Is your feature request related to a problem? Please describe.
The NCrack Bruteforce scanner is great to identify weak credentials for services (like SSH) deployed in a given infrastructure environment. But the credential findings itself maybe can be a problem if they are public accessible in a vulnerability management 🤔.
Describe the solution you'd like
It would be great to implement a new configuration option which enables the security tester (DevSecOps) to configure if the identified credential findings must be encrypted / anonymized.
scannerJob:
secureFindings:
enabled: true
type: anonymizeDescribe alternatives you've considered
Additional context
Is your feature request related to a problem? Please describe.
The NCrack Bruteforce scanner is great to identify weak credentials for services (like SSH) deployed in a given infrastructure environment. But the credential findings itself maybe can be a problem if they are public accessible in a vulnerability management 🤔.
Describe the solution you'd like
It would be great to implement a new configuration option which enables the security tester (DevSecOps) to configure if the identified credential findings must be encrypted / anonymized.
Describe alternatives you've considered
Additional context