Choices and features of scan methods

FutureVuls has multiple scan methods for each scan target.

Here are the options and their features:

Scan Linux host OS

When the scan target is connected to the Internet

If the scan result JSON can be uploaded from the scan target server to FutureVuls, it is recommended to use Scan Linux with scanner which can automatically reflect configuration information in FutureVuls at the time of package update.

  • Local scan
    • A method of installing a scanner on each server to be scanned
    • Pros
      • Easy installation (complete with just one command)
      • Can also obtain information about relevant processes.
      • Automatically reflected on the screen even if the configuration information changes due to updates, etc.
      • Scanner program is automatically updated
    • Considerations
      • Can the scanner program be placed on the server?
  • Remote scan via SSH
    • A method of scanning via SSH from a scanner installed in the scan target network to the scan target server
    • Pros
      • Can also obtain information about relevant processes.
      • Automatically reflected on the screen even if the configuration information changes due to updates, etc.
      • OK even if the scanner program cannot be placed on the server
      • Can scan servers that can be reached via SSH from the scanner by using SSH tunnels, etc.
      • CIDR range can be specified to scan servers in a network all at once
    • Considerations
      • More difficult to set up than local scan (definition required in configuration file)

When the scan target is on a closed network

  • Paste scan
    • Pros
      • Detect CVE by copying and pasting a list of packages on FutureVuls screen
      • Detect servers in closed network (air gap environment)
      • No need for a scanner program on the managed server
    • Considerations
      • Need to update the package list on the screen when the configuration information changes due to updates, etc.
      • Less information can be obtained than from the scanner
        • Process information (port listening information) cannot be obtained

Scan Windows

  • When connected to Internet Windows Update
  • When under WSUS control
  • Remote scan via SSH
    • A method of scanning via SSH from a scanner installed in the scan target network to the scan target server
    • Pros
      • Can also obtain information about relevant processes.
      • Automatically reflected on the screen even if the configuration information changes due to updates, etc.
      • OK even if the scanner program cannot be placed on the server
      • Can scan servers that can be reached via SSH from the scanner by using SSH tunnels, etc.
      • CIDR range can be specified to scan servers in a network all at once
    • Considerations
      • More difficult to set up than local scan (definition required in configuration file)

Scan Containers

  • Scan container images

Scan Application Dependency Libraries

This is a method for detecting vulnerabilities in OSS libraries that frameworks such as Java and Python and web applications depend on internally. Refer to Supported Environments for a list of supported languages and lockfiles.

Scanning for paid middleware or self-compiled software

  • CPE scanning
    • Middleware not covered by OS package management (e.g., Tomcat, Oracle), compiled software, Japanese software, network equipment OS such as CISCO IOS, etc.

Scanning WordPress plugins and themes