VulsRepo is visualized based on the json report output in vuls.
http://usiusi360.github.io/vulsrepo/
A home folder of vuls is explained as /opt/vuls.
$ vuls scan
$ vuls report -to-localfile -format-json --cvedb-path=/opt/vuls/cve.sqlite3
Output to a JSON files (/opt/vuls/results/current)
Apache HTTP Server is mentioned as installed one.
2 ways to setup.
From now on , executed by a user running the vuls scan.
zip is downloaded and developed in a home folder of http server.
$ wget https://github.com/usiusi360/vulsrepo/archive/master.zip
$ unzip master.zip
$ sudo cp -Rp ./vulsrepo-master /var/www/html/vulsrepo
$ cd /var/www/html
$ sudo git clone https://github.com/usiusi360/vulsrepo.git
Set to the same user as the user to run the vuls scan.
$ vi httpd.conf
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
-User apache
-Group apache
+User vuls
+Group vuls
- Copy the sample configuration file for apache configuration folder.
- vulsrepo/dist/cgi/vulsrepo.conf.sample
- Install library for perl. (CGI.pm/JSON.pm)
-
In the case of RHEL or CentOS
- Install perl-CGI and perl-JSON with the yum.
-
In the case of Debian or Ubuntu.
- Install libcgi-pm-perl and libjson-perl with the apt-get.
- Enabling module cgid.(a2enmod cgid)
- Restart http server
$ cd /var/www/html/vulsrepo/
$ ln -s <VulsHome>/results results
Access the browser
http://VulsServer/vulsrepo/
- Detail screen of CVE-ID
| Setting Name | |
|---|---|
| The look-ahead check the URL | Prefetch Link's URL destination and check whether the page exists |
| Show / Hide the Tab | Toggle display of NVD / JVN tab |
- Pivot Table
| Setting Name | |
|---|---|
| Show / Hide the Item | Set items not to be displayed on pivot table. Since the data of Summary is very large, it turns OFF when the number of vulnerabilities is large and an error occurs. |
| Priority | Set the data to be displayed with priority in the pivot table.The default is NVD data. |
- How to share pivot settings with others
- Click the link display button on the upper right.
- Click the copy button to clickboard.
- Pass the copied URL to another person.
- When you access the URL in the browser and select the file, the pivot is displayed with the same setting.
- Why does not Total of Vuls and VulsRepo result match ?
Vuls aggregates the number of CveIDs included in the host. However, VulsRepo counts Packages related to CveID as one case. If more than one package is associated with one CveID, Total will increase more than Vuls.
