Vulnerability Management with Vulners Agents

Vulners Team have recently released a new functionality for Linux vulnerability audit – Agent Scans. It’s not an API that you have to use somehow in your own scripts, but a complete enterprise ready product.

IP Summary

Try it for free! To audit CentOS 7 with Vulners Agents server you need to make this steps:

  1. Add Vulners repostory repository. Create /etc/yum.repos.d/vulners.repo file:
    [vulners]
    name=Vulners Agent
    baseurl=https://repo.vulners.com/redhat/el$releasever/
    enabled=1
    gpgcheck=0
  2. Install Vulners agent
    yum install vulners-agent.noarch
  3. Get an API key

    You will get key like “HXKM3OMDIYGJLJ60MPM1X51AKC3XTD9Z28J78X12T2OC2MXSTKMMBN70EBBIQUAA”

  4. Add key to /opt/vulners/conf/vulners.conf
  5. Wait for two hours or run /opt/vulners/agent.py manually
  6. Go to https://vulners.com/audit and see the results:

Continue reading “Vulnerability Management with Vulners Agents”

Advertisements

Linux Vulnerability Audit in Vulners

Since Vulners.com stores formalized security bulletins for all major Linux-distributions, it was logical decision to make a vulnerability assessment service. It takes informations about OS and installed packaged and returns list of vulnerabilities. Like regular vulnerability scanners do, but way more effective and for free.

Audit interface

Currently Vulners provides web-interface, which you can use to check your server, API for automation and PoC of agent for future cloud vulnerability management solutions. The following Linux distributions are supported: RedHat, CentOS, Fedora, Oracle Linux, Ubuntu, Debian.
Continue reading “Linux Vulnerability Audit in Vulners”

Vulners API update: download database in one click

Vulners development team added a new call to Vulners API v.3, which provides an easy way to export collections of security bulletins.

For example, to download all CVEs you need to

wget “https://vulners.com/api/v3/archive/collection/?type=cve” -O cve.zip

The result will be cve.zip with cve.json inside.

The same file can be downloaded with GUI at Stats tab

Vulners Stats

Moreover, with new API call you can download security bulletins for a particular OS version:

wget “https://vulners.com/api/v3/archive/distributive/?os=centos&version=6” -O centos.zip

It makes possible to get the data, which you won’t find anywhere else: the archives of exploits, hackerone history, all CentOS vulnerabilities, etc. This functionality might be useful if you want to make your own tools and data synchronization, if you already use some knowledge base.

No problem if you forgot “type” values. Just enter a nonexistent type, and you get a full list of available values:

https://vulners.com/api/v3/archive/collection/?type=FAKE

“Error”: “There is no type ‘FAKE’ Available collection types:. [ ‘Nessus’, ‘cve’, ‘exploitdb’, ‘xssed’, ‘zdt’, ‘hackapp’, ‘threatpost’, ‘redhat’, ‘debian’, ‘ubuntu’, ‘cert’, ‘metasploit’, ‘freebsd’, ‘zdi’, ‘oraclelinux’, ‘suse’, ‘centos’,’ cisco ‘,’ hackerone ‘,’ vulnerlab ‘,’ f5 ‘,’ mozilla ‘,’ ics’, ‘archlinux’, ‘ptsecurity’, ‘rdot’, ‘erpscan’, ‘huawei’, ‘xen’, ‘openssl’, ‘opera’, ‘vmware’, ‘wpvulndb’, ‘samba’, ‘postgresql’, ‘drupal’, ‘lenovo’, ‘msvr’, ‘paloalto’, ‘nginx’] “

It is also possible to obtain these results through the search queries. Unfortunately now it was not so easy, the maximum size for a single request is reduced from 10 000 to 500. It’s a forced measure, since the load on a server and the traffic volumes increased significantly.

Now we have a separation: search for the search, and archive/collection for content export.

Vulners API v.3 released

Vulners development team has released a major update for Vulners API. Automate your routine operations with vulners.com database easier and effectively than ever.

What’s new:

  • The most of Vulners API v.3 request are now use Get
  • New “search/id” request to view content of the bulletin by identifier
  • Requests for searching or viewing the content by id now support option “references = true”, which adds referenced objects to the results
  • Json output is now pretty-printed by default

All API methods: https://vulners.com/api/v3/
“Validateparam” contains all input parameters and types:

"lucene": [
        {
          "requireparam": {
            "parameters": [
              "query"
            ]
          }
        },
        {
          "validateparam": {
            "parameters": [
              {
                "skip": "int",
                "query": "str",
                "size": "int",
                "sort": "str"
              }
            ]
          }
        }
      ],

Examples:

Available fields and values: https://vulners.com/api/v3/search/suggest/?type=distinct&fieldName=type

{
  "data": [
    "nessus",
    "cve",
    "exploitdb",
    "xssed",
    "zdt",
...
    "lenovo",
    "msvr",
    "paloalto",
    "nginx"
  ],
  "result": "OK"
}

Vulners.com search query speed remains extremely high:

$ curl "https://vulners.com/api/v3/search/lucene/?query=type:centos&size=3&skip=2&references=true" -w %{time_connect}:%{time_starttransfer}:%{time_total}
...
],
"result": "OK"
}0,000:0,144:0,204

Average execution time is 35-45ms