This is an introduction video on 3 advanced and comprehensive vulnerability scanners: Nuclei, Trivy, Vuls.
Nuclei is an advanced website, network, CVEs vulnerability scanner. Trivy a scanner that specialized in container images, filesystems, git repositories and Kubernetes. Vuls can be used to scan any server using ssh for a wide range of vulnerabilities.
Links:
There is a long-awaited feature released in Kenna VM (Aug 18) where 8 new query search terms are added to allow searching based on CVSS v2 or v3.
cvss_v2_score:>=7 AND cvss_v3_score:>=7
However, the syntax above will produce a blind
spot in querying any CVE released before 2015 or after 2022-08, which
may only contain either CVSS v2 or CVSS v3 score. For example, cve-2013-3900, which contains only CVSS v2 7.6 (without CVSS v3), is not covered by syntax above.
There are 4 groups of vulnerabilities in Kenna.
| CVSS v2 | CVSS v3 | Kenna Syntax |
|---|---|---|
| No | No | -cvss_v2_score:"*" AND -cvss_v3_score:"*" |
| Yes | No | cvss_v2_score:"*" AND -cvss_v3_score:"*" |
| No | Yes | -cvss_v2_score:"*" AND cvss_v3_score:"*" |
| Yes | Yes | cvss_v2_score:"*" AND cvss_v3_score:"*" |
Supposedly the syntax should be [ cvss_v2_score:>=7 OR cvss_v3_score:>=7 ]. But this is prohibited in Kenna syntax format.
One of the possible solution to search any CVE with high CVSS score could be:
cvss_v2_score:>=7 AND -cvss_v3_score:<7
Links:
Vuls, is an agentless vulnerability scanner for Linux/FreeBSD. It is open-source, agent-less that based on information from NVD, OVAL, etc.
Vuls supports local and remote scan (with and without root). It uses multiple vulnerability databases, including:
Links:
Trivy is a comprehensive security scanner released by AquaSec. It is reliable, fast, extremely easy to use.
Trivy has different scanners that look for different security issues, and different targets where it can find those issues.
Targets:
Scanners:
Installing Trivy (Ubuntu):
$ sudo apt install wget apt-transport-https gnupg lsb-release
$ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
$ echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
$ sudo apt update
$ sudo apt install trivy
First use:
$ trivy image python:3.4-alpine
Links:
In the past, we can choose to use Microsoft account (Hotmail/Outlook) to setup the login or use an offline account (like how we did traditionally) during the installation.
Recently, the "offline account" option isn't available any more if Internet connection is available during the installation.
There are some advantages to use online account, but if you still prefer offline account, there are 2 ways.
First, cut off the Internet during the Windows 10/11 installation.
Second, cheat them while maintain the Internet connection.
Microsoft will continue to ask for a valid Microsoft account if you provide an invalid Hotmail/Outlook account. So, simply enter "sample@hotmail.com" and fill in with any random password, till the system gives up.
Then the offline account option will be available.