ScanSuite
  • Introduction
  • Architecture
  • Installation
    • Technical Requirements
    • Install ScanSuite server
    • Set up DefectDojo
    • Troubleshooting
    • SSL/TLS Setup
  • Administration
    • Setup parameters and services
    • Configuring API keys for external systems
    • User administration
    • Security logs
  • Usage
    • Products
    • Static Code Analysis
      • Git repository authentication
      • Scheduling Periodic and Incremental Scans
      • (Optional) Compiling the code
      • Executing the AI Powered Scan
    • Managing scan execution
    • Working with scan results
      • Checking for exploitable vulnerabilities
      • Export to Securitm
    • Credentials
    • Web App Scanning
      • Authenticated scans
      • Web API scans
    • Infrastructure Checks
    • Schedule the scan
    • Custom Rules
    • Assets
  • Versions History
    • v 1.0
    • v 1.1
    • v 1.2
Powered by GitBook
On this page
  1. Usage

Credentials

PreviousExport to SecuritmNextWeb App Scanning

Last updated 6 days ago

Credentials found during the Static Code Analysis, such as Secrets Detection, and Infrastructure checks, such as OSINT (credentials leakage checks stage) or Bruteforcer scan are saved and can be managed via Credentials page:

Credentails matching login/password pair pattern are used by the Bruteforcer scanner to verify their validity.

One can input leaked credentials manually or upload a bulk as JSON list:

Execute the Bruteforcer scan:

And check if confirmed credentials are alerted via scan logs:

Confirmed credentials are updated in Credentials tab via Verified and Details fields:

Click on the Credential name to see full details: