secureCodeBox

Testing your Software Security, Network and Applications

secureCodeBox is an automated and scalable open source solution that can be used to integrate various security scanners with a simple and lightweight interface.

InstallationStarting Scans
speed clock

Quick & easy installation

It's a quick and straight forward installation. It works on every system and is ready to use from start.
code terminal

For professionals & rookies

You can start scans without any configuration right away and use best practice tests. But each scanner also provides extensive configuration options.
graph icon

Monitor your results

Easily monitor each scanner's results through pre-designed (or self made) dashboards, use a tool integration such as e.g. DefectDojo or integrate the persistence tool of your choice.
content icon

Design your own process

Our architecture is designed for open flexibility and free adjustments. New tools can be integrated fairly simple and you can design your own scan and monitor process.

How does the secureCodeBox help our team?

  • checked iconSDLC support
  • checked iconHighly scalable: multiple teams, applications and whole networks.
  • checked iconScans can range from low-hanging fruits to pen testing.
  • unchecked iconWe don`t assign grades, someone needs to interpret the scan results.
  • unchecked iconBesides our examples, we do not provide many advanced, pre-configured scans.

Scanners

Amass

Amass (Network)

Subdomain Enumeration Scanner

Angularjs CSTI Scanner

Angularjs CSTI Scanner (Repository)

Find AngularJS websites vulnerable to template injections

git-repo-scanner

git-repo-scanner (Repository)

Discover git repositories

Gitleaks

Gitleaks (Repository)

Find potential secrets in repositories

kube-hunter

kube-hunter (Kubernetes)

Kubernetes Vulnerability Scanner

kubeaudit

kubeaudit (Kubernetes)

Kubernetes Configuration Scanner

Ncrack

Ncrack (Authentication)

Network authentication bruteforcing

Nikto

Nikto (Webserver)

Webserver Vulnerability Scanner

Nmap

Nmap (Network)

Network discovery and security auditing

Screenshooter

Screenshooter (Application)

Takes Screenshots of websites

SSH

SSH (SSH)

SSH Configuration and Policy Scanner

SSLyze

SSLyze (SSL)

SSL/TLS Configuration Scanner

Trivy

Trivy (Container)

Container Vulnerability Scanner

WPScan

WPScan (CMS)

Wordpress Vulnerability Scanner

ZAP

ZAP (WebApplication)

WebApp & OpenAPI Vulnerability Scanner

Hooks

Cascading Scans

Cascading Scans (processing)

Cascading Scans based declarative Rules.

DefectDojo

DefectDojo (persistenceProvider)

Publishes all Scan Reports to OWASP DefectDojo.

Elasticsearch

Elasticsearch (persistenceProvider)

Publishes all Scan Findings to Elasticsearch.

Finding Post Processing

Finding Post Processing (dataProcessing)

Updates fields for findings meeting specified conditions.

Generic WebHook

Generic WebHook (integration)

Publishes Scan Findings as WebHook.

MS Teams WebHook

MS Teams WebHook (integration)

Publishes Scan Summary to MS Teams.

Slack WebHook

Slack WebHook (integration)

Publishes Scan Summary to Slack.

Static Report

Static Report (persistenceProvider)

Publishes all Scan Findings as HTML Report.

Update Field

Update Field (dataProcessing)

Updates fields in finding results.