Re: Data file for default passwords

[tabish imran <tabish.imran96 () gmail com>]

---------- Forwarded message ----------
From: "tabish imran" <tabish.imran96 () gmail com>
Date: 03-Mar-2016 11:13 pm
Subject: Re: Data file for default passwords
To: "David Fifield" <david () bamsoftware com>
Cc:

Hi David ,
The script that you mentioned does pretty much what I had planned. There
are websites like defaultpassword.com or phenoelit.org which have huge
collections of default passwords , I'm gonna try to scrape them ( python ,
scrapy ) and add them to the http-default-accounts-fingerprints.lua file.
What do you think ?
On 03-Mar-2016 11:01 pm, "David Fifield" <david () bamsoftware com> wrote:

> On Thu, Mar 03, 2016 at 10:25:52PM +0530, tabish imran wrote:
> > There are tons of devices like routers, printers and webcams with
> default user/
> > pass combinations . If I were to scrape default passwords from websites
> and
> > write a script which ( depending on  results from the scan ) checks for
> default
> > passwords , it could be useful.
> >
> > Pro - would take less time than bruteforce
> >
> > Con - might be pretty big
> >
> > ( alternatively the script could look for the default passwords from a
> website)
> > Comments ?
>
> Hi, what you describe sounds like the existing http-default-accounts
> script:
> https://nmap.org/nsedoc/scripts/http-default-accounts.html
>
> https://svn.nmap.org/nmap/nselib/data/http-default-accounts-fingerprints.lua
> A good project would be to increase the coverage of the script; i.e., to
> add a lot of new entries to http-default-accounts-fingerprints.lua. I
> don't get what you mean by "scrape default passwords from websites,"
> though. What's your plan for building a database of default credentials?
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/