About Seccubus

Seccubus automates regular vulnerability scans with vrious tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans.

On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.

Seccubus 2.x is the only actively developed and maintained branch and all support for Seccubus V1 has officially been dropped.

Seccubus V2 works with the following scanners:

Nessus
OpenVAS
Skipfish
Medusa (local and remote)
Nikto (local and remote)
NMap (local and remote)
OWASP-ZAP (local and remote)
SSLyze
Medusa
Qualys SSL labs

For more information visit [www.seccubus.com]

Seccubus Docker container

Usage

Running a full stack (db/app/frontend) in a single container. And get an interactive shell

docker run -it seccubus /bin/bash

By default the container holds a MariaDB server that runs and stores data locally. If you want data persistency there are two options:

Mount a local filesystem to /var/lib/mysql

docker run -it seccubus -v /some/local/dir:/var/lib/mysql /bin/bash

Please be aware that you can only run one container at a time if you mount a local directory on /var/lib/mysql.

Alternativly you cloud connect the container to a remote mysql/MariaDB database with environment viariables:

docker run -ti seccubus -e DBHOST=dns.name.of.db.host \
-e DBPOSRT=3306 \
-e DBNAME=name.of.database \
-e DBUSER=db.username \
-e DBPASS=password \
/bin/bash

Running a scan

Run the following command to start the scan 'ssllabs' in workspace 'Example' (this workspace is created by default if you use the local mysql database)

docker run -ti seccubus scan Example ssllabs

Please be aware that you need soem data persistency here or the data will be stored in a local database that will be deleted whent he container terminates

Running a scheduler

You can run a docker container as a scheduler. This will make it run cron and allow your crontab to execute scans.You can populate the crontab by either placing a file called crontab in the /opt/seccubus/data volume or puting the lines of you crontab in evironement variables starting with CRON_

dockjer run -e "STACK=cron" -e "CRON_1=* 0 * * * bin/do-scan -w Example -s ssllabs" -ti seccubus

This will spin up a container that executes scan ssllabs from workspace Example at midnight every night.

You can set the TZ vairable to control the timezone.

Show this help message

docker run -ti seccubus help

Default command

If you don't specify a command to docker run

docker run seccubus

The apache access log and error log will be tailed to the screen.

Other options

You can set the following environment variables:

STACK - Determines which part of the stack is run
- full - Run everything
- front - Start apache to serve the html/javascript frontend (this requires that the APIURL variable is set too)
- api - Start apache to serve the json api at / (starts MariaDB too if required)
- web - Start apache to serve both the html/javascript frontend and the json
- perl - Do not start apache, just use this container as an perl backend
DBHOST, DBPORT, DBNAME, DBUSER, DBPASS - Database connection parameters
- If DBHOST/DBPORT are set to 127.0.0.1/3306 the local MariaDB instance is started
APIURL - Path to the API url
- Set this if your set STACK to front to redirect the API calls to an alternative relative or absolute URL.
BASEURI - Base URI for seccubus
- Server the application at the value provided
SMTPSERVER - IP address or host name of an SMTP server to be used for notifications
SMTPFROM - From address used in notifications
TICKETURL_HEAD/TICKETURL_TAIL - If these are set ticket numberrs will be linked to this URL
- E.g. TICKERURL_HEAD = https://jira.example.com/projects/SECC/issues/
- TICKERURL_TAIL = ?filter=allopenissues
- Ticket SECC-666 would be linked to https://jira.example.com/projects/SECC/issues/SECC-666?filter=allopenissues
SSHKEY1, SSHKEY2, SSHKEY3 .. SSHKEY9
- The content of this environment variable will stored in the file /opt/seccubus/.ssh/SSHKEY1 etc.
- You can use this mechanism to provide ssh keys that are used to start remote scans
HTTP_AUTH_HEADER - Set the http authentication header
- If you are using something like OpenAM to authenticate your users, this allows you to set which http request header contains the user that OpenAM detected
TZ - Set the timezone of the container

Change log

Changes of this branch vs the latest/previous release

xx-x-2017 - 2.29 -

Enhancements

#126 - Delta engine improved: Beter recovery from GONE findings
#408 - Seccubus now refuses to load an ivil file with 0 findings
#412 - Disabled tofu to enhance Docker support
#419 - Enable crontab support in docker images

Bug Fixes

#403 - SSLlabs scanner help file was not up to date
#414 - Mkdir error will no longer appear if entrypoint.sh is run twice

Name		Name	Last commit message	Last commit date
Latest commit History 1,493 Commits
SeccubusV2		SeccubusV2
bin		bin
db		db
deb		deb
docker-files		docker-files
docs		docs
etc		etc
jmvc		jmvc
json		json
obs		obs
rpm		rpm
scanners		scanners
t		t
t_install		t_install
testdata		testdata
www		www
.gitignore		.gitignore
.mailmap		.mailmap
.travis.yml		.travis.yml
AUTHORS.txt		AUTHORS.txt
ChangeLog.md		ChangeLog.md
Dockerfile		Dockerfile
HEADERS.txt		HEADERS.txt
LICENSE.txt		LICENSE.txt
MANIFEST.SKIP		MANIFEST.SKIP
Makefile.PL		Makefile.PL
NOTICE.txt		NOTICE.txt
README.md		README.md
SeccubusV2.pm		SeccubusV2.pm
build_jmvc		build_jmvc
build_jmvc_docs		build_jmvc_docs
docker-install.sh		docker-install.sh
install.pl		install.pl
make_dist		make_dist
make_tarball		make_tarball
unit_test_jmvc		unit_test_jmvc
update_version.pl		update_version.pl

License

arkenoi/Seccubus_v2

Folders and files

Latest commit

History

Repository files navigation