Why Seccubus?

Anyone who has ever used a vulnerability scanner like Nessus or OpenVAS will be familiar with one of their biggest drawbacks. They a very valuable tools, but unfortunately they are also very noisy. The time needed to report on the findings of a scan is often two or three times the time needed to do the actual scan. Seccubus was created to more effectively analyze the results of regular vulnerability scans. It was designed with defenders in mind who have to scan the same infrastructure regularly.

How does it work?

Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatic reduction in analysis time. Before the results of a vulnerability scan are imported into Seccubus they are first converted to the Intermediate Vulnerability Information Language (IVIL) format to make sure Seccubus can work with many different scanners


More news...