
VULCAN(8)		 UNIX System Manager's Manual		     VULCAN(8)

NAME
     vulcan - VULnerability sCAN

SYNOPSIS
     vulcan [-v] -f vulfile -p port iprange

DESCRIPTION
     vulcan identifies vulnerable services in one or more hosts. This is
     achieved by comparing information from service banners against a database
     of vulnerable implementations of a service. It allows for automated anal-
     ysis of a computing environment, determining which services and servers
     need to be updated due to publicized security flaws.  vulcan's real
     strength resides not on the program itself, but on having vulnerability
     databases which are correct and as complete and up-to-date as possible.

OPTIONS
     The following options are available:

     -v	     Verbose mode.

     -f vulfile
	     Name of the file containing vulnerability information on a given
	     service. The file format is described below.

     -p port
	     TCP port where the service to be inspected is running.

     iprange
	     List of hosts to scan. Single hosts should be separated with a
	     comma (`,'). Hostnames are allowed. A range of IP addresses can
	     be specified with a dash (`-'). See EXAMPLES below.

VULNERABILITY FILE FORMAT
     A vulnerability file may contain variables that adjust vulcan's behavior.
     These variables are:

     SC (Send Command)
	     determines what should be sent to a server before reading its
	     banner.

     VL (Verify Line)
	     lines containing this pattern will be matched and analyzed by
	     vulcan. Useful when a banner contains several lines of output.

     CMP (Compare)
	     indicates whether pattern matching should be partial (PT) or ex-
	     act (EX).

     NL (New Line)
	     determines if and how many newlines (`\n') should be sent to a
	     server before its banner is read.

     The remaining lines of a vulnerability file contain two fields each, sep-
     arated by a colon (`:'). The first field contains a string to be matched
     against the service banner, and the second states whether or not the ser-
     vice version (represented by the string in the first field) is vulnerable
     or not.

     An example is shown below:

	   SC=\n
	   VL=SSH
	   CMP=EX
	   SSH-1.5-1.2.24:affected
	   SSH-1.5-1.3.10:affected # F-Secure SSH versions prior to 1.3.11-2
	   SSH-1.5-1.2.29:affected
	   SSH-1.5-1.2.30:affected # AnotherDescription

EXAMPLES
     vulcan -f ssh.vul -p 22 192.168.1.3,192.168.1.15,192.168.10.54

     vulcan -f /usr/local/etc/vulcan/ssh.vul -p 22 192.168.1.30

     vulcan -f http.vul -p 80 www.foo.com

     vulcan -f ssh.vul -p 22 www.foo.com,ftp.foo.com,192.168.1.1

     vulcan -f http.vul -p 80 www.foo.com,www.bar.net

     vulcan -f ftp.vul -p 21 192.168.1.5-192.168.1.10

FILES
     /usr/local/etc/vulcan
	     default installation directory for config files.

BUGS
     As the current version does not control connection time, it is better to
     avoid scanning systems that are off-line so as to improve response time.

AUTHOR
     vulcan was written by Nelson Murilo <nelson@pangeia.com.br>. This man
     page was written by Rafael R. Obelheiro <obelix@lcmi.ufsc.br>.


 Pangeia		       December 6, 19101			     2
