JavaScript Perl HTML Shell CSS Batchfile Other
Latest commit 7acc04f Dec 28, 2017 @seccubus seccubus (#632)
* We now support as a scanner
Failed to load latest commit information.
.circleci On classname? Dec 13, 2017
bin Fixes #588 and fixes #589 - Thanks @alirezakv Dec 6, 2017
db Copyright year fixes Sep 27, 2017
deb Fixing signature of deb packages (#609) Nov 15, 2017
docker-files Fixed #615 - Docker: when the database was on the data volume the dat… Dec 6, 2017
docs Copyright fix Jul 12, 2016
etc (#632) Dec 28, 2017
jmvc (#632) Dec 28, 2017
lib Do-scan and import-ivi log messages to syslog Nov 1, 2017
obs ppc builds need at lease 1200k of java stack memory Mar 29, 2016
rpm Make sure packages actually have the correctly formatted name on el7 Dec 14, 2017
scanners (#632) Dec 28, 2017
t Improved testing on CircleCI (#627) Dec 12, 2017
templates Moving mojo to the mail branch and fixing unit tests May 18, 2017
testdata Make unit tests happy again! Jun 23, 2017
.editorconfig Yeah... YML :( Sep 26, 2017
.gitignore Vagrant for testing rpm packages Jun 14, 2017
.mailmap Enter theodoor (#628) Dec 13, 2017 Create (#624) Dec 12, 2017 Version v2.46 (#629) Dec 14, 2017
Dockerfile Add copyright Sep 24, 2017
LICENSE.txt Added headers to all files possible Mar 11, 2013
Makefile.PL Build RPMs and DEBs on CircleCI upload to Package Cloud (#601) Nov 6, 2017
NOTICE.txt Front end is working again via Docker. You can log into the GUI now Jun 6, 2017 (#632) Dec 28, 2017 New development release Dec 14, 2017
Vagrantfile Fixes #539 Sep 6, 2017
build_all Copyright year fixes Sep 27, 2017
build_jmvc Copyright year fixes Sep 27, 2017
build_jmvc_docs Copyright year fixes Sep 27, 2017 Fixed some docker related issues Oct 19, 2017 Adding Perl:Critic to unit tests and fixing it's critique Jun 23, 2017
public Container is now working as it should be! Jun 7, 2017 Login and logout is working in the GUI as well!! May 30, 2017
unit_test_jmvc Added headers to all files possible Mar 11, 2013

About Seccubus

Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans.

On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.

Seccubus 2.x is the only actively developed and maintained branch and all support for Seccubus V1 has officially been dropped.

Seccubus V2 works with the following scanners:

  • Nessus
  • OpenVAS
  • Skipfish
  • Medusa (local and remote)
  • Nikto (local and remote)
  • NMap (local and remote)
  • OWASP-ZAP (local and remote)
  • SSLyze
  • Medusa
  • Qualys SSL labs
  • (local and remote)

For more information visit []

Seccubus Docker container


Running a full stack (db/app/frontend) in a single container. And get an interactive shell

docker run -it seccubus/seccubus /bin/bash

By default the container holds a mysql server that runs and stores data locally. If you want data persistency there are two options:

Connect the container to a remote mysql/MariaDB database with environment viariables:

docker run -ti seccubus/seccubus -e \
-e DBPOSRT=3306 \
-e DBNAME=name.of.database \
-e DBUSER=db.username \
-e DBPASS=password \

Or, mount a data volume with a db directory on it

mkdir data
mmdir data/db
docker run -it seccubus/seccubus -v ($pwd)/data:/opt/seccubus/data /bin/bash

Please be aware that you can only run one container at a time if you mount a local directory on /var/lib/mysql.

Running a scan

Run the following command to start the scan 'ssllabs' in workspace 'Example' (this workspace is created by default if you use the local mysql database)

docker run -ti seccubus/seccubus scan Example ssllabs

Please be aware that you need some data persistency here or the data will be stored in a local database that will be deleted whent he container terminates. An optional fourth parameter can be given to specify that the scan should only run on a certain weekday, e.g. to only run this scan on Monday, you can specify"

docker run -ti seccubus/seccubus scan Example ssllabs Mon

This is usefull for container ochestration, like e..g Kubernetes cron jobs.

Running a scheduler

You can run a docker container as a scheduler. This will make it run cron and allow your crontab to execute scans.You can populate the crontab by either placing a file called crontab in the /opt/seccubus/data volume or puting the lines of you crontab in evironement variables starting with CRON_

docker run -e "STACK=cron" -e "CRON_1=* 0 * * * bin/do-scan -w Example -s ssllabs" -ti seccubus/seccubus

This will spin up a container that executes scan ssllabs from workspace Example at midnight every night.

You can set the TZ vairable to control the timezone.

Controlling TLS certificates

The Seccubus container is TLS enabled by default. The environment variable TLS controls this behaviour. Of it is set to anything other then yes, TLS is turned off.

There are three ways to control the certificate:

  • Do nothing : Self signed certificates will be generated for you
  • Populate the variables TLSCERT and TLSKEY : The contents will be placed in /opt/seccubus/data/seccubus.pem and /opt/seccubus/data/seccubus.key and used
  • Put the certificates in the files seccubus.pem and seccubus.key on a data volume and mount it on /opt/seccubus/data

Show this help message

docker run -ti seccubus/seccubus help

Default command

If you don't specify a command to docker run

docker run seccubus/seccubus

The web server access log and error log will be tailed to the screen.

Other options

You can set the following environment variables:

  • STACK - Determines which part of the stack is run
    • full - Run everything
    • front - Start apache to serve the html/javascript frontend (this requires that the APIURL variable is set too)
    • api - Start apache to serve the json api at / (starts MariaDB too if required)
    • web - Start apache to serve both the html/javascript frontend and the json
    • perl - Do not start apache, just use this container as an perl backend
  • DBHOST, DBPORT, DBNAME, DBUSER, DBPASS - Database connection parameters
    • If DBHOST/DBPORT are set to the local MariaDB instance is started
  • APIURL - Path to the API url
    • Set this if your set STACK to front to redirect the API calls to an alternative relative or absolute URL.
  • BASEURI - Base URI for seccubus
    • Server the application at the value provided
  • SMTPSERVER - IP address or host name of an SMTP server to be used for notifications
  • SMTPFROM - From address used in notifications
  • TICKETURL_HEAD/TICKETURL_TAIL - If these are set ticket numberrs will be linked to this URL
    • The content of this environment variable will stored in the file /opt/seccubus/.ssh/SSHKEY1 etc.
    • You can use this mechanism to provide ssh keys that are used to start remote scans
  • HTTP_AUTH_HEADER - Set the http authentication header
    • If you are using something like OpenAM to authenticate your users, this allows you to set which http request header contains the user that OpenAM detected
  • TZ - Set the timezone of the container
  • TLS - Controls TLS behaviour yes means TLS is on, otherwise TLS is off. TLS is on by default.
  • JIT_GROUP - Controls JIT provisioning of users
  • CRON_MAIL_TO - Mail cron messages to this addres
  • CRON_* - Add these lines to crontab in alphabetical order

Change log

Changes of this branch vs the latest/previous release

x-x-2018 - v2.47 - Development release

Defferences with 2.46


  • Seccubus now support as a scanning platform
  • Added parsing of the ROBOT (bleichenbacher) attack to the SSLlabs scanner
  • Added a dev environment example config

Bug Fixes