feat!(detector): relace go-msfdb with vuls2

 Replace standalone go-msfdb FillWithMetasploit() with vuls2
 EnrichVulnInfos pipeline. Metasploit data is now sourced from
 vuls-data-extracted-msf via BoltDB.

 - Extend enrich() to handle sourceTypes.Metasploit → vi.Metasploits
 - Remove detector/msf.go and all FillWithMetasploit() calls
 - Remove MetasploitConf from config and subcmds
 - Remove go-msfdb dependency (go.mod, dependabot.yml)

 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: MaineK00n

.github/dependabot.yml

@@ -44,7 +44,6 @@ updates:
           - "github.com/vulsio/go-cti"
           - "github.com/vulsio/go-cve-dictionary"
           - "github.com/vulsio/go-exploitdb"
-          - "github.com/vulsio/go-msfdb"
           - "github.com/vulsio/gost"
       trivy:
         patterns:
@@ -60,7 +59,6 @@ updates:
           - "github.com/vulsio/go-cti"
           - "github.com/vulsio/go-cve-dictionary"
           - "github.com/vulsio/go-exploitdb"
-          - "github.com/vulsio/go-msfdb"
           - "github.com/vulsio/gost"
           - "github.com/aquasecurity/trivy"
           - "github.com/aquasecurity/trivy-db"

config/config.go

@@ -38,12 +38,11 @@ type Config struct {
 	ScanOpts
 
 	// report
-	CveDict    GoCveDictConf  `json:"cveDict,omitzero"`
-	Gost       GostConf       `json:"gost,omitzero"`
-	Exploit    ExploitConf    `json:"exploit,omitzero"`
-	Metasploit MetasploitConf `json:"metasploit,omitzero"`
-	Cti        CtiConf        `json:"cti,omitzero"`
-	Vuls2      Vuls2Conf      `json:"vuls2,omitzero"`
+	CveDict GoCveDictConf `json:"cveDict,omitzero"`
+	Gost    GostConf      `json:"gost,omitzero"`
+	Exploit ExploitConf   `json:"exploit,omitzero"`
+	Cti     CtiConf       `json:"cti,omitzero"`
+	Vuls2   Vuls2Conf     `json:"vuls2,omitzero"`
 
 	Slack      SlackConf      `json:"-"`
 	EMail      SMTPConf       `json:"-"`
@@ -190,7 +189,6 @@ func (c *Config) ValidateOnReport() bool {
 		&Conf.CveDict,
 		&Conf.Gost,
 		&Conf.Exploit,
-		&Conf.Metasploit,
 		&Conf.Cti,
 	} {
 		if err := cnf.Validate(); err != nil {

config/tomlloader.go

@@ -41,7 +41,6 @@ func (c TOMLLoader) Load(pathToToml string) error {
 		&Conf.CveDict,
 		&Conf.Gost,
 		&Conf.Exploit,
-		&Conf.Metasploit,
 		&Conf.Cti,
 	} {
 		cnf.Init()

config/vulnDictConf.go

@@ -227,33 +227,6 @@ func (cnf *GostConf) Init() {
 	cnf.DebugSQL = Conf.DebugSQL
 }
 
-// MetasploitConf is go-msfdb config
-type MetasploitConf struct {
-	VulnDict
-}
-
-const metasploitDBType = "METASPLOITDB_TYPE"
-const metasploitDBURL = "METASPLOITDB_URL"
-const metasploitDBPATH = "METASPLOITDB_SQLITE3_PATH"
-
-// Init set options with the following priority.
-// 1. Environment variable
-// 2. config.toml
-func (cnf *MetasploitConf) Init() {
-	cnf.Name = "metasploit"
-	if os.Getenv(metasploitDBType) != "" {
-		cnf.Type = os.Getenv(metasploitDBType)
-	}
-	if os.Getenv(metasploitDBURL) != "" {
-		cnf.URL = os.Getenv(metasploitDBURL)
-	}
-	if os.Getenv(metasploitDBPATH) != "" {
-		cnf.SQLite3Path = os.Getenv(metasploitDBPATH)
-	}
-	cnf.setDefault("go-msfdb.sqlite3")
-	cnf.DebugSQL = Conf.DebugSQL
-}
-
 // CtiConf is go-cti config
 type CtiConf struct {
 	VulnDict

detector/detector.go

@@ -209,12 +209,6 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 		}
 		logging.Log.Infof("%s: %d PoC are detected", r.FormatServerName(), nExploitCve)
 
-		nMetasploitCve, err := FillWithMetasploit(&r, config.Conf.Metasploit, config.Conf.LogOpts)
-		if err != nil {
-			return nil, xerrors.Errorf("Failed to fill with metasploit: %w", err)
-		}
-		logging.Log.Infof("%s: %d exploits are detected", r.FormatServerName(), nMetasploitCve)
-
 		if err := FillWithCTI(&r, config.Conf.Cti, config.Conf.LogOpts); err != nil {
 			return nil, xerrors.Errorf("Failed to fill with Cyber Threat Intelligences: %w", err)
 		}

detector/msf.go

@@ -263,7 +263,7 @@ func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) {
 }
 
 // ValidateDBs checks if the databases are accessible and can be closed properly
-func ValidateDBs(cveConf config.GoCveDictConf, gostConf config.GostConf, exploitConf config.ExploitConf, metasploitConf config.MetasploitConf, ctiConf config.CtiConf, logOpts logging.LogOpts) error {
+func ValidateDBs(cveConf config.GoCveDictConf, gostConf config.GostConf, exploitConf config.ExploitConf, ctiConf config.CtiConf, logOpts logging.LogOpts) error {
 	cvec, err := newGoCveDictClient(&cveConf, logOpts)
 	if err != nil {
 		return xerrors.Errorf("Failed to new CVE client. err: %w", err)
@@ -288,14 +288,6 @@ func ValidateDBs(cveConf config.GoCveDictConf, gostConf config.GostConf, exploit
 		return xerrors.Errorf("Failed to close exploit DB. err: %w", err)
 	}
 
-	metasploitc, err := newGoMetasploitDBClient(&metasploitConf, logOpts)
-	if err != nil {
-		return xerrors.Errorf("Failed to new metasploit client. err: %w", err)
-	}
-	if err := metasploitc.closeDB(); err != nil {
-		return xerrors.Errorf("Failed to close metasploit DB. err: %w", err)
-	}
-
 	ctic, err := newGoCTIDBClient(&ctiConf, logOpts)
 	if err != nil {
 		return xerrors.Errorf("Failed to new CTI client. err: %w", err)