Scan Module Changes

You can specify the behavior of the scanner in config.toml.

  • I want to detect vulnerabilities in WordPress, but not in OS packages.
  • I only want to detect vulnerabilities in libraries deployed on the server
  • I don’t want to check port connections.

You can flexibly control the behavior of the scanner according to your environment and usage.

Example.)

[servers]
  [servers.dev]
    user = "vuls-saas"
    host = "localhost"
    port = "local"
    scanMode = ["fast-root"]
    scanModules = ["ospkg", "wordpress", "lockfile", "port"]
    [servers.dev.uuids]
      dev = "xxx-xxx-xxx"

The following can be specified for scanModule.

scanModules = ["ospkg", "wordpress", "lockfile", "port"]

The default (default) is that all four are specified. The lockfile and wordpress are only executed on scan if they are set in config.toml.

name Description
ospkg Get a list of OS packages
lockfile Obtain a lockfile for a programming language library. Check more details from here.
wordpress Get the list of WordPress Core, Plugin, Theme. Check more details from here.
port Perform a connection check from Scanner for the Port that the server listens to.