Anyone who has ever used a vulnerability scanner like Nessus or OpenVAS will be familiar with one of their biggest drawbacks. They a very valuable tools, but unfortunately they are also very noisy. The time needed to report on the findings of a scan is often two or three times the time needed to do the actual scan. Seccubus was created to more effectively analyze the results of regular vulnerability scans. It was designed with defenders in mind who have to scan the same infrastructure regularly.
How does it work?
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatic reduction in analysis time. Before the results of a vulnerability scan are imported into Seccubus they are first converted to the Intermediate Vulnerability Information Language (IVIL) format to make sure Seccubus can work with many different scanners
What scanners are supported?
THe following scanners are supported:
- Qualys SSL labs
- Seccubus v2.26 - Speed improvements and a whole log of bugfixes
- Seccubus v2.24 - RPM and cert improvements
- Seccubus v2.22 - OpenVAS integration fixed
- Seccubus v2.20 - What is the Issue?
- Seccubus v2.18 Notifications fix
- Seccubus v2.17 GNU Terry Pratchett (Fixed!)
- Seccubus v2.16 GNU Terry Pratchett
- Seccubus v2.15 - Summertime bug fixes
- Seccubus mentioned on the SSL labs website
- Seccubus now supports scanning via the Qualys SSL labs API