Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RFC] Username/Password NSE library

From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 17 Jun 2008 18:13:51 -0500
Kris Katterjohn wrote:


Now I need opinions on good username and password lists to ship and use by
default.  There is an ordered password list shipped with John the Ripper which
has 3107 entries.  The license[1] pretty much says we can distribute it if we
give credit and also ship the license.  Are there any ideas on a better list?

What about a good username list?



I suggest checking some of the Internet lists of default username/password
pairs.  It is ridiculous how often I come across equipment that has been
install and left in its default state.

It may also make sense to order this list such that more common software/devices
occur first.  If you like I can gather some of this information and condense
it down.

If you think these usernames and passwords would not be appropriate for your
application I may roll them into generic scripts based on protocol, such as
ftp, http, ssh, etc.

Thanks,

Tom

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: