Trendshift - Ask AI

base on One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️ # Default Credentials Cheat Sheet <p align="center"> <img src="https://media.moddb.com/cache/images/games/1/65/64034/thumb_620x2000/Lockpicking.jpg"/> </p> **One place for all the default credentials to assist pentesters during an engagement, this document has several products default login/password gathered from multiple sources.** > P.S : Most of the credentials were extracted from changeme,routersploit and Seclists projects, you can use these tools to automate the process https://github.com/ztgrace/changeme , https://github.com/threat9/routersploit (kudos for the awesome work) - [x] Project in progress ## Motivation - One document for the most known vendors default credentials - Assist pentesters during a pentest/red teaming engagement - **Helping the Blue teamers to secure the company infrastructure assets by discovering this security flaw in order to mitigate it**. See [OWASP Guide [WSTG-ATHN-02] - Testing_for_Default_Credentials](https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials "OWASP Guide") #### Short stats of the dataset | | Product/Vendor | Username | Password | | --- | --- | --- | --- | | **count** | 3668 | 3668 | 3668 | | **unique** | 1347 | 1110 | 1658 | | **top** | Oracle| <blank> | <blank> | | **freq** | 235 | 790 | 474 | #### Sources - [Changeme](https://github.com/ztgrace/changeme "Changeme project") - [Routersploit]( https://github.com/threat9/routersploit "Routersploit project") - [betterdefaultpasslist]( https://github.com/govolution/betterdefaultpasslist "betterdefaultpasslist") - [Seclists]( https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-Credentials "Seclist project") - [ics-default-passwords](https://github.com/arnaudsoullie/ics-default-passwords) (thanks to @noraj) - Vendors documentations/blogs ## Installation & Usage The Default Credentials Cheat Sheet tool is available on [pypi](https://pypi.org/project/defaultcreds-cheat-sheet/) ```bash $ pip3 install defaultcreds-cheat-sheet $ creds search tomcat ``` | Operating System | Tested | |---------------------|-------------------| | Linux(Kali,Ubuntu,Lubuntu) | ✔️ | | Windows(10,11) | ✔️ | | macOS | ❌ | ##### Manual Installation ```bash $ git clone https://github.com/ihebski/DefaultCreds-cheat-sheet $ pip3 install -r requirements.txt $ cp creds /usr/bin/ && chmod +x /usr/bin/creds $ creds search tomcat ``` ## Creds script ### Usage Guide ```bash # Search for product creds ➤ creds search tomcat +----------------------------------+------------+------------+ | Product | username | password | +----------------------------------+------------+------------+ | apache tomcat (web) | tomcat | tomcat | | apache tomcat (web) | admin | admin | ... +----------------------------------+------------+------------+ # Update records ➤ creds update Check for new updates...🔍 New updates are available 🚧 [+] Download database... # Export Creds to files (could be used for brute force attacks) ➤ creds search tomcat export +----------------------------------+------------+------------+ | Product | username | password | +----------------------------------+------------+------------+ | apache tomcat (web) | tomcat | tomcat | | apache tomcat (web) | admin | admin | ... +----------------------------------+------------+------------+ [+] Creds saved to /tmp/tomcat-usernames.txt , /tmp/tomcat-passwords.txt 📥 ``` **Run creds through proxy** ```bash # Search for product creds ➤ creds search tomcat --proxy=http://localhost:8080 # update records ➤ creds update --proxy=http://localhost:8080 # Search for Tomcat creds and export results to /tmp/tomcat-usernames.txt , /tmp/tomcat-passwords.txt ➤ creds search tomcat --proxy=http://localhost:8080 export ``` > **Proxy option** is only available from version 0.5.2 [![asciicast](https://asciinema.org/a/526599.svg)](https://asciinema.org/a/526599) #### Pass Station [noraj][noraj] created CLI & library to search for default credentials among this database using `DefaultCreds-Cheat-Sheet.csv`. The tool is named [Pass Station][pass-station] ([Doc][ps-doc]) and has some powerful search feature (fields, switches, regexp, highlight) and output (simple table, pretty table, JSON, YAML, CSV). [![asciicast](https://asciinema.org/a/397713.svg)](https://asciinema.org/a/397713) [noraj]:https://pwn.by/noraj/ [pass-station]:https://github.com/sec-it/pass-station [ps-doc]:https://sec-it.github.io/pass-station/ ## Contribute If you cannot find the password for a specific product, please submit a pull request to update the dataset.<br> > ### Disclaimer > **For educational purposes only, use it at your own responsibility.** ", Assign "at most 3 tags" to the expected json: {"id":"3480","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"

AI prompts

AI prompts