Seccubus started with an off-hand remark by my colleague, Anton Opgenoort, that surely it would not be ‘that difficult to put Nessus in a crontab’. Now, 12+ years later I feel that the time has come for me to say goodbye to it. It has become increasingly hard to combine working on this open source project with my current role as CISO. Additionally, Tennable’s decision to cripple the Nessus API beyond usefulness and defacto giving up on my use-case and the subsequent (right) decision of the Schuberg Philis security team to adopt an alternative vulnerability management solution have led me to the inevitable decision to abandon my darling and put her up for adoption.

Working on Seccubus has always been a “safety blanket” for me. A talk I could focus on an calm myself whenever I needed to take mental “time off.” Besides that it has brought me a lot:

• When I first tried to show Nessus results in a web UI, I got a popup stating ‘Alert XSS’. I learned two valuable lessons that day. You can be both part of the solution and the problem at the same time. And, being a security professional doesn’t make you immune to writing insecure code.
• When we first released ‘autonessus’ at the NLUUG spring conference in 2008, I became Schuberg Philis’ first open source author. Something which later became a part of our standard labor agreement.
• I was also the first employee to get a ‘cease and desist’ letter a year or so later, because Tennable had to protest against the name AutoNessus, which was, obviously, too close to their trademark Nessus
• Hence at Confidence 2009, I renamed to tool to Seccubus.
• I got to meet an awesome bunch of people, like Steven Launius who helped me rewrite the web UI. And Alexander Smirnoff who also contributed a lot of good ideas and code. And many more.
• I got to speak at DefCon, Black Hat, Hack in the Box and many more conferences.

I’m hoping that somebody from the community or the current users of Seccubus will be kind enough to adopt the project. Ping me if you are interested.