Nmap Development mailing list archives
Re: Data file for default passwords
From: tabish imran <tabish.imran96 () gmail com>
Date: Thu, 3 Mar 2016 23:18:07 +0530
---------- Forwarded message ---------- From: "tabish imran" <tabish.imran96 () gmail com> Date: 03-Mar-2016 11:13 pm Subject: Re: Data file for default passwords To: "David Fifield" <david () bamsoftware com> Cc: Hi David , The script that you mentioned does pretty much what I had planned. There are websites like defaultpassword.com or phenoelit.org which have huge collections of default passwords , I'm gonna try to scrape them ( python , scrapy ) and add them to the http-default-accounts-fingerprints.lua file. What do you think ? On 03-Mar-2016 11:01 pm, "David Fifield" <david () bamsoftware com> wrote:
On Thu, Mar 03, 2016 at 10:25:52PM +0530, tabish imran wrote:There are tons of devices like routers, printers and webcams withdefault user/pass combinations . If I were to scrape default passwords from websitesandwrite a script which ( depending on results from the scan ) checks fordefaultpasswords , it could be useful. Pro - would take less time than bruteforce Con - might be pretty big ( alternatively the script could look for the default passwords from awebsite)Comments ?Hi, what you describe sounds like the existing http-default-accounts script: https://nmap.org/nsedoc/scripts/http-default-accounts.html https://svn.nmap.org/nmap/nselib/data/http-default-accounts-fingerprints.lua A good project would be to increase the coverage of the script; i.e., to add a lot of new entries to http-default-accounts-fingerprints.lua. I don't get what you mean by "scrape default passwords from websites," though. What's your plan for building a database of default credentials?
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Data file for default passwords tabish imran (Mar 03)
- Re: Data file for default passwords David Fifield (Mar 03)
- Message not available
- Re: Data file for default passwords tabish imran (Mar 03)
- Message not available
- Re: Data file for default passwords David Fifield (Mar 03)
- Re: Data file for default passwords Fotis Hantzis (Mar 03)
- Re: Data file for default passwords tabish imran (Mar 03)