Anyone who has ever used a vulnerability scanner like Nessus or OpenVAS will be familiar with one of their biggest drawbacks. They a very valuable tools, but unfortunately they are also very noisy. The time needed to report on the findings of a scan is often two or three times the time needed to do the actual scan. Seccubus was created to more effectively analyze the results of regular vulnerability scans. It was designed with defenders in mind who have to scan the same infrastructure regularly.
How does it work?
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatic reduction in analysis time. Before the results of a vulnerability scan are imported into Seccubus they are first converted to the Intermediate Vulnerability Information Language (IVIL) format to make sure Seccubus can work with many different scanners
What scanners are supported?
THe following scanners are supported:
- Qualys SSL labs
- Seccubus v2.40 - Various fixes and improvements
- Seccubus v2.38 - Various fixes and improvements
- Seccubus v2.36 - TestSSL release
- Seccubus v2.34 - Backend rewritten in Mojolicious
- Seccubus v2.32 - Fixup release of v2.30
- Seccubus v2.30 - Improved delta engine and import/export tools
- Seccubus v2.28 - The Docker edition
- Seccubus v2.26 - Speed improvements and a whole log of bugfixes
- Seccubus v2.24 - RPM and cert improvements
- Seccubus v2.22 - OpenVAS integration fixed