# Install vuls with Homebrew, Nix, apt

Agentless Vulnerability Scanner for Linux/FreeBSD. Version 0.39.3 via Homebrew; verified 2026-06-09.

## Install

```sh
sudo av install brew:vuls
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install vuls
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#vuls
```

  Evidence: nixpkgs package indexes: pkgs/by-name/vu/vuls/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- Ubuntu apt (92%):

```sh
sudo apt install vuls
```

  Evidence: Ubuntu 24.04 LTS package indexes: vuls from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz

## Package facts

- **Package key:** brew:vuls
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/vuls>
- **Version:** 0.39.3
- **Source summary:** Agentless Vulnerability Scanner for Linux/FreeBSD
- **Homepage:** <https://vuls.io/>
- **Repository:** <https://github.com/future-architect/vuls>
- **Upstream docs:** <https://vuls.io/docs/en>
- **License:** GPL-3.0-only
- **Source archive:** <https://github.com/future-architect/vuls/archive/refs/tags/v0.39.3.tar.gz>
- **Last updated:** 2026-06-09T13:20:42Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- future-vuls (cli)
- snmp2cpe (cli)
- trivy-to-vuls (cli)
- vuls (cli)
- vuls-scanner (cli)
- future-vuls (alias)
- snmp2cpe (alias)
- trivy-to-vuls (alias)
- vuls (alias)
- vuls-scanner (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.39.3
- Package-manager updated: 2026-06-09
- Local data: ok
- Upstream repository: https://github.com/future-architect/vuls
- Upstream latest detected: v0.39.3 (current)
## Project history and usage

Vuls is an agentless vulnerability scanner written in Go for Linux, FreeBSD, and later broader targets such as containers, application libraries, WordPress, network devices, Windows, and macOS. Its core idea is to inventory installed software and match it against vulnerability intelligence without requiring a resident scanner agent on every host.

### Project history

The GitHub repository was created under Future Architect in March 2016, and the README credits kotakanbe as the creator. The project grew from a concrete operations problem: administrators often cannot simply enable automatic updates on production servers, yet manually tracking NVD, OVAL, vendor trackers, and package advisories across many machines is error-prone.

Vuls developed as a Go-based scanner with multiple scan modes. Its documentation describes remote scans over SSH, local scans for hosts that should not be reached centrally, and server mode where target hosts collect software information and send it to a Vuls server over HTTP.

Over time Vuls expanded from OS package vulnerability checks into a larger security-data workflow. The README lists data sources and integrations including NVD, JVN, vendor OVAL feeds, distribution security trackers, Microsoft CVRF, exploit and PoC data, CISA Known Exploited Vulnerabilities, MITRE ATT&CK and CAPEC data, application dependency data, and WordPress scanning.

### Adoption history

Vuls is one of the more visible open-source host vulnerability scanners from the Go security tooling wave of the mid-2010s. By July 2026, GitHub repository metadata showed about 12.2k stars and more than 1.2k forks, indicating durable use well beyond a single-company internal tool.

The project also accumulated companion commands and data tools. Current release assets include `vuls`, `vuls-scanner`, `future-vuls`, `snmp2cpe`, and `trivy-to-vuls`, showing how the project adapted to adjacent scanners, CPE mapping, and hosted-service workflows.

### How it is used

A common Vuls workflow is to create a `config.toml`, fetch or serve vulnerability dictionaries, scan target machines, and then generate reports for humans or automation. Remote mode uses SSH from a central machine; local and server modes reduce the need for inbound access to target hosts.

Vuls does not update vulnerable packages itself. Its value is detection, prioritization, and reporting: it tells operators which servers and software are affected, adds severity and exploit context when available, and can send notifications through channels such as email or Slack.

### Why package nerds care

Vuls matters to package and security nerds because it turns package inventories, CVE identifiers, OVAL feeds, vendor advisories, CPE naming, and exploit metadata into a repeatable command-line workflow. It is especially relevant for people who care about the gap between distro package versions and upstream vulnerability identifiers.

### Timeline

- 2016: future-architect/vuls was created on GitHub on March 27, 2016.
- 2017: FreeBSD ports carried Vuls as an agentless vulnerability scanner with SSH, TUI, notification, and multi-distribution support.
- 2020: v0.14.0 was published on December 23, 2020, among the older releases still visible through the GitHub releases API page inspected for this run.
- 2026: v0.39.3 was published on June 9, 2026, with signed release artifacts for multiple Vuls-related commands.

### Related projects

- Vuls is related to go-cve-dictionary, goval-dictionary, go-cpe-dictionary, gost, go-exploitdb, vulsctl, VulsRepo, Trivy, OWASP Dependency-Check, NVD, JVN, OVAL, and distribution security trackers.

### Sources

- <https://api.github.com/repos/future-architect/vuls>
- <https://api.github.com/repos/future-architect/vuls/releases>
- <https://github.com/future-architect/vuls>
- <https://raw.githubusercontent.com/future-architect/vuls/master/README.md>
- <https://vuls.io/>
- <https://vuls.io/docs/en>
- <https://www.freshports.org/security/vuls/>


## Security Notes

escape, surveillance, or offensive capability signal.

- **Geiger risk:** red / medium
- escape, surveillance, or offensive capability signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: config.toml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** vuls
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - vuls: normalized package name match | nixpkgs package indexes: pkgs/by-name/vu/vuls/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - vuls - 0.6.1-5: normalized package name match | Ubuntu 24.04 LTS package indexes: vuls from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Vulnerability scanner for Linux/FreeBSD, agentless, written in Go | https://github.com/future-architect/vuls


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [grype](https://www.automicvault.com/pkg/brew/grype/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [nuclei](https://www.automicvault.com/pkg/brew/nuclei/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [osv-scanner](https://www.automicvault.com/pkg/brew/osv-scanner/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [terrapin-scanner](https://www.automicvault.com/pkg/brew/terrapin-scanner/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [clair](https://www.automicvault.com/pkg/brew/clair/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [govulncheck](https://www.automicvault.com/pkg/brew/govulncheck/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [safety](https://www.automicvault.com/pkg/brew/safety/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.

## Combined YAML source

View the package source record on GitHub. [combined/vuls.yml](https://github.com/automic-vault/db/blob/main/combined/vuls.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
