Seccubus

Easy Automated vulnerability scanning and reporting

Seccubus effectively reduces the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.

Why?

Anyone who has ever used Nessus or OpenVAS will be familiar with one of their biggest drawbacks. They a very valuable tools, but unfortunately it is also very noisy. The time needed to report on the findings of a scan will often be two or three times the time needed to do the actual scan. Seccubus was created in order to more effectively analyze the results of regular vulnerability scans of the same infrastructure.

How does it work?

Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI when findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatically reduction a analysis time.

Today I release Seccubus version 2.10 which I have dubbed ‘The Miami Vice’ edition because I’m currently visiting the Akamai Edge conference in Miami, FL.

This release has some new features and bug fixes, and you can download it here.

10-10-2014 – 2.10 – Miami vice edition
======================================
* Password fields are used to store passwords and hide them in de GUI (#127)
* Limited support for OpenVAS6 and OpenVAS7 thanks to @FGuillaume
* Python script by @Ar0Xa to email findings from a scan
* Fixed some bugs

Bug Fixes
============================================
* #96 – Incorrect temp file usage Nikto scanner
* #120 – Post install chcon action gives error
* #124 – Multi file attachments
* #125 – rpm dependancy name is wrong
* #127 – Passwords can be hidden in the GUI
* #134 – SSLlabs scanner did not handle submit errors
* #135 – Host name creation not handled correctly with SSLlabs
* #136 – Workspaces are now sorted by name
* Extra cache control headers because of Chrome

We’ve added support for Qualys SSLlabs to Seccubus and fixed a few bugs:

18-08-2014 – 2.9 – Qualys SSLlabs integration
=============================================
Seccubus can now fetch the results of www.ssllabs.com automatic scanner and monitor for deltas

Bug Fixes
============================================
* #122 – SSLlabs integration
* #120 – SELinux problem on RHEL6
* #99 – The ability to remote is not reflected in the scanner help text
* #67 – -o usage needs to be more specific for e.g. nikto and nmap scanner
* #63 – Scan table does not display scanner correctly
* #59 – Explanation of $ATTACH: in notifications is not very clear

Got to our Github page to download the binary package.

This version has a new scanner Medusa! Thnx to Arkanoi

Also SphaZ created a start for the Burp scanner implementation, thank you guys!

07-08-2014 – 2.8 - New Scanner Medusa
============================================
A couple of bugs are now fixed thanks to Arkanoi and SphaZ

Key new features / issues resolved
———————————-

Medusa is added to scanner tools thnx to Arkanoi
Added burp parser to ivil thnx to SphaZ

This version has a couple of bug fixes that are solved by Arkanoi and SphaZ, thank you guys.

21-05-2014 – 2.6 – Bug Fixes
============================================
A couple of bugs are now fixed thanks to Arkanoi and SphaZ

Key new features / issues resolved
———————————-
Large Nessus scans failed
Password are not masked on screen

Bugs fixed (tickets closed):
—————————-
Issue #105 – please mask scanner passwords
Issue #106 – long Nessus scan results are not loaded

This post will describe step by step how to configure Skipfish for Seccubus.

You can grab the latest release of Skipfish here:

https://code.google.com/p/skipfish/downloads/list

Before you compile the Skipfish src we need to edit 2 files so Skipfish can be used in Seccubus.
In my current setup the Seccubus files are located in /opt/seccubus and I’m going to install the Skipfish in the /opt

Edit the Skipfish config file located in the src/config.h of Skipfish and add the full path where you want use the Skipfish:

/* Default paths to runtime files: */

#define ASSETS_DIR                             “/opt/skipfish/assets”
#define DEF_WORDLIST                        “/opt/skipfish/skipfish.wl”

/* Default signature file */
#define SIG_FILE                                   “/opt/skipfish/signatures/signatures.conf”

Now make the Skipfish installation and when it’s compiled copy the skipfish dir to /opt
The last file we need to edit is the /opt/skipfish/signatures/signatures.conf and add the path prefix:

#############################################
##
## Master signature file.
### The mime signatures warn about server responses that have an interesting
# mime. For example anything that is presented as php-source will likely
# be interesting
include /opt/skipfish/signatures/mime.sigs

# The files signature will use the content to determine if a response
# is an interesting file. For example, a SVN file.
include /opt/skipfish/signatures/files.sigs

# The messages signatures look for interesting server messages. Most
# are based on errors, such as caused by incorrect SQL queries or PHP
# execution failures.
include /opt/skipfish/signatures/messages.sigs

# The apps signatures will help to find pages and applications who’s
# functionality is a security risk by default. For example, phpinfo()
# pages that leak information or CMS admin interfaces.
include /opt/skipfish/signatures/apps.sigs

# Context signatures are linked to injection tests. They look for strings
# that are relevant to the current injection test and help to highlight
# potential vulnerabilities.
include /opt/skipfish/signatures/context.sigs

Skipfish is now installed and ready to use in Seccubus.

It appears that in the last release there was a small hiccup with the severity rating and is now fixed.
This version has one new big feature, it implements the Skipfish Web-application scanner.

21-01-2014 – 2.5 – Scanner addon Skipfish
============================================
You can download the latest version from GitHub

Key new features
———————————-
Added Skipfish Web-application scanner to Seccubus scanner tools

Bugs fixed (tickets closed):
—————————-
#94 – Fix severity number

It appears that in my last release I broken Seccubus in a horrible way. When you updated a finding, the screen wasn’t automatically updated anymore.

This version has one feature, it restores the functionality that I broken.

 

I’m sorry, here are some ‘kroketten’ to make up for it… ;)

The case of the missing kroket, a CC SA image by Photocapy

You can download the latest version from GitHub

Release notes:

19-12-20134 - 2.4 - Screen updates, restored
============================================

Key new features / issues resolved
----------------------------------
A bug that broke the automatic updating of the GUI mast fixed

Bugs fixed (tickets closed):
----------------------------
#97 - Screen refresh doesn't work anywhere (basically)

Just after the performance release of version 2.2 we bring you Seccubus version 2.3 which improves on v2.2 in three important ways.

  • Version 2.2 introduced some bugs in the sorting of host fields and these bug have been removed
  • Version 2.x had a database connection stability issue which is fixes
  • Version 2.3 allows you to run Nmap and Nikto scans on remote hosts in addition to the local host

You can download the release from GitHub.

Here are the release notes:

19-10-2013 - 2.3 - Improved stability, Nmap and Nikto on remote hosts
=====================================================================

Key new features / issues resolved
----------------------------------
Seccubus now checks the state of the DBI handle before performing queries
Improved handling of Nessus 5.2 file format
Fixed some issues related to the new backend filters

Bugs fixed (tickets closed):
----------------------------
* #62 - Would like to be able to run Nmap/Nikto/SSLyze scans on a remote host
* #84 - Nessus critical findings got severity 0
* #87 - Hostname ordering was weird because of wildards for hostnames
* #88 - '*' is not selected in filters when no filter is given
* #89 - Scans fail to import due to database timeouts
* #90 - Hostnames are not sorted in filters, IP addresses are
* OBS build script now echos link to OBS project

I’m proud to announce the release of Seccubus 2.2 which fixes issue with Nessus 5.2.1 and later, unicode in .nessus files and brings a major performance increase.

This release can be downloaded from Github

Release notes:

15-10-2013 - 2.2 - Nessus 5.2.1, unicode and performance
========================================================

Key new features / issues resolved
----------------------------------
* Major performance increase by moving processing of sttus buttons and filters to backend
* Resolved an issue that cause incomptibility with Nessus API version 5.2.1 (Thanks Trelor)
* Resolved an issue around encoding of Unicode chracters in Nessus output
* Added shell script to execute crontab job only on a certain day
* Added shell script to execute crontab job only on a weeknumber that can be devided by a certain number
* Correct application of Apache license is now part of the unit tests
* Resolved some caching issues with IE

Bugs fixed (tickets closed):
----------------------------
* Issue #48 - Filters need to be processed in backend, not front end
* Issue #50 - Notification table not displayed on edit scan
* Issue #56 - IVIL conversion shell call needs qoutes around filename
* Issue #64 - New scan dialog shows 'new workspace' in title
* Issue #65 - Each CGI response header now invalidates caching
* Issue #66 - Username field too small
* Issue #72 - Apache license isn't applied correctly
* Issue #75 - Typo: datatbase in ConfigTest.pl
* Issue #77 - Seccubus incompatible with Nessus API 5.2.1
* Issue #78 - Unicode in nessus file breaks ivil import
* Issue #86 - getFilters API
* Updated dependancies in RPM

Today we release Seccubus 2.1 a bugfix release for the 2.0 version of Seccubus.

You can download it here

Release notes:

 

02-02-2012 - 2.1 - Bugfix release
=================================

Key new features / issues resolved
----------------------------------
* Bugfixes

Bigs fixed (tickets closed):
----------------------------
* Issue #50 & #51 - Scan notifications are not listed and cannot be editted
* Issue #52 - When running do-can with nmap as user seccubus with --sudo, chown on tmp files fails.
* Issue #53 - Broken path in debian package
* Issue #55 - Notifications table creates double header in certain cases

Copyright © 2009 Schuberg Philis.

All Rights Reserved.