9-5-2018 - v2.48 - Tenable.io compatibility and more

@seccubus seccubus released this May 9, 2018 · 4 commits to master since this release

This release is fully compatible with the Tenable.io vulnerability management platform.

Differences with 2.46

Enhancements

  • Seccubus now support Tenable.io as a scanning platform
  • Added parsing of the ROBOT (bleichenbacher) attack to the SSLlabs scanner
  • Added a dev environment example config
  • Increased the size of the scannerparam field in the database

Bug Fixes

  • #635 - Hypnotoad path was set incorrectly in systemd startup script on CentOS 7
  • #642 - Updated readme to address how to run a scan on a running container
  • Fixed an error in the Docker examples in README.md
  • Added zip to the docker image because it is needed for import/export

v2.46 - RedHat 7 / Centos 7 packages

@seccubus seccubus released this Dec 14, 2017 · 25 commits to master since this release

14-12-2017 - v2.46 - RedHat 7 / Centos 7 packages

This release adds RPM support for RedHat 7 and CentOS 7. Because Mojolicious and some of its dependancies were not available
as RPM on any of the standard repos for el7 we are also buildign these RPMs as part of our el7 build street now and are
pushing these packages to our packagecloud.io repository. This makes tweaks like this one by @Ar0xA unneccasary.

Enhancements

  • Added support for RedHat 7 / CentOS 7 RPM packages. With the extra needed packages being added to packagecloud.io

Bug Fixes

  • #588 - Fix Nmap Plugin ID leak (Thanks @alirezakv)
  • #589 - Fix OpenVAS scan execution bug with only 1 target defined (Thanks @alirezakv)
  • #603 - Nessus scan fails when pdf files cannot be exported (Thanks @Ar0xA)
  • #615 - Docker: when the database was on the data volume the database failed to start
  • #617 - Nikto scanner gives unintended error output
  • Theodoor Scholte fixed some typos in the scanner scripts (Thanks!)
  • Streamlined CircleCI unit testing

You can download the .deb Debian package and RPMs for Redhat / Centos 7 and Fedora via https://packagecloud.io/seccubus/releases

v2.44 - PackageCloud release

@seccubus seccubus released this Nov 15, 2017 · 68 commits to master since this release

This release clean up technical debt. Package building has been moved from OpenSuse Build Services to CicleCI
and packages now automatically are uploade to our PackageCloud repositories.
Here you will find two repositories:

  • Latest - Follows the latest code that gets merged into the master branch
  • Releases - Follows the regular releases

You can configure these repositories on your operating system to include Seccubus upgrades in your regular package updates.

Enhancements

  • #597 - do-scan and import ivil now log to syslog
  • #605 - Container scan command allows scans to only starts on a certain weekday
  • Fedora, Ubuntu and Debian package building has been moved to CircleCI
  • Packages are automatically uploaded to packagecloud.io

Bug Fixes

  • #593 - Fixed incorrect parsing of the values for poodleTls finding in SSLlabs.
  • #595 - Fixed incorrect parsing of the values for Ticketbleed finding in SSLlabs.

v2.42 - Kali, Certificate validation and State Engine

@seccubus seccubus released this Oct 24, 2017 · 86 commits to master since this release

Three major improvements in this release:

  • It fixes a big issue with the validation of SSL certificates. Certificate validation was cot correctly turned off in the Nessus scanner when an internal scanner is used
  • Debian packages now work on Debian, Ubuntu and Kali
  • The state engine still had a bug when findings needed to recover from the Gone status

Enhancements

  • Unit testing moved from Circle CI v1.0 to CircleCI v2.0 to increase testing speed
  • Now also building .deb file on Circle CI and testing them against debian v8 and v9, Ubuntu and Kali Linux

Bug Fixes

  • #580 - --cdn option did not add IPs to finding if findings were not consitent across endpoints
  • #572 - Issues with disabling SSL verification in Nessus
  • #571 - @shoekstra fixed: testssl scan fails on docker because hexdump is not installed
  • #563 - Fixed an issue with picking the wrong color for notes (Severity 4)
  • #533 - Installation of .deb package on Kali failed (Thanks @rhertzog)
  • #509 - Fixed a bug in the state engine, causing incorrect recovery from gone when an issue was previously closed
  • Fixed an issue where duplicate asset_hosts were created on certain platforms (e.g. docker)
  • Fixed an issue in how filters were composed if
  • Removed debug output from entrypoint.sh
  • Fixed git complaining about unrelated histories