Main Menu
Thanks!
Login Form



welcome to the Seccubus site.

Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting.

Seccubus effectively reduces the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.

Why?

Anyone who has ever used Nessus or OpenVAS will be familiar with one of their biggest drawbacks. They a very valuable tools, but unfortunately it is also very noisy. The time needed to report on the findings of a scan will often be two or three times the time needed to do the actual scan. Seccubus was created in order to more effectively analyze the results of regular vulnerability scans of the same infrastructure.

How does it work?

Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI when findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatically reduction a analysis time.

Seccubus v1.5.2 - If at first....

PostDateIconThursday, 02 September 2010 09:57 | PostAuthorIconWritten by Frank Breedijk | PDF Print E-mail

Seccubus v1.5.2 released

If at first you don't succeed. Unfortunatly there was an error in both Seccubus 1.5.0 and Seccubus 1.5.1. We finally think we god the issues nailed.

Also this release also contains the scanmonitor script provided by Isac Balder (see http://dc214.defcon.org/notes/scanmonitor.pl)

1-9-2010
Seccubus v1.5.2 - If at first you don't succeed...

Added Scanmonitor by Isac Balder
See: http://dc214.defcon.org/notes/scanmonitor.pl

Provided RELEASENOTES.txt

Ticket [ 3057382 ] - RPM assumes dependancies on nessus and mod_perl

The RPM installed assumed dependancies on nessus and mod_perl. While most use
of Seccubus is with nessus, it can also be used with OpenVAS and/or Nikto
without havving nessus installed, so this is not a hard dependancy

Ticket [ 3057381 ] - CONFIG path wrong in config.dist

In config.dist the CONFIG variable was set to /home/seccubus/bin this should
have read /home/seccubus/etc. Kudos to Stephen Stormont for spotting this.

 

 

Upgrading from .tar.gz to .rpm release

PostDateIconMonday, 30 August 2010 11:01 | PostAuthorIconWritten by Frank Breedijk | PDF Print E-mail

Please find below the notes on upgrading to the .release from a .tar.gz release a provided by Peter Slootweg the package maintainer for the rpms.

Seccubus is available as rpm starting from version 1.5.0. To be compliant with
the LSB, a few changes have to be made to the layout of Seccubus. No problem of
course if you're just starting with Seccubus, but if you already have an
install, a few changes have to be made.

    /home/seccubus            => /opt/Seccubus
    /home/seccubus/www        => /opt/Seccubus/www
    /home/seccubus/bin        => /opt/Seccubus/bin

    /home/seccubus/var        => /var/lib/Seccubus
    /home/seccubus/etc/config => /etc/Seccubus/config

Of these, only the 'var' and the 'config' are site specific. If you move your
scan data from /home/seccubus/var to /var/lib/Seccubus and update
/etc/Seccubus/config to match your /home/seccubus/etc/config, all should be
fine.
The rpm install adds a config file to apache (/etc/httpd/conf.d/Seccubus.conf).
Make sure you remove (or adapt) your previous apache config.
 

Seccubus 1.5.1 - Released

PostDateIconMonday, 30 August 2010 10:39 | PostAuthorIconWritten by Frank Breedijk | PDF Print E-mail

Seccubus release 1.5.1 is uploaded to SourceForge

I just uploaded Seccubus 1.51. and the associated RPMs to SourceForge.  This version addresses a critical non-security bug in Seccubus 1.5.0. Download it here.

 

EuroTrash Security Podcast interview

PostDateIconMonday, 30 August 2010 10:17 | PostAuthorIconWritten by Frank Breedijk | PDF Print E-mail

I was interviewed by Chris John Riley for MicroTrash episode 13 (go figure). You can listen to it here, or better, subscribe to EuroTrash Security podcast in iTunes.

 

Having trouble after ungrading to Seccubus 1.5.0?

PostDateIconFriday, 27 August 2010 15:55 | PostAuthorIconWritten by Frank Breedijk | PDF Print E-mail

There have been some reports about troubles after upgrading from Seccubus 1.4 and earlier to version 1.5.0

I have analysed what causes these problems and have found the following: In order to support installation via RPM we had to alter a few things. In the original design the etc and var directories lived directly below the Seccubus home directory, but OS maintainers like to break this apart. They like to e.g. stor the var directory in /var/lib/Seccubus and the etc durectory in /etc/Seccubus. In order to facilitate this the reference to $HOME or $ENV{HOME} in certain scripts have been to explicit references to these directories in both the software and the configuration.

Those users upgrading from a previous version are lacking these configuration items in their etc/config file. THe missing entires are:

VAR=$HOME/var                           # This is where the 'database' lives
BIN=$HOME/bin                           # This is where the binaries live
CONFIG=$HOME/bin                        # This is where the config lives

If you add these three lines to your configuration file scanning with Seccubus should work as expected again.

There is also an issue with viewing idividual findigns (view_finding.pl call) in the web interface. An emergency release hto adress this issue has been uploaded to SourceForge (tar.gz verison only)

Sorry - On Australia Day a Creative Commons SHare Alike picutre from Dave Keeashan's fotostream

Last Updated (Monday, 30 August 2010 11:01)

 
More Articles...
feed-image

Copyright © 2009 Schuberg Philis.
All Rights Reserved.

Joomla template created with Artisteer.