By registering CPE (Common Platform Enumeration) with FutureVuls, vulnerabilities other than OS packages can be detected.
For an explanation of CPE, please refer to IPA overview of CPE.
Two types of CPE are defined:
The URI format is called version 2.2, and the Formatted String format is called version 2.3. The amount of information displayed does not change, only the display format differs. FutureVuls can register both URI and Formatted String formats, but only the URI format is displayed.
By using CPE, vulnerabilities in software other than package managers can be detected. For example, the following vulnerabilities can be detected:
It is also possible to do the following, but methods other than CPE scanning are recommended:
The main vulnerability DB used for CPE scanning is NVD.
It is possible to detect vulnerabilities in Japanese-made software that are not defined in JVN, but there is a possibility of false positives. For details, please refer to Detecting vulnerabilities in Japanese-made software with JVN.
For software under package manager management, it is recommended to use scanner-based scanning instead of CPE scanning. For details, please refer to FAQ/CPE Scan.
The detection process for CPE scanning is shown in detail below.
CPE can be registered from
Registering CPE alone does not result in vulnerability detection. The detection process is executed when the server associated with the CPE is scanned.
Currently, there are five ways to register CPE.
Register CPE by selecting from pull-down for part and vendor.
The CPE candidates that appear in the pull-down are obtained from the NVD database. If no candidate is found in the pull-down, you can also register it manually.
If you know the format of the CPE, you can register it by pasting the CPE name.
If you are using OWASP Dependency Check, you can register the detected libraries all at once by using the outputted XML.
Please confirm again and register the CPE with low reliability.
If you have multiple CPEs to register, you can paste them in free text and register them.
You can register CPEs from your own program via REST API. See documentation for details.
From acquiring the CPEs of the software used by your network devices to registering them in FutureVuls, you can use commands to do so for each network at once.
It is also recommended that you use cron or other means to execute this process on a regular basis.
Please also refer to the README for detailed usage of the command
There are three commands to use.
You can manage CPE information on a per-network basis by running them in sequence.
git clone https://github.com/future-architect/vuls.git cd vuls make build-snmp2cpe make build-future-vuls
$ ./future-vuls discover -h discover hosts with CIDR range. The default outputFile is ./discover_list.toml Usage: future-vuls discover --cidr <CIDR Range> --output <Output_File> [flags] Examples: future-vuls discover --cidr 192.168.0.0/24 --output discover_list.toml Flags: --cidr string cidr range -h, --help help for discover --output string output file
$ ./future-vuls discover --cidr 192.168.0.0/24 Discovering 192.168.0.0/24... New host found 192.168.0.1 New host found 192.168.0.4 New host found 192.168.0.8 Successfully wrote to ./discover_list.toml
Examples of generated toml file
["192.168.0.1"] ip = "192.168.0.1" uuid = "" fvuls_sync = false ["192.168.0.4"] ip = "192.168.0.4" uuid = "" fvuls_sync = false ["192.168.0.8"] ip = "192.168.0.8" uuid = "" fvuls_sync = false
truefor the host you want to register.
pseudo serveris then appended to the toml file, and the next time it is run, it will register hosts that have not yet been registered
Fvuls_sync = trueand satisfy
uuid = "".
$ ./future-vuls add-server -h Register hosts for Fvuls as a pseudo server. The default outputFile is ./discover_list.toml Usage: future-vuls add-server --token <VULS_TOKEN> --output <Output_File> [flags] Examples: future-vuls add-server --token <VULS_TOKEN> --output ./discover_list.toml Flags: -h, --help help for add-server --output string output file -t, --token string future vuls token ENV: VULS_TOKEN --url string future vuls upload url ENV: VULS_URL
$ ./future-vuls add-server --url "https://rest.vuls.biz/v1" --token <VULS_TOKEN> 192.168.0.2: Adding to Fvuls server... 192.168.0.2: Done. Successfully wrote to ./discover_list.toml
$ ./future-vuls add-cpe -h scan device CPE and upload to Fvuls. The default outputFile is ./discover_list.toml Usage: future-vuls add-cpe --token <VULS_TOKEN> --output <Output_File> [flags] Examples: future-vuls add-cpe --token <VULS_TOKEN> Flags: -h, --help help for add-cpe --output string output file --snmpVersion string snmp version v1,v2c and v3. default: v2c -t, --token string future vuls token ENV: VULS_TOKEN --url string future vuls upload url ENV: VULS_URL
$ ./future-vuls add-cpe --token <VULS_TOKEN> --url "https://rest.vuls.biz/v1" Uploading CPE to https://rest.vuls.biz/v1/pkgCpe/cpe... 192.168.0.2: Done. 192.168.0.2: Found new cpe: cpe:2.3:h:fortinet:fortigate-50e:-:*:*:*:*:*:*:* 192.168.0.2: Found new cpe: cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:* 192.168.0.2: Upload CPE... 192.168.0.2: Done. 192.168.0.2: Successfully uploaded 2 cpes to Fvuls.
For example, if you want to scan the firmware of a network device for CPEs, you can add a
Pseudo Server as an empty server and register the CPEs.
You can create a Pseudo Server from the
Add Server on the server list. Once created, you can register CPEs from software like a normal server.
Please note that Pseudo Servers are also calculated as one server for pricing purposes, like scan servers.
After registering CPEs, you can perform scans on the screen to check for vulnerabilities. Pseudo servers are automatically scanned daily and can also be scanned manually.
The timing of CPE scans differs between pseudo servers and other servers.
For normal servers, the vulnerability of the CPE associated with the normal server is detected at the following timing:
For pseudo servers, it is as follows:
The scan time is recorded in “Group settings > Scan history”.
Once registered, CPEs can be updated from the screen. By updating CPEs, you can receive alerts for vulnerabilities that are not detected with the previous version of the CPE.
CPEs that have been updated will be scanned automatically the next time the server is scanned.