{"@attributes":{"version":"2.0"},"channel":{"title":{},"description":"Easy Automated vulnerability scanning and reporting","link":"https:\/\/www.seccubus.com","item":[{"title":"Seccubus v2.52 - Varna release","description":"<p>We just released a new Seccubus version, you can download it from <a href=\"https:\/\/packagecloud.io\/seccubus\/releases\">PackageCloud<\/a> or from <a href=\"https:\/\/github.com\/seccubus\/seccubus\/releases\/latest\">GitHub<\/a><\/p>\n\n<h1 id=\"5-11-2018---v252---varna-release\">5-11-2018 - v2.52 - Varna release<\/h1>\n<p>A bugfix release \u2013 and we are happy to announce that Seccubus is now maintaned by Glanc, ltd team. Expect more news soon!<\/p>\n\n<p>Differences with 2.50<\/p>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li>Integration tests (testssl.sh and ssllabs) now only run when commits are merged into master<\/li>\n  <li>Switched from mysql-server to mariadb-server as a dependancy on Debian based systems<\/li>\n  <li>Online version check is now served from the main seccubus.com website<\/li>\n<\/ul>\n\n<h2 id=\"bug-fixes\">Bug Fixes<\/h2>\n<ul>\n  <li>#678 - Works on Mojolicious 8 again<\/li>\n  <li>#680 - RPMs are now signed again<\/li>\n  <li>#685 - Test 54 did not initialize DB before test start<\/li>\n  <li>#686 - New key staplingRevocationStatus added to ssllabs scanner<\/li>\n  <li>#688 - RPM now requires openssl so fresh installs on EL listen on https too<\/li>\n  <li>Added some test time dependancies to testssl unit test in CircleCI<\/li>\n  <li>Failing unit tests for ssllabs and testssl have been fixed again<\/li>\n<\/ul>\n","pubDate":"Wed, 05 Jun 2019 00:00:00 +0200","link":"https:\/\/www.seccubus.com\/2019\/06\/05\/2.52-Varna\/","guid":"https:\/\/www.seccubus.com\/2019\/06\/05\/2.52-Varna\/"},{"title":"Time to kill (let go off) a\u00a0darling","description":"<p><img src=\"\/assets\/seccubus_logo_smallest.png\" alt=\"Seccubus logo\" \/><\/p>\n\n<p>Seccubus started with an off-hand remark by my colleague, Anton Opgenoort, that surely it would not be \u2018that difficult to put Nessus in a crontab\u2019. Now, 12+ years later I feel that the time has come for me to say goodbye to it. It has become increasingly hard to combine working on this open source project with my current role as CISO. Additionally, Tennable\u2019s decision to cripple the Nessus API beyond usefulness and defacto giving up on my use-case and the subsequent (right) decision of the Schuberg Philis security team to adopt an alternative vulnerability management solution have led me to the inevitable decision to abandon my darling and put her up for adoption.<\/p>\n\n<p>Working on Seccubus has always been a \u201csafety blanket\u201d for me. A talk I could focus on an calm myself whenever I needed to take mental \u201ctime off.\u201d Besides that it has brought me a lot:<\/p>\n<ul>\n  <li>When I first tried to show Nessus results in a web UI, I got a popup stating \u2018Alert XSS\u2019. I learned two valuable lessons that day. You can be both part of the solution and the problem at the same time. And, being a security professional doesn\u2019t make you immune to writing insecure code.<\/li>\n  <li>When we first released \u2018autonessus\u2019 at the NLUUG spring conference in 2008, I became Schuberg Philis\u2019 first open source author. Something which later became a part of our standard labor agreement.<\/li>\n  <li>I was also the first employee to get a \u2018cease and desist\u2019 letter a year or so later, because Tennable had to protest against the name AutoNessus, which was, obviously, too close to their trademark Nessus<\/li>\n  <li>Hence at Confidence 2009, I renamed to tool to Seccubus.<\/li>\n  <li>I got to meet an awesome bunch of people, like Steven Launius who helped me rewrite the web UI. And Alexander Smirnoff who also contributed a lot of good ideas and code. And many more.<\/li>\n  <li>I got to speak at DefCon, Black Hat, Hack in the Box and many more conferences.<\/li>\n<\/ul>\n\n<p>I\u2019m hoping that somebody from the community or the current users of Seccubus will be kind enough to adopt the project. Ping me if you are interested.<\/p>\n","pubDate":"Fri, 03 May 2019 00:00:00 +0200","link":"https:\/\/www.seccubus.com\/2019\/05\/03\/Time-to-let-go\/","guid":"https:\/\/www.seccubus.com\/2019\/05\/03\/Time-to-let-go\/"},{"title":"Seccubus v2.50 - Alpine docker containers","description":"<p>We just released a new Seccubus version, you can download it from <a href=\"https:\/\/packagecloud.io\/seccubus\/releases\">PackageCloud<\/a> or from <a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/releases\/latest\">GitHub<\/a><\/p>\n\n<h1 id=\"5-11-2018---v250---seccubus-alpine\">5-11-2018 - v2.50 - Seccubus Alpine<\/h1>\n<p>This release brings new Alpine based docker containers and fixes a compatibility issue with MySQL\/MariaDB version 8 and above.<\/p>\n\n<p>The change to Alpine as the base images has resulted in a seriously smaller container size. Besides that we\u2019ve also published specialized containers that are smaller then the default container.<\/p>\n\n<table>\n  <thead>\n    <tr>\n      <th>Image name<\/th>\n      <th>Purpose<\/th>\n      <th>Contents<\/th>\n      <th>Badge<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr>\n      <td>seccubus<\/td>\n      <td>Run a full Seccubus stack in a single container<\/td>\n      <td>Perl code, web servers, cron daemon, scanning tools and MariaDB server<\/td>\n      <td><a href=\"https:\/\/microbadger.com\/images\/seccubus\/seccubus\" title=\"Get your own image badge on microbadger.com\"><img src=\"https:\/\/images.microbadger.com\/badges\/image\/seccubus\/seccubus.svg\" alt=\"\" \/><\/a><\/td>\n    <\/tr>\n    <tr>\n      <td>seccubus-front<\/td>\n      <td>Serving just the front end HTML, javascript and css<\/td>\n      <td>NGinx webserver and code. No database, cron daemon, scanning tools, perl code or database.<\/td>\n      <td><a href=\"https:\/\/microbadger.com\/images\/seccubus\/seccubus-front\" title=\"Get your own image badge on microbadger.com\"><img src=\"https:\/\/images.microbadger.com\/badges\/image\/seccubus\/seccubus-front.svg\" alt=\"\" \/><\/a><\/td>\n    <\/tr>\n    <tr>\n      <td>seccubus-web<\/td>\n      <td>Serving front and code and API simultaniously<\/td>\n      <td>Perl code, frontend HTML code. Cron daemon,  scanning tools or database.<\/td>\n      <td><a href=\"https:\/\/microbadger.com\/images\/seccubus\/seccubus-web\" title=\"Get your own image badge on microbadger.com\"><img src=\"https:\/\/images.microbadger.com\/badges\/image\/seccubus\/seccubus-web.svg\" alt=\"\" \/><\/a><\/td>\n    <\/tr>\n    <tr>\n      <td>seccubus-api<\/td>\n      <td>Serving just the API.<\/td>\n      <td>Perl code. No front end code, cron daemon, scanning tools or database.<\/td>\n      <td><a href=\"https:\/\/microbadger.com\/images\/seccubus\/seccubus-api\" title=\"Get your own image badge on microbadger.com\"><img src=\"https:\/\/images.microbadger.com\/badges\/image\/seccubus\/seccubus-api.svg\" alt=\"\" \/><\/a><\/td>\n    <\/tr>\n    <tr>\n      <td>seccubus-perl<\/td>\n      <td>Running command line scripts, e.g. to scan<\/td>\n      <td>Perl code, scanning tools. No front end code, cron deamon or database<\/td>\n      <td><a href=\"https:\/\/microbadger.com\/images\/seccubus\/seccubus-perl\" title=\"Get your own image badge on microbadger.com\"><img src=\"https:\/\/images.microbadger.com\/badges\/image\/seccubus\/seccubus-perl.svg\" alt=\"\" \/><\/a><\/td>\n    <\/tr>\n    <tr>\n      <td>seccubus-cron<\/td>\n      <td>Running cron deamon to execute scans<\/td>\n      <td>Perl code, scanning tools and cron daemon. No front end code, or database.<\/td>\n      <td><a href=\"https:\/\/microbadger.com\/images\/seccubus\/seccubus-cron\" title=\"Get your own image badge on microbadger.com\"><img src=\"https:\/\/images.microbadger.com\/badges\/image\/seccubus\/seccubus-cron.svg\" alt=\"\" \/><\/a><\/td>\n    <\/tr>\n  <\/tbody>\n<\/table>\n\n<p>Differences with 2.48<\/p>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li>Seccubus containers are now built based on Alpine<\/li>\n  <li>Minimal specialized docker containers available for front end, api, front end+api, perl and cron<\/li>\n<\/ul>\n\n<h2 id=\"bug-fixes\">Bug Fixes<\/h2>\n<ul>\n  <li>Seccubus rpm\u2019s are now also being built for Fedora version 27 and 28<\/li>\n  <li>RPMs for Fedora version 25 depricated<\/li>\n  <li>Fixed building of supporting Centos v7 rpms<\/li>\n  <li>#585 - Added default credentials to the readme file<\/li>\n  <li>#660 - Sudo added to docker images<\/li>\n  <li>#655 - Shell set to \/bin\/bash for user seccubus<\/li>\n  <li>#662 - Fixing documentation typos<\/li>\n  <li>\n    <p>#673 - PERL5LIB set to \/opt\/seccubus for seccubus user via debian package<\/p>\n  <\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/635\">#635<\/a> - Hypnotoad path was set incorrectly in systemd<\/li>\n<\/ul>\n","pubDate":"Thu, 08 Nov 2018 00:00:00 +0100","link":"https:\/\/www.seccubus.com\/2018\/11\/08\/2.50-Alpine\/","guid":"https:\/\/www.seccubus.com\/2018\/11\/08\/2.50-Alpine\/"},{"title":"Seccubus v2.48 - Tenable.io compatibility and more","description":"<p>We just released a new Seccubus version, you can download it from <a href=\"https:\/\/packagecloud.io\/seccubus\/releases\">PackageCloud<\/a> or from <a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/releases\/latest\">GitHub<\/a><\/p>\n\n<h1 id=\"9-5-2018---v248---tenableio-compatibility-and-more\">9-5-2018 - v2.48 - Tenable.io compatibility and more<\/h1>\n<p>This release is fully compatible with the Tenable.io vulnerability management platform.<\/p>\n\n<p>Differences with 2.46<\/p>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li>Seccubus now support Tenable.io as a scanning platform<\/li>\n  <li>Added parsing of the ROBOT (bleichenbacher) attack to the SSLlabs scanner<\/li>\n  <li>Added a dev environment example config<\/li>\n  <li>Increased the size of the scannerparam field in the database<\/li>\n<\/ul>\n\n<h2 id=\"bug-fixes\">Bug Fixes<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/635\">#635<\/a> - Hypnotoad path was set incorrectly in systemd startup script on CentOS 7<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/642\">#642<\/a> - Updated readme to address how to run a scan on a running container<\/li>\n  <li>Fixed an error in the Docker examples in README.md<\/li>\n  <li>Added zip to the docker image because it is<\/li>\n<\/ul>\n","pubDate":"Wed, 09 May 2018 00:00:00 +0200","link":"https:\/\/www.seccubus.com\/2018\/05\/09\/2.48-Tenable.io\/","guid":"https:\/\/www.seccubus.com\/2018\/05\/09\/2.48-Tenable.io\/"},{"title":"Seccubus v2.46 - Packages for RedHat\/Centos 7","description":"<p>We just released a new Seccubus version, you can download it from <a href=\"https:\/\/packagecloud.io\/seccubus\/releases\">PackageCloud<\/a> or from <a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/releases\/latest\">GitHub<\/a><\/p>\n\n<h1 id=\"14-12-2017---v246---redhat-7--centos-7-packages\">14-12-2017 - v2.46 - RedHat 7 \/ Centos 7 packages<\/h1>\n<p>This release adds RPM support for RedHat 7 and CentOS 7. Because Mojolicious and some of its dependancies were not available\nas RPM on any of the standard repos for el7 we are also buildign these RPMs as part of our el7 build street now and are\npushing these packages to our <a href=\"https:\/\/packagecloud.io\/seccubus\">packagecloud.io<\/a> repository. This makes tweaks like <a href=\"https:\/\/t.co\/svO7z1RiRb\">this one<\/a> by @Ar0xA unneccasary.<\/p>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li>Added support for RedHat 7 \/ CentOS 7 RPM packages. With the extra needed packages being added to packagecloud.io<\/li>\n<\/ul>\n\n<h2 id=\"bug-fixes\">Bug Fixes<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/588\">#588<\/a> - Fix Nmap Plugin ID leak (Thanks @alirezakv)<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/589\">#589<\/a> - Fix OpenVAS scan execution bug with only 1 target defined (Thanks @alirezakv)<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/603\">#603<\/a> - Nessus scan fails when pdf files cannot be exported (Thanks @Ar0xA)<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/615\">#615<\/a> - Docker: when the database was on the data volume the database failed to start<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/617\">#617<\/a> - Nikto scanner gives unintended error output<\/li>\n  <li>Theodoor Scholte fixed some typos in the scanner scripts (Thanks!)<\/li>\n  <li>Streamlined CircleCI unit testing<\/li>\n<\/ul>\n","pubDate":"Thu, 14 Dec 2017 00:00:00 +0100","link":"https:\/\/www.seccubus.com\/2017\/12\/14\/2.46-RedHat-CentOS\/","guid":"https:\/\/www.seccubus.com\/2017\/12\/14\/2.46-RedHat-CentOS\/"},{"title":"Seccubus v2.44 - PackageCloud release","description":"<p>We just released a new Seccubus version, you can download it from <a href=\"https:\/\/packagecloud.io\/seccubus\/releases\">PackageCloud<\/a> or from <a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/releases\/latest\">GitHub<\/a><\/p>\n\n<h1 id=\"15-11-2017---v244---packagecloud-release\">15-11-2017 - v2.44 - PackageCloud release<\/h1>\n<p>This release cleans up technical debt. Package building has been moved from OpenSuse Build Services to CicleCI\nand packages now automatically are uploade to <a href=\"https:\/\/packagecloud.io\/seccubus\/\">our PackageCloud repositories<\/a>.<\/p>\n\n<p>Here you will find two repositories:<\/p>\n<ul>\n  <li><a href=\"https:\/\/packagecloud.io\/seccubus\/latest\">Latest<\/a> - Follows the latest code that gets merged into the master branch<\/li>\n  <li><a href=\"https:\/\/packagecloud.io\/seccubus\/releases\">Releases<\/a> - Follows the regular releases<\/li>\n<\/ul>\n\n<p>You can configure these repositories on your operating system to include Seccubus upgrades in your regular package updates.<\/p>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/597\">#597<\/a> - do-scan and import ivil now log to syslog<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/605\">#605<\/a> - Container scan command allows scans to only starts on a certain weekday<\/li>\n  <li>Fedora, Ubuntu and Debian package building has been moved to CircleCI<\/li>\n  <li>Packages are automatically uploaded to <a href=\"https:\/\/packagecloud.io\/seccubus\/\">packagecloud.io<\/a><\/li>\n<\/ul>\n\n<h2 id=\"bug-fixes\">Bug Fixes<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/593\">#593<\/a> - Fixed incorrect parsing of the values for poodleTls finding in SSLlabs.<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/595\">#595<\/a> - Fixed incorrect parsing of the values for Ticketbleed finding in SSLlabs.<\/li>\n<\/ul>\n","pubDate":"Wed, 15 Nov 2017 00:00:00 +0100","link":"https:\/\/www.seccubus.com\/2017\/11\/15\/2.44-PackageCloud\/","guid":"https:\/\/www.seccubus.com\/2017\/11\/15\/2.44-PackageCloud\/"},{"title":"Seccubus v2.42 - Kali, Certificate validation and State Engine","description":"<p>We just released a new Seccubus version, you can download it <a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/releases\/latest\">here<\/a><\/p>\n\n<h1 id=\"20-10-2017---v242---kali-certificate-validation-and-state-engine\">20-10-2017 - v2.42 - Kali, Certificate validation and State Engine<\/h1>\n<p>Three major improvements in this release:<\/p>\n<ul>\n  <li>It fixes a big issue with the validation of SSL certificates. Certificate validation was cot correctly turned off in the Nessus scanner when an internal scanner is used<\/li>\n  <li>Debian packages now work on Debian, Ubuntu and Kali<\/li>\n  <li>The state engine still had a bug when findings needed to recover from the Gone status<\/li>\n<\/ul>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li>Unit testing moved from Circle CI v1.0 to CircleCI v2.0 to increase testing speed<\/li>\n  <li>Now also building .deb file on Circle CI and testing them against debian v8 and v9, Ubuntu and Kali Linux<\/li>\n<\/ul>\n\n<h2 id=\"bug-fixes\">Bug Fixes<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/580\">#580<\/a> - \u2013cdn option did not add IPs to finding if findings were not consitent across endpoints<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/572\">#572<\/a> - Issues with disabling SSL verification in Nessus<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/571\">#571<\/a> - @SHoekstra fixed: testssl scan fails on docker because hexdump is not installed<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/563\">#563<\/a> - Fixed an issue with picking the wrong color for notes (Severity 4)<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/533\">#533<\/a> - Installation of .deb package on Kali failed (Thanks @rhertzog)<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/509\">#509<\/a> - Fixed a bug in the state engine, causing incorrect recovery from gone when an issue was previously closed<\/li>\n  <li>Fixed an issue where duplicate asset_hosts were created on certain platforms (e.g. docker)<\/li>\n  <li>Fixed an issue in how filters were composed if<\/li>\n  <li>Removed debug output from entrypoint.sh<\/li>\n  <li>Fixed git complaining about unrelated histories<\/li>\n<\/ul>\n","pubDate":"Tue, 24 Oct 2017 00:00:00 +0200","link":"https:\/\/www.seccubus.com\/2017\/10\/24\/2.42-kali-certs-sbg\/","guid":"https:\/\/www.seccubus.com\/2017\/10\/24\/2.42-kali-certs-sbg\/"},{"title":"Seccubus v2.40 - Various fixes and improvements","description":"<p>We just released a new Seccubus version, you can download it <a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/releases\/latest\">here<\/a><\/p>\n\n<h1 id=\"15-9-2017---v240---fixes-and-improvements\">15-9-2017 - v2.40 - Fixes and improvements<\/h1>\n\n<p>This release mainly fixes installation issues on Debian and issue in docker that are due to the PERL5LIB path\nthat doesn\u2019t include the current directory anymore.\nIt also fixes the issue where people were unable to connect to a Nessus instance with a self signed certificate\nthat was trigged by altered behaviour of a perl library.\nI\u2019ve also fixed and tweaked the user interface a bit.<\/p>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/539\">#539<\/a> - Status tab will become the default instead of the login tab if there is a config issue<\/li>\n<\/ul>\n\n<h2 id=\"bug-fixes\">Bug Fixes<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/499\">#499<\/a> - Status change buttons in findings grid not working<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/529\">#529<\/a> - No all buttons were working correctly when working with linked issues<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/536\">#536<\/a> - Seccubus did not install on debian because openssl passphrase was too short (also effected docker container)<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/534\">#534<\/a> - Fixed an error that prevented connections to a Nessus instance with a self signed certificate on certain OSes<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/542\">#542<\/a> - Docker broken<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/548\">#548<\/a> - Notifications editor did not work correctly<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/549\">#549<\/a> - Deleting notifications did not work correctly<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/559\">#559<\/a> - PERL5LIB path was not set in cron container<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/563\">#563<\/a> - Removed some dedug output<\/li>\n<\/ul>\n","pubDate":"Fri, 15 Sep 2017 00:00:00 +0200","link":"https:\/\/www.seccubus.com\/2017\/09\/15\/2.40-debian-ssl-docker-stuff\/","guid":"https:\/\/www.seccubus.com\/2017\/09\/15\/2.40-debian-ssl-docker-stuff\/"},{"title":"Seccubus v2.38 - Various fixes and improvements","description":"<p>We just released a new Seccubus version, you can download it <a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/releases\/latest\">here<\/a><\/p>\n\n<h1 id=\"2-8-2017---v238---various-fixes-and-improvements\">2-8-2017 - v2.38 - Various fixes and improvements<\/h1>\n\n<p>We\u2019ve fixed various bug and implemented some enhancements in this version.<\/p>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/421\">#421<\/a> - Implemented a scoring system for SSLlabs findings<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/477\">#477<\/a> - Finding coloring better reflects the urgency now<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/464\">#464<\/a> - Scan objects in Nessus are now reused in stead of created from scratch<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/500\">#500<\/a> - Added \u2013cdn switch to testssl.sh too<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/504\">#504<\/a> - Changed container crontab shell for sh to bash<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/506\">#506<\/a> - Allow cron email to be sent externally<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/512\">#512<\/a> - New ssllabs finding httpForwarding<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/522\">#522<\/a> - You can now configure which formats get exported from nessus<\/li>\n<\/ul>\n\n<p>Bug Fixes<\/p>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/490\">#490<\/a> - \u2013cdn switch doesn\u2019t work as expected<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/491\">#491<\/a> - Help message of load_ivil didn\u2019t align nicely<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/492\">#492<\/a> - Finding history wasn\u2019t showing in the GUI<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/494\">#494<\/a> - Prototype mismatch warning in Nessus scanner<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/502\">#502<\/a> - Incorrect path set when using CRON in a container<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/507\">#507<\/a> - It is not longer possible to add duplicate users<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/522\">#522<\/a> - Nessus scans now get correctly recycled or created<\/li>\n<\/ul>\n","pubDate":"Wed, 02 Aug 2017 00:00:00 +0200","link":"https:\/\/www.seccubus.com\/2017\/08\/02\/2.38-fixes-and-improvements\/","guid":"https:\/\/www.seccubus.com\/2017\/08\/02\/2.38-fixes-and-improvements\/"},{"title":"Seccubus v2.36 - TestSSL release","description":"<p>We just released a new Seccubus version, you can download it <a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/releases\/latest\">here<\/a><\/p>\n\n<h1 id=\"29-6-2017---v236---testsslsh-release\">29-6-2017 - v2.36 - TestSSL.sh release<\/h1>\n\n<p>This release has been in the making for a long time. In fact the first pull\nrequest for it\u2019s main feature was back in June 2016 by our friend and then\ncolleague Glenn ten Cate.<\/p>\n\n<p>This release marks the integration of Dirk Wetter\u2019s excellent tool testssl.sh\ninto Seccubus. With testssl.sh you can get a detailed overview of how well\nyour TLS enabled service is set up. Not just for websites, but for any TCP\nservice, even those that use STARTTLS.<\/p>\n\n<p>In addition we introduced the \u2013cdn switch for ssllabs, to reduce noise for\nCDN enabled sites, we the ability to dynamically create users via JIT\nprovisionsing and we added CSRF protection for enhanced security.<\/p>\n\n<p>To boost future code quality, Perl::Critic testing has been integrated in the\nunit testing process.<\/p>\n\n<p>Besides that we squased some bugs, five of which got introduced in the previous release :(<\/p>\n\n<h2 id=\"enhancements\">Enhancements<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/302\">#302<\/a> - Testssl.sh support for Seccubus<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/401\">#401<\/a> - JIT provisioning of users<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/442\">#442<\/a> - Add \u2013cdn option to ssllabs<\/li>\n  <li>Perl Critic is now part of unit testing. All critique was handled<\/li>\n<\/ul>\n\n<h2 id=\"bug-fixes\">Bug Fixes<\/h2>\n<ul>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/132\">#132<\/a> - We have CSRF protection now. Non-get requests should have content-type application\/json.<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/461\">#461<\/a> - Update button on finding edit screen isn\u2019t working properly<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/474\">#474<\/a> - Some typo\/style fixes by Jericho (attrition.org)<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/478\">#478<\/a> - Conralive should check if cron isn\u2019t ignored<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/480\">#480<\/a> - Editing\/showing notifications broken<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/483\">#483<\/a> - add_user broken<\/li>\n  <li><a href=\"https:\/\/github.com\/schubergphilis\/Seccubus\/issues\/484\">#484<\/a> - Failure to update 1+n scan configuration in Manage Scans (And all other update funtions)<\/li>\n<\/ul>\n","pubDate":"Thu, 29 Jun 2017 00:00:00 +0200","link":"https:\/\/www.seccubus.com\/2017\/06\/29\/2.36-testssl.sh\/","guid":"https:\/\/www.seccubus.com\/2017\/06\/29\/2.36-testssl.sh\/"}]}}