IssueHuntfuture-architect/vuls
Do you want to work on this issue?
You can request for a bounty in order to promote it!
How to remove password from the logs ? #1847
yilas posted onGitHub
Hi all ๐๐ป
When initiating the vuls report command, the subsequent logs are as follows โคต๏ธ
It appears that authentication to the remote website is conducted using basic authentication. I'm interested in determining whether it's feasible to generate an output that excludes the password (or replaces it with a REDACTED placeholder).
time="Feb 12 12:09:27" level=info msg="vuls-0.24.8-bbf53c7639b266e3a658e8f0a8b2ff7bf17e8e62-2023-12-17T20:41:46Z"
time="Feb 12 12:09:27" level=info msg="Validating config..."
time="Feb 12 12:09:27" level=info msg="cveDict.type=http, cveDict.url=https://USERNAME:PASSWORD@URL, cveDict.SQLite3Path="
time="Feb 12 12:09:27" level=info msg="ovalDict.type=http, ovalDict.url=https://USERNAME:PASSWORD@URL, ovalDict.SQLite3Path="
time="Feb 12 12:09:27" level=info msg="gost.type=http, gost.url=https://USERNAME:PASSWORD@URL, gost.SQLite3Path="
time="Feb 12 12:09:27" level=info msg="exploit.type=http, exploit.url=https://USERNAME:PASSWORD@URL, exploit.SQLite3Path="
time="Feb 12 12:09:27" level=info msg="metasploit.type=http, metasploit.url=https://USERNAME:PASSWORD@URL, metasploit.SQLite3Path="
time="Feb 12 12:09:27" level=info msg="kevuln.type=http, kevuln.url=https://USERNAME:PASSWORD@URL, kevuln.SQLite3Path="
time="Feb 12 12:09:27" level=info msg="cti.type=http, cti.url=https://USERNAME:PASSWORD@URL, cti.SQLite3Path="
time="Feb 12 12:09:27" level=info msg="Loaded: /opt/monitoring/vuls/results/2024-02-12T12-09-27+0000"
time="Feb 12 12:09:27" level=info msg="Skip OVAL and Scan with gost alone."
time="Feb 12 12:09:27" level=info msg="localhost: 0 CVEs are detected with OVAL"