
IsScanOSPkg return whether scanning os pkg
func (ScanModule) IsScanPort ¶ added in v0.15.0
func (s ScanModule) IsScanPort() bool
IsScanPort whether scanning listening ports
func (ScanModule) IsScanWordPress ¶ added in v0.15.0
func (s ScanModule) IsScanWordPress() bool
IsScanWordPress return whether scanning wordpress
func (ScanModule) IsZero ¶ added in v0.15.0
func (s ScanModule) IsZero() bool
IsZero return the struct value are all false
type ScanOpts ¶ added in v0.15.10
type ScanOpts struct {
Vvv bool `json:"vvv,omitempty"`
}
ScanOpts is options for scan
type ServerInfo ¶
type ServerInfo struct { ServerName string `toml:"-" json:"serverName,omitempty"` User string `toml:"user,omitempty" json:"user,omitempty"` Host string `toml:"host,omitempty" json:"host,omitempty"` JumpServer []string `toml:"jumpServer,omitempty" json:"jumpServer,omitempty"` Port string `toml:"port,omitempty" json:"port,omitempty"` SSHConfigPath string `toml:"sshConfigPath,omitempty" json:"sshConfigPath,omitempty"` KeyPath string `toml:"keyPath,omitempty" json:"keyPath,omitempty"` CpeNames []string `toml:"cpeNames,omitempty" json:"cpeNames,omitempty"` ScanMode []string `toml:"scanMode,omitempty" json:"scanMode,omitempty"` ScanModules []string `toml:"scanModules,omitempty" json:"scanModules,omitempty"` OwaspDCXMLPath string `toml:"owaspDCXMLPath,omitempty" json:"owaspDCXMLPath,omitempty"` ContainersOnly bool `toml:"containersOnly,omitempty" json:"containersOnly,omitempty"` ContainersIncluded []string `toml:"containersIncluded,omitempty" json:"containersIncluded,omitempty"` ContainersExcluded []string `toml:"containersExcluded,omitempty" json:"containersExcluded,omitempty"` ContainerType string `toml:"containerType,omitempty" json:"containerType,omitempty"` Containers map[string]ContainerSetting `toml:"containers,omitempty" json:"containers,omitempty"` IgnoreCves []string `toml:"ignoreCves,omitempty" json:"ignoreCves,omitempty"` IgnorePkgsRegexp []string `toml:"ignorePkgsRegexp,omitempty" json:"ignorePkgsRegexp,omitempty"` GitHubRepos map[string]GitHubConf `toml:"githubs" json:"githubs,omitempty"` // key: owner/repo UUIDs map[string]string `toml:"uuids,omitempty" json:"uuids,omitempty"` Memo string `toml:"memo,omitempty" json:"memo,omitempty"` Enablerepo []string `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, RHEL, Amazon Optional map[string]interface{} `toml:"optional,omitempty" json:"optional,omitempty"` // Optional key-value set that will be outputted to JSON Lockfiles []string `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"` // ie) path/to/package-lock.json FindLock bool `toml:"findLock,omitempty" json:"findLock,omitempty"` Type string `toml:"type,omitempty" json:"type,omitempty"` // "pseudo" or "" IgnoredJSONKeys []string `toml:"ignoredJSONKeys,omitempty" json:"ignoredJSONKeys,omitempty"` IPv4Addrs []string `toml:"-" json:"ipv4Addrs,omitempty"` IPv6Addrs []string `toml:"-" json:"ipv6Addrs,omitempty"` IPSIdentifiers map[string]string `toml:"-" json:"ipsIdentifiers,omitempty"` WordPress *WordPressConf `toml:"wordpress,omitempty" json:"wordpress,omitempty"` // internal use LogMsgAnsiColor string `toml:"-" json:"-"` // DebugLog Color Container Container `toml:"-" json:"-"` Distro Distro `toml:"-" json:"-"` Mode ScanMode `toml:"-" json:"-"` Module ScanModule `toml:"-" json:"-"` }
ServerInfo has SSH Info, additional CPE packages to scan.
func (ServerInfo) GetServerName ¶ added in v0.1.7
func (s ServerInfo) GetServerName() string
GetServerName returns ServerName if this serverInfo is about host. If this serverInfo is about a container, returns containerID@ServerName
func (ServerInfo) IsContainer ¶ added in v0.1.4
func (s ServerInfo) IsContainer() bool
IsContainer returns whether this ServerInfo is about container
func (*ServerInfo) SetContainer ¶ added in v0.1.4
func (s *ServerInfo) SetContainer(d Container)
SetContainer set container
type SlackConf ¶
type SlackConf struct { HookURL string `valid:"url" json:"-" toml:"hookURL,omitempty"` LegacyToken string `json:"-" toml:"legacyToken,omitempty"` Channel string `json:"-" toml:"channel,omitempty"` IconEmoji string `json:"-" toml:"iconEmoji,omitempty"` AuthUser string `json:"-" toml:"authUser,omitempty"` NotifyUsers []string `toml:"notifyUsers,omitempty" json:"-"` Text string `json:"-"` Enabled bool `toml:"-" json:"-"` }
SlackConf is slack config
type SyslogConf ¶ added in v0.5.0
type SyslogConf struct { Protocol string `json:"-"` Host string `valid:"host" json:"-"` Port string `valid:"port" json:"-"` Severity string `json:"-"` Facility string `json:"-"` Tag string `json:"-"` Verbose bool `json:"-"` Enabled bool `toml:"-" json:"-"` }
SyslogConf is syslog config
func (*SyslogConf) GetFacility ¶ added in v0.5.0
func (c *SyslogConf) GetFacility() (syslog.Priority, error)
GetFacility gets facility
func (*SyslogConf) GetSeverity ¶ added in v0.5.0
func (c *SyslogConf) GetSeverity() (syslog.Priority, error)
GetSeverity gets severity
func (*SyslogConf) Validate ¶ added in v0.5.0
func (c *SyslogConf) Validate() (errs []error)
Validate validates configuration
type TOMLLoader ¶
type TOMLLoader struct { }
TOMLLoader loads config
func (TOMLLoader) Load ¶
func (c TOMLLoader) Load(pathToToml, keyPass string) error
Load load the configuration TOML file specified by path arg.
type TelegramConf ¶ added in v0.6.2
type TelegramConf struct { Token string `json:"-"` ChatID string `json:"-"` Enabled bool `toml:"-" json:"-"` }
TelegramConf is Telegram config
func (*TelegramConf) Validate ¶ added in v0.6.2
func (c *TelegramConf) Validate() (errs []error)
Validate validates configuration
type VulnDict ¶ added in v0.15.10
type VulnDict struct { Name string // DB type of CVE dictionary (sqlite3, mysql, postgres or redis) Type string // http://cve-dictionary.com:1323 or DB connection string URL string `json:"-"` // /path/to/cve.sqlite3 SQLite3Path string DebugSQL bool }
VulnDict is a base struct of vuln dicts
func (VulnDict) CheckHTTPHealth ¶ added in v0.15.10
CheckHTTPHealth checks http server status
func (VulnDict) GetDebugSQL ¶ added in v0.15.10
GetDebugSQL return debugSQL flag
func (VulnDict) GetSQLite3Path ¶ added in v0.15.10
GetSQLite3Path return the path of SQLite3
func (VulnDict) IsFetchViaHTTP ¶ added in v0.15.10
IsFetchViaHTTP returns if fetch via HTTP
type VulnDictInterface ¶ added in v0.15.10
type VulnDictInterface interface { Init() Validate() error IsFetchViaHTTP() bool CheckHTTPHealth() error GetName() string GetType() string GetURL() string GetSQLite3Path() string GetDebugSQL() bool }
VulnDictInterface is an interface of vulnsrc
type WordPressConf ¶ added in v0.7.0
type WordPressConf struct { OSUser string `toml:"osUser,omitempty" json:"osUser,omitempty"` DocRoot string `toml:"docRoot,omitempty" json:"docRoot,omitempty"` CmdPath string `toml:"cmdPath,omitempty" json:"cmdPath,omitempty"` }
WordPressConf used for WordPress Scanning
func (WordPressConf) IsZero ¶ added in v0.15.0
func (cnf WordPressConf) IsZero() bool
IsZero return whether this struct is not specified in config.toml
type WpScanConf ¶ added in v0.15.0
type WpScanConf struct { Token string `toml:"token,omitempty" json:"-"` DetectInactive bool `toml:"detectInactive,omitempty" json:"detectInactive,omitempty"` }
WpScanConf is wpscan.com config