How to add new credentials to be used in order to run authenticated (whitebox) scans.
Credentials can be added in Delve in order to run authenticated (whitebox) scans.
Credentials can be associated to groups of assets through the use of tags (see Associating credentials to tags). All the assets categorized under the tag to which the credentials are associated will be scanned with authentification using these credentials.
You can create new credentials for your organization by going to the "Settings" panel and clicking the "Credentials" link in any of the teams present in the "Team settings" box.
In the "Manage Credentials" panel displayed on the right, you can use the "+" button to add new credentials.
In the "Add credentials" menu that appears, you can configure the type of credentials using the following parameters:
- Description - The description for these credentials.
- Protocol - The type of authentication to which this credentials apply:
- HTTP Basic Auth - Authenticate on a Website using basic access authentication (RFC-7617).
- Web Form - Authenticate on a Website using a standard form submission.
- VMWare ESXi - Authenticate on a system running VMWare ESXi.
- SMB - Authenticate on a Microsoft Windows system using a Samba username/password combination.
- Username/Password - Authenticate on a GNU/Linux system using an SSH username/password combination.
- Public-key authentication - Authenticate on a GNU/Linux system using an SSH public/private key pair. You will need to enter the private key (in PEM format, as per RFC-7468) associated to the public key already installed in the destination system.
Even though credentials are created in teams, they are usable by all teams within the same organization.