One place for all the default credentials to assist pentesters during an engagement, this document has several products default login/password gathered from multiple sources.
Project description
Default Credentials Cheat Sheet
One place for all the default credentials to assist pentesters during an engagement, this document has several products default login/password gathered from multiple sources.
P.S : Most of the credentials were extracted from changeme,routersploit and Seclists projects, you can use these tools to automate the process https://github.com/ztgrace/changeme , https://github.com/threat9/routersploit (kudos for the awesome work)
Installation & Usage
The Default Credentials Cheat Sheet tool is available on pypi
$ pip3 install defaultcreds-cheat-sheet
$ creds search tomcat
| Operating System | Tested |
|---|---|
| Linux(Kali,Ubuntu,Lubuntu) | ✔️ |
| Windows | ✔️ |
| macOS | ❌ |
Manual Installation
$ git clone https://github.com/ihebski/DefaultCreds-cheat-sheet
$ pip3 install -r requirements.txt
$ cp creds /usr/bin/ && chmod +x /usr/bin/creds
$ creds search tomcat
Creds script
Usage Guide
# Search for product creds
➤ creds search tomcat
+----------------------------------+------------+------------+
| Product | username | password |
+----------------------------------+------------+------------+
| apache tomcat (web) | tomcat | tomcat |
| apache tomcat (web) | admin | admin |
...
+----------------------------------+------------+------------+
# Update records
➤ creds update
Check for new updates...🔍
New updates are available 🚧
[+] Download database...
# Export Creds to files (could be used for brute force attacks)
➤ creds search tomcat export
+----------------------------------+------------+------------+
| Product | username | password |
+----------------------------------+------------+------------+
| apache tomcat (web) | tomcat | tomcat |
| apache tomcat (web) | admin | admin |
...
+----------------------------------+------------+------------+
[+] Creds saved to /tmp/tomcat-usernames.txt , /tmp/tomcat-passwords.txt 📥
Run creds through proxy
# Search for product creds
➤ creds search tomcat --proxy=http://localhost:8080
# update records
➤ creds update --proxy=http://localhost:8080
# Search for Tomcat creds and export results to /tmp/tomcat-usernames.txt , /tmp/tomcat-passwords.txt
➤ creds search tomcat --proxy=http://localhost:8080 export
Contribute
If you cannot find the password for a specific product, please submit a pull request to update the dataset.
Disclaimer
For educational purposes only, use it at your own responsibility.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file defaultcreds_cheat_sheet-0.5.2.0.tar.gz.
File metadata
- Download URL: defaultcreds_cheat_sheet-0.5.2.0.tar.gz
- Upload date:
- Size: 44.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ccc5727a799c2ad74a52e20cbfe92f6d5f2aa8a0ef8d8b07207901328f1805ef |
|
| MD5 | a9dbadfe64ef794857be7fcd1e5eb2f5 |
|
| BLAKE2b-256 | 186a36cad27a2c42fd81d42ea92683ea50dc074e2fd54db138efef85518846b3 |
File details
Details for the file defaultcreds_cheat_sheet-0.5.2.0-py3-none-any.whl.
File metadata
- Download URL: defaultcreds_cheat_sheet-0.5.2.0-py3-none-any.whl
- Upload date:
- Size: 47.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 919fe9ec8437cd648aec84d48f24281df1fecd1f5138f6097161d551454c9b04 |
|
| MD5 | d2f55f3c7bb26227c0112cd8f788890e |
|
| BLAKE2b-256 | 707de46db3993a8347ef25abe07da4bc3571c48d0e2cf00f187bdc28b06d96fe |
