How to remove password from the logs ?

[yilas]

Hi all 👋🏻

When initiating the vuls report command, the subsequent logs are as follows ⤵️
It appears that authentication to the remote website is conducted using basic authentication. I'm interested in determining whether it's feasible to generate an output that excludes the password (or replaces it with a REDACTED placeholder).

time="Feb 12 12:09:27" level=info msg="vuls-0.24.8-bbf53c7639b266e3a658e8f0a8b2ff7bf17e8e62-2023-12-17T20:41:46Z" 
time="Feb 12 12:09:27" level=info msg="Validating config..." 
time="Feb 12 12:09:27" level=info msg="cveDict.type=http, cveDict.url=https://USERNAME:PASSWORD@URL, cveDict.SQLite3Path=" 
time="Feb 12 12:09:27" level=info msg="ovalDict.type=http, ovalDict.url=https://USERNAME:PASSWORD@URL, ovalDict.SQLite3Path=" 
time="Feb 12 12:09:27" level=info msg="gost.type=http, gost.url=https://USERNAME:PASSWORD@URL, gost.SQLite3Path=" 
time="Feb 12 12:09:27" level=info msg="exploit.type=http, exploit.url=https://USERNAME:PASSWORD@URL, exploit.SQLite3Path=" 
time="Feb 12 12:09:27" level=info msg="metasploit.type=http, metasploit.url=https://USERNAME:PASSWORD@URL, metasploit.SQLite3Path=" 
time="Feb 12 12:09:27" level=info msg="kevuln.type=http, kevuln.url=https://USERNAME:PASSWORD@URL, kevuln.SQLite3Path=" 
time="Feb 12 12:09:27" level=info msg="cti.type=http, cti.url=https://USERNAME:PASSWORD@URL, cti.SQLite3Path=" 
time="Feb 12 12:09:27" level=info msg="Loaded: /opt/monitoring/vuls/results/2024-02-12T12-09-27+0000" 
time="Feb 12 12:09:27" level=info msg="Skip OVAL and Scan with gost alone." 
time="Feb 12 12:09:27" level=info msg="localhost: 0 CVEs are detected with OVAL" 

[MaineK00n]

I think vuls doesn't have a function to mask the password in the URL string in the log.
You can only remove it from the log output from vuls by combining it with some command.