Nmap Development mailing list archives
Re: Replacing usernames.lst?
From: David Fifield <david () bamsoftware com>
Date: Mon, 22 Mar 2010 13:19:09 -0600
On Mon, Mar 22, 2010 at 01:44:42PM -0500, Ron wrote:
This is a cool project that tracks ssh bruteforcing: http://0au.de/projects/ssh-failures/ According to his stats, the top 10 usernames people attempt are: # User --------------- 50604 root 1798 admin 1243 test 944 nagios 634 a 626 user 620 guest 574 oracle 403 temp 393 ts Obviously, the bruteforcers don't know much that we don't know, but their list is likely better than ours (although they do overlap significantly): root admin administrator webadmin sysadmin netadmin guest user web test I'd definitely keep "administrator" from our list. "nagios" and "oracle" are probably promising.
We've been talking about having (at least) two lists. One would contain only likely default names like "admin", "root", "guest", "web". The other would have names people are likely to choose for themselves, like email addresses or user IDs. Some scripts that runs against systems like databases and routers expect them to have only a few, root-like users, and would use the first list. A script like http-userdir-enum that's looking for user home directories would use the second list. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Replacing usernames.lst? Ron (Mar 06)
- Re: Replacing usernames.lst? Patrik Karlsson (Mar 06)
- Re: Replacing usernames.lst? Ron (Mar 06)
- Re: Replacing usernames.lst? Ron (Mar 22)
- Re: Replacing usernames.lst? David Fifield (Mar 22)
- Re: Replacing usernames.lst? Ron (Mar 22)
- Re: Replacing usernames.lst? David Fifield (Mar 22)
- Re: Replacing usernames.lst? Patrik Karlsson (Mar 06)