secureCodeBox
Testing your Software Security, Network and Applications
secureCodeBox is an automated and scalable open source solution that can be used to integrate various security scanners with a simple and lightweight interface.
Quick & easy installation
It's a quick and straight forward installation. It works on every system and is ready to use from start.For professionals & rookies
You can start scans without any configuration right away and use best practice tests. But each scanner also provides extensive configuration options.Monitor your results
Easily monitor each scanner's results through pre-designed (or self made) dashboards, use a tool integration such as e.g. DefectDojo or integrate the persistence tool of your choice.Design your own process
Our architecture is designed for open flexibility and free adjustments. New tools can be integrated fairly simple and you can design your own scan and monitor process.How does the secureCodeBox help our team?
SDLC support
Highly scalable: multiple teams, applications and whole networks.
Scans can range from low-hanging fruits to pen testing.
We don`t assign grades, someone needs to interpret the scan results.
Besides our examples, we do not provide many advanced, pre-configured scans.
Scanners
Amass (Network)
Subdomain Enumeration Scanner
git-repo-scanner (Repository)
Discover git repositories
Gitleaks (Repository)
Find potential secrets in repositories
kube-hunter (Kubernetes)
Kubernetes Vulnerability Scanner
kubeaudit (Kubernetes)
Kubernetes Configuration Scanner
Ncrack (Authentication)
Network authentication bruteforcing
Nikto (Webserver)
Webserver Vulnerability Scanner
Nmap (Network)
Network discovery and security auditing
Screenshooter (Application)
Takes Screenshots of websites
SSH (SSH)
SSH Configuration and Policy Scanner
SSLyze (SSL)
SSL/TLS Configuration Scanner
Trivy (Container)
Container Vulnerability Scanner
WPScan (CMS)
Wordpress Vulnerability Scanner
ZAP (WebApplication)
WebApp & OpenAPI Vulnerability Scanner
Hooks
Cascading Scans (processing)
Cascading Scans based declarative Rules.
DefectDojo (persistenceProvider)
Publishes all Scan Findings to DefectDojo.
Elasticsearch (persistenceProvider)
Publishes all Scan Findings to Elasticsearch.
Finding Post Processing (dataProcessing)
Updates fields for findings meeting specified conditions.
Generic WebHook (integration)
Publishes Scan Findings as WebHook.
MS Teams WebHook (integration)
Publishes Scan Summary to MS Teams.
Slack WebHook (integration)
Publishes Scan Summary to Slack.
Static Report (persistenceProvider)
Publishes all Scan Findings as HTML Report.
Update Field (dataProcessing)
Updates fields in finding results.