.. | |||
README.md | Loading last commit info... | ||
cred.py | |||
credentials.csv |
README.md
Most Known Vendors Default Credentials
One place for all the default credentials to assist the pentesters during an engagement, this document has a several products default credentials that are gathered from several sources.
Motivation
- One document for the most known vendors default credentials
- Assist pentesters during a pentest/red teaming engagement
- Helping the Red/Blue teamers to secure the company infrastructure by discovering this security flaw in order to mitigate it. See
WSTG-ATHN-02
Sources
- Changeme
- Routersploit
- betterdefaultpasslist
- Seclists
- ics-default-passwords (thanks to @noraj)
- Vendors documentations/blogs
Creds script
You can turn the cheat sheet into a cli command and perform search queries for a specific product.
# Usage
➤ python3 creds.py search tomcat
+----------------------------------+------------+------------+
| Product | username | password |
+----------------------------------+------------+------------+
| apache tomcat (web) | tomcat | tomcat |
| apache tomcat (web) | admin | admin |
...
+----------------------------------+------------+------------+
Credit
Based on ihebski's github page.