feat!(detector): relace go-msfdb with vuls2

 Replace standalone go-msfdb FillWithMetasploit() with vuls2
 EnrichVulnInfos pipeline. Metasploit data is now sourced from
 vuls-data-extracted-msf via BoltDB.

 - Extend enrich() to handle sourceTypes.Metasploit → vi.Metasploits
 - Remove detector/msf.go and all FillWithMetasploit() calls
 - Remove MetasploitConf from config and subcmds
 - Remove go-msfdb dependency (go.mod, dependabot.yml)

 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: MaineK00n

.github/dependabot.yml

@@ -45,7 +45,6 @@ updates:
           - "github.com/vulsio/go-cve-dictionary"
           - "github.com/vulsio/go-exploitdb"
           - "github.com/vulsio/go-kev"
-          - "github.com/vulsio/go-msfdb"
           - "github.com/vulsio/gost"
       trivy:
         patterns:
@@ -62,7 +61,6 @@ updates:
           - "github.com/vulsio/go-cve-dictionary"
           - "github.com/vulsio/go-exploitdb"
           - "github.com/vulsio/go-kev"
-          - "github.com/vulsio/go-msfdb"
           - "github.com/vulsio/gost"
           - "github.com/aquasecurity/trivy"
           - "github.com/aquasecurity/trivy-db"

config/config.go

@@ -41,7 +41,6 @@ type Config struct {
 	CveDict    GoCveDictConf  `json:"cveDict,omitzero"`
 	Gost       GostConf       `json:"gost,omitzero"`
 	Exploit    ExploitConf    `json:"exploit,omitzero"`
-	Metasploit MetasploitConf `json:"metasploit,omitzero"`
 	KEVuln     KEVulnConf     `json:"kevuln,omitzero"`
 	Cti        CtiConf        `json:"cti,omitzero"`
 	Vuls2      Vuls2Conf      `json:"vuls2,omitzero"`
@@ -191,7 +190,6 @@ func (c *Config) ValidateOnReport() bool {
 		&Conf.CveDict,
 		&Conf.Gost,
 		&Conf.Exploit,
-		&Conf.Metasploit,
 		&Conf.KEVuln,
 		&Conf.Cti,
 	} {

config/tomlloader.go

@@ -41,7 +41,6 @@ func (c TOMLLoader) Load(pathToToml string) error {
 		&Conf.CveDict,
 		&Conf.Gost,
 		&Conf.Exploit,
-		&Conf.Metasploit,
 		&Conf.KEVuln,
 		&Conf.Cti,
 	} {

config/vulnDictConf.go

@@ -227,33 +227,6 @@ func (cnf *GostConf) Init() {
 	cnf.DebugSQL = Conf.DebugSQL
 }
 
-// MetasploitConf is go-msfdb config
-type MetasploitConf struct {
-	VulnDict
-}
-
-const metasploitDBType = "METASPLOITDB_TYPE"
-const metasploitDBURL = "METASPLOITDB_URL"
-const metasploitDBPATH = "METASPLOITDB_SQLITE3_PATH"
-
-// Init set options with the following priority.
-// 1. Environment variable
-// 2. config.toml
-func (cnf *MetasploitConf) Init() {
-	cnf.Name = "metasploit"
-	if os.Getenv(metasploitDBType) != "" {
-		cnf.Type = os.Getenv(metasploitDBType)
-	}
-	if os.Getenv(metasploitDBURL) != "" {
-		cnf.URL = os.Getenv(metasploitDBURL)
-	}
-	if os.Getenv(metasploitDBPATH) != "" {
-		cnf.SQLite3Path = os.Getenv(metasploitDBPATH)
-	}
-	cnf.setDefault("go-msfdb.sqlite3")
-	cnf.DebugSQL = Conf.DebugSQL
-}
-
 // KEVulnConf is go-kev config
 type KEVulnConf struct {
 	VulnDict

detector/detector.go

@@ -209,12 +209,6 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 		}
 		logging.Log.Infof("%s: %d PoC are detected", r.FormatServerName(), nExploitCve)
 
-		nMetasploitCve, err := FillWithMetasploit(&r, config.Conf.Metasploit, config.Conf.LogOpts)
-		if err != nil {
-			return nil, xerrors.Errorf("Failed to fill with metasploit: %w", err)
-		}
-		logging.Log.Infof("%s: %d exploits are detected", r.FormatServerName(), nMetasploitCve)
-
 		if err := FillWithKEVuln(&r, config.Conf.KEVuln, config.Conf.LogOpts); err != nil {
 			return nil, xerrors.Errorf("Failed to fill with Known Exploited Vulnerabilities: %w", err)
 		}

detector/msf.go

@@ -263,7 +263,7 @@ func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) {
 }
 
 // ValidateDBs checks if the databases are accessible and can be closed properly
-func ValidateDBs(cveConf config.GoCveDictConf, gostConf config.GostConf, exploitConf config.ExploitConf, metasploitConf config.MetasploitConf, kevulnConf config.KEVulnConf, ctiConf config.CtiConf, logOpts logging.LogOpts) error {
+func ValidateDBs(cveConf config.GoCveDictConf, gostConf config.GostConf, exploitConf config.ExploitConf, kevulnConf config.KEVulnConf, ctiConf config.CtiConf, logOpts logging.LogOpts) error {
 	cvec, err := newGoCveDictClient(&cveConf, logOpts)
 	if err != nil {
 		return xerrors.Errorf("Failed to new CVE client. err: %w", err)
@@ -288,14 +288,6 @@ func ValidateDBs(cveConf config.GoCveDictConf, gostConf config.GostConf, exploit
 		return xerrors.Errorf("Failed to close exploit DB. err: %w", err)
 	}
 
-	metasploitc, err := newGoMetasploitDBClient(&metasploitConf, logOpts)
-	if err != nil {
-		return xerrors.Errorf("Failed to new metasploit client. err: %w", err)
-	}
-	if err := metasploitc.closeDB(); err != nil {
-		return xerrors.Errorf("Failed to close metasploit DB. err: %w", err)
-	}
-
 	kevulnc, err := newGoKEVulnDBClient(&kevulnConf, logOpts)
 	if err != nil {
 		return xerrors.Errorf("Failed to new KEVuln client. err: %w", err)

detector/util.go

@@ -1219,6 +1219,29 @@ func enrich(sesh *session.Session, vim models.VulnInfos) error {
 		}
 
 		for sourceID, rootMap := range vm {
+			if sourceID == sourceTypes.Metasploit {
+				if len(vi.Metasploits) > 0 {
+					continue
+				}
+				for _, vulns := range rootMap {
+					for _, v := range vulns {
+						for _, m := range v.Content.Metasploit {
+							var urls []string
+							for _, r := range m.References {
+								urls = append(urls, r.URL)
+							}
+							vi.Metasploits = append(vi.Metasploits, models.Metasploit{
+								Name:        m.FullName,
+								Title:       m.Name,
+								Description: m.Description,
+								URLs:        urls,
+							})
+						}
+					}
+				}
+				continue
+			}
+
 			cctype := enrichCveContentType(sourceID)
 			if cctype == models.Unknown {
 				continue

detector/vuls2/vuls2.go

@@ -55,7 +55,6 @@ require (
 	github.com/vulsio/go-cve-dictionary v0.16.0
 	github.com/vulsio/go-exploitdb v0.7.0
 	github.com/vulsio/go-kev v0.4.4
-	github.com/vulsio/go-msfdb v0.4.4
 	github.com/vulsio/gost v0.7.2
 	go.etcd.io/bbolt v1.4.3
 	golang.org/x/term v0.41.0