macOS
brew install vulslocal Homebrew formula metadata
brew
Agentless Vulnerability Scanner for Linux/FreeBSD. Version 0.39.3 via Homebrew; verified 2026-06-09.
install
brew install vulslocal Homebrew formula metadata
nix profile install nixpkgs#vulsnixpkgs package indexes · pkgs/by-name/vu/vuls/package.nix · source: api.github.com
sudo apt install vulsUbuntu 24.04 LTS package indexes · vuls · source: archive.ubuntu.com
overview
Agentless Vulnerability Scanner for Linux/FreeBSD
history
Vuls is an agentless vulnerability scanner written in Go for Linux, FreeBSD, and later broader targets such as containers, application libraries, WordPress, network devices, Windows, and macOS. Its core idea is to inventory installed software and match it against vulnerability intelligence without requiring a resident scanner agent on every host.
The GitHub repository was created under Future Architect in March 2016, and the README credits kotakanbe as the creator. The project grew from a concrete operations problem: administrators often cannot simply enable automatic updates on production servers, yet manually tracking NVD, OVAL, vendor trackers, and package advisories across many machines is error-prone.
Vuls developed as a Go-based scanner with multiple scan modes. Its documentation describes remote scans over SSH, local scans for hosts that should not be reached centrally, and server mode where target hosts collect software information and send it to a Vuls server over HTTP.
Over time Vuls expanded from OS package vulnerability checks into a larger security-data workflow. The README lists data sources and integrations including NVD, JVN, vendor OVAL feeds, distribution security trackers, Microsoft CVRF, exploit and PoC data, CISA Known Exploited Vulnerabilities, MITRE ATT&CK and CAPEC data, application dependency data, and WordPress scanning.
Vuls is one of the more visible open-source host vulnerability scanners from the Go security tooling wave of the mid-2010s. By July 2026, GitHub repository metadata showed about 12.2k stars and more than 1.2k forks, indicating durable use well beyond a single-company internal tool.
The project also accumulated companion commands and data tools. Current release assets include `vuls`, `vuls-scanner`, `future-vuls`, `snmp2cpe`, and `trivy-to-vuls`, showing how the project adapted to adjacent scanners, CPE mapping, and hosted-service workflows.
A common Vuls workflow is to create a `config.toml`, fetch or serve vulnerability dictionaries, scan target machines, and then generate reports for humans or automation. Remote mode uses SSH from a central machine; local and server modes reduce the need for inbound access to target hosts.
Vuls does not update vulnerable packages itself. Its value is detection, prioritization, and reporting: it tells operators which servers and software are affected, adds severity and exploit context when available, and can send notifications through channels such as email or Slack.
Vuls matters to package and security nerds because it turns package inventories, CVE identifiers, OVAL feeds, vendor advisories, CPE naming, and exploit metadata into a repeatable command-line workflow. It is especially relevant for people who care about the gap between distro package versions and upstream vulnerability identifiers.
security posture
escape, surveillance, or offensive capability signal.
red risk · medium confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
config.tomlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
future-vuls | cli | global executable | |
snmp2cpe | cli | global executable | |
trivy-to-vuls | cli | global executable | |
vuls | cli | global executable | |
vuls-scanner | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/future-architect/vuls
install metadata
| Package key | brew:vuls |
|---|---|
| Version | 0.39.3 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/vuls |
| Homepage | https://vuls.io/ |
| Repository | https://github.com/future-architect/vuls |
| Upstream docs | https://vuls.io/docs/en |
| License | GPL-3.0-only |
| Source archive | https://github.com/future-architect/vuls/archive/refs/tags/v0.39.3.tar.gz |
| Last updated | 2026-06-09T13:20:42Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | vuls |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
vuls
nix profile install nixpkgs#vulsvuls 0.6.1-5
Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
https://github.com/future-architect/vuls
sudo apt install vulssource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.