Cybersecurity firm NCC Group has launched two new open source tools aimed at supporting application developers and penetration testers. The first tool, called Code Credential Scanner (css), allows developers to scan configuration files in a repository, detect stored credentials, and remove them to prevent potential leaks.
It can be integrated into development mechanisms for scheduled scans and helps manage the remediation process by alerting teams when credentials are found. The tool is language agnostic, supports various issue resolution methods, and can identify usernames and email addresses, in addition to passwords and keys. NCC Group’s second tool, CowCloud, assists pentesters and technical teams in distributing workloads across Amazon Web Services (AWS).
Originally designed for executing recon tools and vulnerability scans in a distributed manner, CowCloud enables the creation and monitoring of tasks using Python code on worker nodes and supports the installation and operation of commercial tools. Besides workload distribution, the tool has applications in security testing baselining, distributed password cracking in AWS, and centralized access and management of tools.
These open source tools contribute to enhancing security practices in the development and testing processes. The Code Credential Scanner empowers developers to proactively identify and remove stored credentials, reducing the risk of leaks. Meanwhile, CowCloud streamlines workload distribution and provides convenient access to various security testing capabilities.
NCC Group’s tools serve as valuable resources for application developers and penetration testers seeking to bolster their cybersecurity measures and ensure the integrity and confidentiality of their systems.
