Add: source code

.gitignore

@@ -0,0 +1,9 @@
+.vscode
+coverage.out
+issues/
+*.txt
+vendor/
+log/
+.gitmodules
+vuls
+*.sqlite3

CHANGELOG.md

@@ -0,0 +1,3 @@
+
+TODO
+

Makefile

@@ -0,0 +1,52 @@
+.PHONY: \
+	all \
+	vendor \
+	lint \
+	vet \
+	fmt \
+	fmtcheck \
+	pretest \
+	test \
+	integration \
+	cov \
+	clean
+
+SRCS = $(shell git ls-files '*.go')
+PKGS = ./. ./db ./config ./models ./report ./cveapi ./scan ./util ./commands
+
+all: test
+
+vendor:
+	@ go get -v github.com/mjibson/party
+	party -d external -c -u
+
+lint:
+	@ go get -v github.com/golang/lint/golint
+	$(foreach file,$(SRCS),golint $(file) || exit;)
+
+vet:
+	@-go get -v golang.org/x/tools/cmd/vet
+	$(foreach pkg,$(PKGS),go vet $(pkg);)
+
+fmt:
+	gofmt -w $(SRCS)
+
+fmtcheck:
+	$(foreach file,$(SRCS),gofmt -d $(file);)
+
+pretest: lint vet fmtcheck
+
+test: pretest
+	$(foreach pkg,$(PKGS),go test -v $(pkg) || exit;)
+
+unused :
+	$(foreach pkg,$(PKGS),unused $(pkg);)
+
+cov:
+	@ go get -v github.com/axw/gocov/gocov
+	@ go get golang.org/x/tools/cmd/cover
+	gocov test | gocov report
+
+clean:
+	$(foreach pkg,$(PKGS),go clean $(pkg) || exit;)
+

commands/discover.go

@@ -0,0 +1,158 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package commands
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"text/template"
+
+	"github.com/google/subcommands"
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	ps "github.com/kotakanbe/go-pingscanner"
+)
+
+// DiscoverCmd is Subcommand of host discovery mode
+type DiscoverCmd struct {
+}
+
+// Name return subcommand name
+func (*DiscoverCmd) Name() string { return "discover" }
+
+// Synopsis return synopsis
+func (*DiscoverCmd) Synopsis() string { return "Host discovery in the CIDR." }
+
+// Usage return usage
+func (*DiscoverCmd) Usage() string {
+	return `discover:
+	discover 192.168.0.0/24
+
+`
+}
+
+// SetFlags set flag
+func (p *DiscoverCmd) SetFlags(f *flag.FlagSet) {
+}
+
+// Execute execute
+func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	// validate
+	if len(f.Args()) == 0 {
+		return subcommands.ExitUsageError
+	}
+
+	for _, cidr := range f.Args() {
+		scanner := ps.PingScanner{
+			CIDR: cidr,
+			PingOptions: []string{
+				"-c1",
+				"-t1",
+			},
+			NumOfConcurrency: 100,
+		}
+		hosts, err := scanner.Scan()
+
+		if err != nil {
+			logrus.Errorf("Host Discovery failed. err: %s", err)
+			return subcommands.ExitFailure
+		}
+
+		if len(hosts) < 1 {
+			logrus.Errorf("Active hosts not found in %s.", cidr)
+			return subcommands.ExitSuccess
+		} else if err := printConfigToml(hosts); err != nil {
+			logrus.Errorf("Failed to parse template. err: %s", err)
+			return subcommands.ExitFailure
+		}
+	}
+	return subcommands.ExitSuccess
+}
+
+// Output the tmeplate of config.toml
+func printConfigToml(ips []string) (err error) {
+	const tomlTempale = `
+[slack]
+hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
+channel      = "#channel-name"
+#channel      = "#{servername}"
+iconEmoji    = ":ghost:"
+authUser     = "username"
+notifyUsers  = ["@username"]
+
+[mail]
+smtpAddr      = "smtp.gmail.com"
+smtpPort      = 465
+user          = "username"
+password      = "password"
+from          = "[email protected]"
+to            = ["[email protected]"]
+cc            = ["[email protected]"]
+subjectPrefix = "[vuls]"
+
+[default]
+#port        = "22"
+#user        = "username"
+#password    = "password"
+#keyPath     = "/home/username/.ssh/id_rsa"
+#keyPassword = "password"
+
+[servers]
+{{- $names:=  .Names}}
+{{range $i, $ip := .IPs}}
+[servers.{{index $names $i}}]
+host         = "{{$ip}}"
+#port        = "22"
+#user        = "root"
+#password    = "password"
+#keyPath     = "/home/username/.ssh/id_rsa"
+#keyPassword = "password"
+#cpeNames = [
+#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
+#]
+{{end}}
+
+`
+	var tpl *template.Template
+	if tpl, err = template.New("tempalte").Parse(tomlTempale); err != nil {
+		return
+	}
+
+	type activeHosts struct {
+		IPs   []string
+		Names []string
+	}
+
+	a := activeHosts{IPs: ips}
+	names := []string{}
+	for _, ip := range ips {
+		// TOML section header must not contain "."
+		name := strings.Replace(ip, ".", "-", -1)
+		names = append(names, name)
+	}
+	a.Names = names
+
+	fmt.Println("# Create config.toml using below and then ./vuls --config=/path/to/config.toml")
+	if err = tpl.Execute(os.Stdout, a); err != nil {
+		return
+	}
+	return
+}

commands/prepare.go

@@ -0,0 +1,131 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package commands
+
+import (
+	"flag"
+	"os"
+
+	"github.com/Sirupsen/logrus"
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/scan"
+	"github.com/future-architect/vuls/util"
+	"github.com/google/subcommands"
+	"golang.org/x/net/context"
+)
+
+// PrepareCmd is Subcommand of host discovery mode
+type PrepareCmd struct {
+	debug      bool
+	configPath string
+
+	useUnattendedUpgrades bool
+}
+
+// Name return subcommand name
+func (*PrepareCmd) Name() string { return "prepare" }
+
+// Synopsis return synopsis
+func (*PrepareCmd) Synopsis() string {
+	//  return "Install packages Ubuntu: unattended-upgrade, CentOS: yum-plugin-security)"
+	return `Install required packages to scan.
+				CentOS: yum-plugin-security, yum-plugin-changelog
+				Amazon: None
+				RHEL:   TODO
+				Ubuntu: None
+
+	`
+}
+
+// Usage return usage
+func (*PrepareCmd) Usage() string {
+	return `prepare:
+	prepare [-config=/path/to/config.toml] [-debug]
+
+`
+}
+
+// SetFlags set flag
+func (p *PrepareCmd) SetFlags(f *flag.FlagSet) {
+
+	f.BoolVar(&p.debug, "debug", false, "debug mode")
+
+	defaultConfPath := os.Getenv("PWD") + "/config.toml"
+	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+
+	f.BoolVar(
+		&p.useUnattendedUpgrades,
+		"use-unattended-upgrades",
+		false,
+		"[Depricated] For Ubuntu, install unattended-upgrades",
+	)
+}
+
+// Execute execute
+func (p *PrepareCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	logrus.Infof("Begin Preparing (config: %s)", p.configPath)
+
+	err := c.Load(p.configPath)
+	if err != nil {
+		logrus.Errorf("Error loading %s, %s", p.configPath, err)
+		return subcommands.ExitUsageError
+	}
+
+	target := make(map[string]c.ServerInfo)
+	for _, arg := range f.Args() {
+		found := false
+		for servername, info := range c.Conf.Servers {
+			if servername == arg {
+				target[servername] = info
+				found = true
+				break
+			}
+		}
+		if !found {
+			logrus.Errorf("%s is not in config", arg)
+			return subcommands.ExitUsageError
+		}
+	}
+	if 0 < len(f.Args()) {
+		c.Conf.Servers = target
+	}
+
+	c.Conf.Debug = p.debug
+	c.Conf.UseUnattendedUpgrades = p.useUnattendedUpgrades
+
+	// Set up custom logger
+	logger := util.NewCustomLogger(c.ServerInfo{})
+
+	logger.Info("Detecting OS... ")
+	err = scan.InitServers(logger)
+	if err != nil {
+		logger.Errorf("Failed to init servers. err: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	logger.Info("Installing...")
+	if errs := scan.Prepare(); 0 < len(errs) {
+		for _, e := range errs {
+			logger.Errorf("Failed: %s.", e)
+		}
+		return subcommands.ExitFailure
+	}
+
+	logger.Info("Success")
+	return subcommands.ExitSuccess
+}