Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Data file for default passwords

From: David Fifield <david () bamsoftware com>
Date: Thu, 3 Mar 2016 18:31:14 +0100
On Thu, Mar 03, 2016 at 10:25:52PM +0530, tabish imran wrote:


There are tons of devices like routers, printers and webcams with default user/
pass combinations . If I were to scrape default passwords from websites and
write a script which ( depending onĀ  results from the scan ) checks for default
passwords , it could be useful.

Pro - would take less time than bruteforce

Con - might be pretty big

( alternatively the script could look for the default passwords from a website)

Comments ?


Hi, what you describe sounds like the existing http-default-accounts
script:
https://nmap.org/nsedoc/scripts/http-default-accounts.html
https://svn.nmap.org/nmap/nselib/data/http-default-accounts-fingerprints.lua
A good project would be to increase the coverage of the script; i.e., to
add a lot of new entries to http-default-accounts-fingerprints.lua. I
don't get what you mean by "scrape default passwords from websites,"
though. What's your plan for building a database of default credentials?
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: