Automated Security Testing Tool
secureCodeBox is an OWASP project providing an automated and scalable open source solution that integrates multiple security scanners with a simple and lightweight interface – for continuous and automated security testing.
Identify Vulnerabilities in your Network and Applications
Powerful Scanning Tools
SDLC
Multi-Layer Testing
Easy Monitoring
Security Use Cases
Your Go-to Solution for easy Security Scanning
- It's a quick and straight forward installation. It works on every system and is ready to use from start.
- You can start scans without any configuration right away and use best practice tests. But each scanner also provides extensive configuration options.
- Our architecture is designed for open flexibility and free adjustments. New tools can be integrated fairly simple and you can design your own scan and monitor process.
- Separately configurable for multiple teams, systems or clusters.
Multi Scanner Security Platform
Scanners
Amass (Network)
Subdomain Enumeration Scanner
CMSeeK (CMS)
Automation of the process of detecting the Joomla CMS and its core vulnerabilities
doggo (Network)
DNS client (like dig)
ffuf (Webserver)
Webserver and WebApplication Elements and Content Discovery
Git Repo Scanner (Repository)
Discover Git repositories
Gitleaks (Repository)
Find potential secrets in repositories
Kube Hunter (Kubernetes)
Kubernetes Vulnerability Scanner
Kubeaudit (Kubernetes)
Kubernetes Configuration Scanner
Ncrack (Authentication)
Network authentication bruteforcing
Nikto (Webserver)
Webserver Vulnerability Scanner
Nmap (Network)
Network discovery and security auditing
Nuclei (Website)
Nuclei is a fast, template based vulnerability scanner.
Screenshooter (WebApplication)
Takes Screenshots of websites
Semgrep (Repository)
Static Code Analysis
SSH-audit (SSH)
SSH Configuration and Policy Scanner
SSH (SSH)
SSH Configuration and Policy Scanner
SSLyze (SSL)
SSL/TLS Configuration Scanner
Trivy SBOM (Container)
Container Dependency Scanner
Trivy (Container)
Container Vulnerability Scanner
Typo3Scan (CMS)
Automation of the process of detecting the Typo3 CMS and its installed extensions
Whatweb (Network)
Website identification
WPScan (CMS)
Wordpress Vulnerability Scanner
ZAP Advanced (WebApplication)
WebApp & OpenAPI Vulnerability Scanner extend with authentication features
ZAP Automation Framework (WebApplication)
WebApp & OpenAPI Vulnerability Scanner
ZAP (WebApplication)
WebApp & OpenAPI Vulnerability Scanner
Hooks
Azure Monitor (persistenceProvider)
Publishes all Scan Findings to Azure Monitor.
Cascading Scans (processing)
Cascading Scans based declarative Rules.
DefectDojo (persistenceProvider)
Publishes all Scan Reports to OWASP DefectDojo.
Dependency-Track (persistenceProvider)
Publishes all CycloneDX SBOMs to Dependency-Track.
Elasticsearch (persistenceProvider)
Publishes all Scan Findings to Elasticsearch.
Finding Post Processing (dataProcessing)
Updates fields for findings meeting specified conditions.
Generic WebHook (integration)
Publishes Scan Findings as WebHook.
Notification WebHook (integration)
Publishes Scan Summary to MS Teams, Slack and others.
Static Report (persistenceProvider)
Publishes all Scan Findings as HTML Report.
Update Field (dataProcessing)
Updates fields in finding results.
About us
secureCodeBox is an Open-Source project in cooperation with OWASP and with friendly support from iteratec.
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.