feat!(detector): relace go-msfdb with vuls2

[MaineK00n]

If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

What did you implement:

Replace standalone go-msfdb FillWithMetasploit() with vuls2
EnrichVulnInfos pipeline. Metasploit data is now sourced from
vuls-data-extracted-msf via BoltDB.

• Extend enrich() to handle sourceTypes.Metasploit → vi.Metasploits
• Remove detector/msf.go and all FillWithMetasploit() calls
• Remove MetasploitConf from config and subcmds
• Remove go-msfdb dependency (go.mod, dependabot.yml)

Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

Type of change

• Breaking change (fix or feature that would cause existing functionality to not work as expected)

How Has This Been Tested?

Checklist:

You don't have to satisfy all of the following.

• Write tests
• Write documentation
• Check that there aren't other open pull requests for the same issue/feature
• Format your source code by make fmt
• Pass the test by make test
• Provide verification config / commands
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES

Reference

[Copilot]

Pull request overview

This PR replaces the legacy go-msfdb-based Metasploit enrichment path with vuls2’s EnrichVulnInfos pipeline, sourcing Metasploit module data from the vuls2 BoltDB-backed dataset.

Changes:

• Add vuls2 enrichment support for sourceTypes.Metasploit and map it into models.VulnInfo.Metasploits.
• Remove the standalone Metasploit detector/config plumbing (FillWithMetasploit, MetasploitConf, config template section, DB validation wiring).
• Drop the github.com/vulsio/go-msfdb dependency and update tests/fixtures to cover Metasploit enrichment.

Reviewed changes

Copilot reviewed 17 out of 18 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
subcmds/server.go	Removes Metasploit config init and drops Metasploit from ValidateDBs call.
subcmds/report.go	Removes Metasploit config init in report flow.
subcmds/report_windows.go	Removes Metasploit config init in Windows report flow.
subcmds/discover.go	Removes [metasploit] section from generated config template.
server/server.go	Removes FillWithMetasploit() server-side enrichment (vuls2 enrichment remains).
detector/util.go	Updates ValidateDBs signature and removes Metasploit DB validation.
detector/msf.go	Deletes the go-msfdb-backed Metasploit enrichment implementation.
detector/detector.go	Removes FillWithMetasploit() from the local detect pipeline (vuls2 enrichment remains).
config/vulnDictConf.go	Removes MetasploitConf configuration type.
config/tomlloader.go	Stops initializing Metasploit config during TOML load.
config/config.go	Removes Metasploit from Config and config validation loop.
detector/vuls2/vendor.go	Adds sourceTypes.Metasploit handling + enrichMetasploit() mapping into vi.Metasploits.
detector/vuls2/vuls2_test.go	Adds enrichment test case for Metasploit data.
detector/vuls2/testdata/fixtures/enrich/metasploit/datasource.json	Adds metasploit datasource fixture for vuls2 DB population.
detector/vuls2/testdata/fixtures/enrich/metasploit/data/2024/CVE-2024-0012.json	Adds metasploit vulnerability fixture used by enrichment test.
go.mod	Removes github.com/vulsio/go-msfdb requirement.
go.sum	Removes go-msfdb checksums.
.github/dependabot.yml	Removes go-msfdb from dependabot ignore patterns.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[shino]

🍻