-
Notifications
You must be signed in to change notification settings - Fork 134
govolution/betterdefaultpasslist
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Note: BetterDefaultPasslist is included in SecLists (https://github.com/danielmiessler/SecLists) and in future I will try to keep them both up-to-date (08.07.2018). What: - list includes default credentials from various manufacturers for their products like NAS, ERP, ICS etc., that are used for standard products like mssql, vnc, oracle and so on - also examples for passwords, in practice those are also being used - the sources are installation guides and other - useful for network bruteforcing - not meant as a complete bruteforcing list, hopefully it is a useful supplement Why: - some manufactures use default credentials for their products - that might be poorly handled by the users - setting networks at risk What to do: - manufacturers: do not use default passwords, instead force users to use strong credentials and document them - users: check if it is possible to change the credentials, otherwise mitigate the risk, for example by network separation or by using proper firewall rules - yes, you can actually use local firewalls too Changelog (small updates not included): - 18.01.2021 added CVE-2017-7722, kudos to mcjon3z (#7) - 06.01.2021 added zyxel hard coded credentials for ssh, added web.txt (default creds for web apps) with same credentials - 11.07.2020 added some backdoor credentials for telnet - 10.10.2019 added default credentials for smb, ssh, mssql - 10.10.2018 added 22 default credentials, ssh, telnet & mysql - 12.07.2018 edoz90 added tomcat.txt - 08.07.2018 added more credentials for ssh.txt and windows.txt - 24.03.2018 added some creds, for VMs that are offered to download (SANS, osboxes.org and more) - 27.09.2017 added about 10 creds - 20.05.2017 added lots of passwords from http://www.petefinnigan.com/default/oracle_default_passwords.htm, msf wordlists and other sources, more than 600 new credentials (most oracle), added db2 and postgres. Thanks to Pete Finnigan for creating the huge oracle default credentials list! - 27.12.2016 addded 3 creds - 08.11.2016 added cirros default credentials - 01.11.2016 added a few credentials for telnet and ftp - 29.10.2016 added sources.txt for the sources (more or less complete) - 28.10.2016 added more credentials the last weeks - 03.10.2016 added some default passwords from mirai bot - 01.10.2016 now 305 default credentials - 25.09.2016 added some credentials - 24.09.2016 added README, 270 credentials
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published