Anyone who has ever used a vulnerability scanner like Nessus or OpenVAS will be familiar with one of their biggest drawbacks. They a very valuable tools, but unfortunately they are also very noisy. The time needed to report on the findings of a scan is often two or three times the time needed to do the actual scan. Seccubus was created to more effectively analyze the results of regular vulnerability scans. It was designed with defenders in mind who have to scan the same infrastructure regularly.
How does it work?
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatic reduction in analysis time. Before the results of a vulnerability scan are imported into Seccubus they are first converted to the Intermediate Vulnerability Information Language (IVIL) format to make sure Seccubus can work with many different scanners
What scanners are supported?
The following scanners are supported:
- Time to kill (let go off) a darling
- Seccubus v2.50 - Alpine docker containers
- Seccubus v2.48 - Tenable.io compatibility and more
- Seccubus v2.46 - Packages for RedHat/Centos 7
- Seccubus v2.44 - PackageCloud release
- Seccubus v2.42 - Kali, Certificate validation and State Engine
- Seccubus v2.40 - Various fixes and improvements
- Seccubus v2.38 - Various fixes and improvements
- Seccubus v2.36 - TestSSL release
- Seccubus v2.34 - Backend rewritten in Mojolicious