Easy automated vulnerability scanning, reporting and analysis
Hello! It is the first Seccubus release made by Glanc team. Mostly bug fixes.
Differences with 2.50
This release brings new Alpine based docker containers and fixes a compatibility issue with MySQL/MariaDB version 8 and above.
Differences with 2.48
This release is fully compatible with the Tenable.io vulnerability management platform.
Differences with 2.46
This release adds RPM support for RedHat 7 and CentOS 7. Because Mojolicious and some of its dependancies were not available as RPM on any of the standard repos for el7 we are also buildign these RPMs as part of our el7 build street now and are pushing these packages to our packagecloud.io repository. This makes tweaks like this one by @Ar0xA unneccasary.
You can download the .deb Debian package and RPMs for Redhat / Centos 7 and Fedora via https://packagecloud.io/seccubus/releases
This release clean up technical debt. Package building has been moved from OpenSuse Build Services to CicleCI and packages now automatically are uploade to our PackageCloud repositories. Here you will find two repositories:
You can configure these repositories on your operating system to include Seccubus upgrades in your regular package updates.
Three major improvements in this release:
This release mainly fixes installation issues on Debian and issue in docker that are due to the PERL5LIB path that doesn't include the current directory anymore. It also fixes the issue where people were unable to connect to a Nessus instance with a self signed certificate that was trigged by altered behaviour of a perl library. I've also fixed and tweaked the user interface a bit.
We've fixed various bug and implemented some enhancements in this version.
Bug Fixes
This release has been in the making for a long time. In fact the first pull request for it's main feature was back in June 2016 by our friend and then colleague Glenn ten Cate.
This release marks the integration of Dirk Wetter's excellent tool testssl.sh into Seccubus. With testssl.sh you can get a detailed overview of how well your TLS enabled service is set up. Not just for websites, but for any TCP service, even those that use STARTTLS.
In addition we introduced the --cdn switch for ssllabs, to reduce noise for CDN enabled sites, we the ability to dynamically create users via JIT provisionsing and we added CSRF protection for enhanced security.
To boost future code quality, Perl::Critic testing has been integrated in the unit testing process.
Besides that we squased some bugs, five of which got introduced in the previous release :(
#302 - Testssl.sh support for Seccubus #401 - JIT provisioning of users #442 - Add --cdn option to ssllabs
The Seccubus backend has been REST-ish ever since release v2.0. This web backend was implemented via Perl CGI scripts (yes, using CGI.pm). Needless to say something needed to change.
This backend rewrite has been in the making for some time now and we are finally ready to release it into the wild.
What are the major changes?