TENDING_$type=grid$count=5$tbg=rainbow$meta=0$snip=0$rm=0$show=home

Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis

Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on...


Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans.

On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.

Seccubus 2.x is only actively developed and maintained branch and all support for Seccubus V1 has officially been dropped.

Seccubus V2 works with the following scanners:

  • Nessus
  • OpenVAS
  • Skipfish
  • Medusa (local and remote)
  • Nikto (local and remote)
  • NMap (local and remote)
  • OWASP-ZAP (local and remote)
  • SSLyze
  • Medusa
  • Qualys SSL labs
  • testssl.sh (local and remote)

For more information visit [Seccubus]


Seccubus Docker container

Usage

Running a full stack (db/app/frontend) in a single container. And get an interactive shell
[docker run -it seccubus/seccubus /bin/bash]
By default the container holds a mysql server that runs and stores data locally. If you want data persistency there are two options:
Connect the container to a remote mysql/MariaDB database with environment viariables:
[docker run -ti seccubus/seccubus -e DBHOST=dns.name.of.db.host \
-e DBPOSRT=3306 \
-e DBNAME=name.of.database \
-e DBUSER=db.username \
-e DBPASS=password \
/bin/bash]
Or, mount a data volume with a db directory on it
[mkdir data
mmdir data/db
docker run -it seccubus/seccubus -v ($pwd)/data:/opt/seccubus/data /bin/bash] 
Please be aware that you can only run one container at a time if you mount a local directory on /var/lib/mysql.

Running a scan

Run the following command to start the scan 'ssllabs' in workspace 'Example' (this workspace is created by default if you use the local mysql database)
[docker run -ti seccubus/seccubus scan Example ssllabs]
Please be aware that you need soem data persistency here or the data will be stored in a local database that will be deleted whent he container terminates

Running a scheduler

You can run a docker container as a scheduler. This will make it run cron and allow your crontab to execute scans.You can populate the crontab by either placing a file called crontab in the /opt/seccubus/data volume or puting the lines of you crontab in evironement variables starting with CRON_
[docker run -e "STACK=cron" -e "CRON_1=* 0 * * * bin/do-scan -w Example -s ssllabs" -ti seccubus/seccubus]
This will spin up a container that executes scan ssllabs from workspace Example at midnight every night. You can set the TZ vairable to control the timezone.

Controlling TLS certificates

The Seccubus container is TLS enabled by default. The environment variable TLS controls this behaviour. Of it is set to anything other then yes, TLS is turned off.
There are three ways to control the certificate:
  • Do nothing : Self signed certificates will be generated for you
  • Populate the variables TLSCERT and TLSKEY : The contents will be placed in /opt/seccubus/data/seccubus.pem and /opt/seccubus/data/seccubus.key and used
  • Put the certificates in the files seccubus.pem and seccubus.key on a data volume and mount it on /opt/seccubus/data
Show this help message
[docker run -ti seccubus/seccubus help]

Default command

If you don't specify a command to docker run
[docker run seccubus/seccubus]
The web server access log and error log will be tailed to the screen.

Other options

You can set the following environment variables:
  • STACK - Determines which part of the stack is run
    • full - Run everything
    • front - Start apache to serve the html/javascript frontend (this requires that the APIURL variable is set too)
    • api - Start apache to serve the json api at / (starts MariaDB too if required)
    • web - Start apache to serve both the html/javascript frontend and the json
    • perl - Do not start apache, just use this container as an perl backend
  • DBHOST, DBPORT, DBNAME, DBUSER, DBPASS - Database connection parameters
    • If DBHOST/DBPORT are set to 127.0.0.1/3306 the local MariaDB instance is started
  • APIURL - Path to the API url
    •  Set this if your set STACK to front to redirect the API calls to an alternative relative or absolute URL.
  • BASEURI - Base URI for seccubus
    • Server the application at the value provided
  • SMTPSERVER - IP address or host name of an SMTP server to be used for notifications
  • SMTPFROM - From address used in notifications
  • TICKETURL_HEAD/TICKETURL_TAIL - If these are set ticket numberrs will be linked to this URL
  • SSHKEY1, SSHKEY2, SSHKEY3 .. SSHKEY9
    • The content of this environment variable will stored in the file /opt/seccubus/.ssh/SSHKEY1 etc.
    • You can use this mechanism to provide ssh keys that are used to start remote scans
  • HTTP_AUTH_HEADER - Set the http authentication header
    • If you are using something like OpenAM to authenticate your users, this allows you to set which http request header contains the user that OpenAM detected
  • TZ - Set the timezone of the container
  • TLS - Controls TLS behaviour yes means TLS is on, otherwise TLS is off. TLS is on by default.
  • JIT_GROUP - Controls JIT provisioning of users
  • CRON_MAIL_TO - Mail cron messages to this addres
  • CRON_* - Add these lines to crontab in alphabetical order

Important Notice

For Educational and Informational Purposes Only.

The information contained in our Website, Programs, and Services is for educational and informational purposes only and is made available to you as self-help tools for your own use. I am not responsible for any kind of damage hardware and software and not liable for any kind of unethical activity.
Name

Amazon,1,Amazon Web Service,1,Auditing,2,AWS,1,BaRMIe,1,Books,1,Brup Suite Plugin,1,Burp Suite,1,Cloudflare,1,CSRF,1,CVE,1,Cyber Crime,1,CyberScan,1,Data Breach,1,DumpsterFire Toolset,1,EllaScanner,1,Enumeration Tool,1,Exploit Pack,1,Exploiting,1,Github,1,Information Gathering,1,Kali Linux,1,Linux,4,Mac OS X,2,News,1,OWASP,1,Pentesting,2,Pentesting Framework,2,Privilege Escalation,1,Python Keylogger,1,Reflector,1,Reptile,1,Rootkit,1,Scanner,2,Seccubus,1,Security,2,theHarvester,1,Tools,17,VHostScan,1,Vulnerability,2,WAF,1,Whole Foods Market Breached,1,Windows,3,XSS,1,ZAP,1,
ltr
item
Exploitable — Cyber Security News & Hacking Tools: Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis
Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmqTFZo-pvfxzZBFsgjpXFUtO9HQbJhzb3pDZc-SaoBpgDyRyGo0ynBpUM3OrWwG5jKYfVO2fUNFzL_TPWc9Vj7nUZ-ZgVMGZEudhiV0UwUZDYRjuDRHfJhSfQbTlnO2AZXicKqHYWetY/s320/seccubus-easy-automated-vulnerability-scanning-reporting-and-analysis.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmqTFZo-pvfxzZBFsgjpXFUtO9HQbJhzb3pDZc-SaoBpgDyRyGo0ynBpUM3OrWwG5jKYfVO2fUNFzL_TPWc9Vj7nUZ-ZgVMGZEudhiV0UwUZDYRjuDRHfJhSfQbTlnO2AZXicKqHYWetY/s72-c/seccubus-easy-automated-vulnerability-scanning-reporting-and-analysis.png
Exploitable — Cyber Security News & Hacking Tools
https://exploitables.blogspot.com/2017/10/seccubus-vulnerability-scanner.html
https://exploitables.blogspot.com/
https://exploitables.blogspot.com/
https://exploitables.blogspot.com/2017/10/seccubus-vulnerability-scanner.html
true
8536886516600496120
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy