Seccubus v2.50 releases: automated vulnerability scanning, reporting and analysis
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans.
On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.
Seccubus V2 works with the following scanners:
- Medusa (local and remote)
- Nikto (local and remote)
- NMap (local and remote)
- OWASP-ZAP (local and remote)
- Qualys SSL labs
- testssl.sh (local and remote)
It runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non-issues get ignored until they change. This causes a dramatic reduction in analysis time. Before the results of a vulnerability scan are imported into Seccubus they are first converted to the Intermediate Vulnerability Information Language (IVIL) format to make sure Seccubus can work with many different scanners.
This release brings new Alpine based docker containers and fixes a compatibility issue with MySQL/MariaDB version 8 and above.
- Seccubus containers are now built based on Alpine
- Minimal specialized docker containers available for front end, api, front end+api, perl and cron
- Seccubus rpm’s are now also being built for Fedora version 27 and 28
- RPMs for Fedora version 25 depricated
- Fixed building of supporting Centos v7 rpms
- #585 – Added default credentials to the readme file
- #660 – Sudo added to docker images
- #655 – Shell set to /bin/bash for user seccubus
- #662 – Fixing documentation typos
- #673 – PERL5LIB set to /opt/seccubus for seccubus user via debian package
Lead developer and original author: Frank Breedijk