{"id":50696823,"url":"https://github.com/fb0sh/defaulthound","last_synced_at":"2026-06-09T07:01:36.307Z","repository":{"id":362235027,"uuid":"1257981544","full_name":"fb0sh/DefaultHound","owner":"fb0sh","description":" DefaultHound — 批量检测服务默认密码的安全扫描工具，一键发现高危弱凭据。| DefaultHound — A batch scanner that hunts default/empty passwords across network services.","archived":false,"fork":false,"pushed_at":"2026-06-03T08:20:05.000Z","size":46,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-03T09:19:11.179Z","etag":null,"topics":["pentest","redt","scanner","unauthenticated","weakpasswords"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fb0sh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-03T07:09:06.000Z","updated_at":"2026-06-03T08:24:24.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fb0sh/DefaultHound","commit_stats":null,"previous_names":["fb0sh/defaulthound"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/fb0sh/DefaultHound","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fb0sh%2FDefaultHound","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fb0sh%2FDefaultHound/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fb0sh%2FDefaultHound/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fb0sh%2FDefaultHound/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fb0sh","download_url":"https://codeload.github.com/fb0sh/DefaultHound/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fb0sh%2FDefaultHound/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34095247,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pentest","redt","scanner","unauthenticated","weakpasswords"],"created_at":"2026-06-09T07:00:59.965Z","updated_at":"2026-06-09T07:01:36.295Z","avatar_url":"https://github.com/fb0sh.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DefaultHound\n\n批量检测服务默认密码/空密码的安全扫描工具，Rust 实现。内置 40 个服务检测器，基于 Tokio 异步并发，支持批量扫描、JSON/CSV 导出。\n\n内置 **4500+ 条默认凭据库**（覆盖 1600+ 厂商/产品），无需联网即可查阅设备默认密码。\n\n提供 **GUI（egui 原生桌面）** 和 **CLI（命令行）** 两种使用方式。\n\n- 常见设备系统服务默认密码: **4500+ 条**\n\n## 🚀 特色亮点\n\n### 革命性的 `ip:service^port` 语法\n\n```\n192.169.33.12:redis^7789\n```\n\n**以前的做法：** Redis 跑在 7789 端口上？你得找到 checker 源码，把 `default_port` 从 6379 改成 7789，重新编译，扫完再改回来。换个端口改一次代码。\n\n**DefaultHound 的革命性方案：** 直接写 `192.169.33.12:redis^7789`——`redis` 是指定**使用 Redis 检测器**，`7789` 是传进去的**端口参数**。\n\n- ✅ **不改一行代码**——端口是运行时参数，不是编译时常量\n- ✅ **按需指定检测器**——`service^` 前缀精确选择 checker，不匹配的服务根本不跑\n- ✅ **一个目标多个 checker**——`192.168.1.1:redis^6379,mysql^3306` 一行搞定，各自用自己的检测器\n- ✅ **非标准端口零成本**——Redis 改端口了？直接`redis^7789`，无需改代码、无需重编译\n\n\u003e 传统工具只能扫**固定端口的固定服务**；DefaultHound 让你**任意端口 + 任意检测器自由组合**。\n\n---\n\n## 🖥️ GUI 使用\n\nDefaultHound 提供基于 **egui** 的原生桌面 GUI，无需任何系统依赖（不依赖 WebView、Java、Python）。\n\n### 启动\n\n```bash\ndefaulthound-gui\n```\n\n### 界面布局\n\u003cimg width=\"1570\" height=\"943\" alt=\"image\" src=\"https://github.com/user-attachments/assets/da661478-6e8b-4f62-a986-40f5fbe589ff\" /\u003e\n\n\u003cimg width=\"1570\" height=\"943\" alt=\"image\" src=\"https://github.com/user-attachments/assets/bd8c4baf-7500-4148-b453-6ad6fe2437b6\" /\u003e\n\n\n\u003cimg width=\"1570\" height=\"943\" alt=\"image\" src=\"https://github.com/user-attachments/assets/e53afdf0-96ba-439c-a1c1-17266b3fbba1\" /\u003e\n\n\u003cimg width=\"731\" height=\"377\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a68ba5db-a944-4f23-a2c7-21499c174488\" /\u003e\n\n\n\u003cimg width=\"1570\" height=\"943\" alt=\"image\" src=\"https://github.com/user-attachments/assets/b8f6f2fa-dd4c-48d6-91ae-052768fc18c2\" /\u003e\n\n\n\u003cimg width=\"1459\" height=\"833\" alt=\"image\" src=\"https://github.com/user-attachments/assets/4732347b-46e2-41d4-85e1-0c3e102b72b1\" /\u003e\n\n\n### 功能特性\n\n| 功能 | 说明 |\n|------|------|\n| **三栏布局** | 左侧目标管理、中间扫描结果、右侧统计面板 |\n| **目标管理** | 支持 IP、`ip:service^port` 格式输入，复选框启用/禁用，右键复制目标 |\n| **双视图结果** | **日志视图**（实时彩色流水）和 **漏洞表格**（仅高危，可排序/搜索） |\n| **右键菜单** | 复制 IP:Port、复制凭据、复制详细信息、复制服务标识 |\n| **统计面板** | 高危/安全/错误计数，实时更新 |\n| **进度条** | 底部状态栏显示进度百分比、已扫描数、高危计数 |\n| **并发控制** | 可拖拽调整并发速率（1~1000） |\n| **搜索过滤** | 按服务名、IP、端口搜索；\"Vulns only\" 仅显示漏洞 |\n| **导出 CSV** | 一键导出扫描结果到 CSV 文件 |\n| **亮色/暗色** | 顶部控制栏一键切换 Light / Night 主题 |\n| **代理设置** | 内置弹窗设置 SOCKS5/HTTP 代理，支持保存/清除 |\n| **默认凭据库** | 4500+ 条默认凭据（1600+ 厂商），支持搜索过滤、右键复制、虚拟化表格 |\n| **扫描控制** | 开始扫描 / 停止扫描 |\n| **清除结果** | 一键清空扫描结果 |\n\n### GUI 快捷键\n\n| 快捷键 | 功能 |\n|--------|------|\n| `Cmd + W` | 关闭窗口 |\n| `Cmd + M` | 最小化窗口 |\n\n---\n\n## 📀 默认凭据数据库\n\nDefaultHound 内置一份**离线默认凭据数据库**，无需联网即可查阅各类设备/服务的默认用户名和密码。\n\n| 指标 | 数量 |\n|------|------|\n| 总条目 | **4500+** |\n| 覆盖厂商/产品 | **1600+** |\n| 数据来源 | 社区公开收集 + 厂商文档 |\n| 存储方式 | 编译到二进制中，零外部依赖 |\n\n### GUI 浏览\n\n在顶部控制栏点击 `DefaultCreds` 标签页，支持：\n- 实时搜索过滤（按厂商/版本/用户名/密码）\n- 虚拟化表格，万行数据流畅滚动\n- 右键单元格复制（Copy vendor / Copy username / Copy password）\n\n### CLI 查询\n\n```bash\n# 显示全部\ndefaulthound --show\n\n# 搜索指定厂商\ndefaulthound --show 华为\ndefaulthound --show cisco\n\n# 搜索用户名或密码\ndefaulthound --show admin\ndefaulthound --show 123456\n```\n\n---\n\n## 💻 CLI 使用\n\n### 安装\n\n```bash\ncargo install defaulthound\n```\n\n或从源码构建：\n\n```bash\ngit clone \u003crepo-url\u003e\ncd default_hound\ncargo install --path .\n```\n\n### 命令\n\n```bash\n# 扫描 localhost\ndefaulthound\n\n# 扫描指定 IP\ndefaulthound 192.168.1.1\n\n# 从文件批量扫描\ndefaulthound -f targets.txt\n\n# 从 stdin 输入\ncat targets.txt | defaulthound\n\n# 列出所有可检测的服务\ndefaulthound -l\n\n# 导出结果\ndefaulthound -f targets.txt -j result.json --csv result.csv\n\n# 调高速率\ndefaulthound -f targets.txt -r 100\n\n# 仅显示高危结果\ndefaulthound -f targets.txt -v\n\n# 通过代理扫描\ndefaulthound -f targets.txt -p socks5://127.0.0.1:1080\n\n# HTTP 代理\ndefaulthound 192.168.1.1 --proxy http://proxy:8080\n\n# 显示默认凭据表\ndefaulthound --show\n\n# 搜索默认凭据\ndefaulthound --show redis\ndefaulthound --show admin\n\n# 仅扫描 HTTP 服务\ndefaulthound http://192.168.1.1:8080\n\n# 仅扫描 HTTPS 服务\ndefaulthound https://192.168.1.1:443\n```\n\n### 目标格式\n\n目标文件每行支持以下格式：\n\n| 格式 | 说明 | 示例 |\n|------|------|------|\n| `ip` | 扫描所有服务（各自默认端口） | `192.168.1.1` |\n| `ip:port` | 只扫描匹配该端口的服务 | `192.168.1.1:3306` → 仅 MySQL |\n| `ip:port1,port2` | 只扫描匹配这些端口的服务 | `192.168.1.1:3306,6379` → MySQL + Redis |\n| `ip:service^port` | 指定服务 + 非标端口 | `192.168.1.1:redis^6379` |\n| `ip:service^port1,service2^port2` | 多个服务各自指定端口 | `192.168.1.1:redis^6379,mysql^6380` |\n| `ip:service^` | 指定服务 + 默认端口 | `192.168.1.1:redis^` |\n| `http://ip:port` | 仅 HTTP 检测器 | `http://192.168.1.1:8080` |\n| `https://ip:port` | 仅 HTTPS 检测器 | `https://192.168.1.1:443` |\n\n#### ⭐ 核心创新：`service^` 前缀\n\n`192.169.33.12:redis^7789` 这一行体现了 DefaultHound 最核心的设计思想：\n\n- **`redis`** = 指名道姓用 Redis checker\n- **`7789`** = 告诉 checker 连这个端口\n\n| 对比项 | 传统工具 | **DefaultHound** |\n|--------|---------|------------------|\n| 非标端口 | ❌ 改源码改 `default_port` 再编译 | ✅ `ip:redis^7789` 一行搞定 |\n| 检测器选择 | ❌ 只能扫默认端口绑定的服务 | ✅ `service^` 前缀精确指定 checker |\n| 混扫多种服务 | ❌ 改完 Redis 再改 MySQL，反复改代码 | ✅ 同一文件写 `ip:redis^6379` 和 `ip:mysql^3306` |\n| 端口与服务解耦 | ❌ 端口硬编码在 checker 里 | ✅ 端口是运行时参数，checker 和端口自由组合 |\n\n服务名不区分大小写（`Redis`、`redis`、`REDIS` 均可）。带 `service^` 前缀时**只运行该服务的检测器**，不会浪费时间去扫其他服务。\n\n**实战场景：** 内网 Redis 集群端口各不相同（6379、7789、9001），只需一行一个 `ip:redis^port`，全部用 Redis checker 精准扫描——不用改一行 Rust 代码。\n\n### 输出格式\n\n```\n[MySQL] 127.0.0.1:3306  安全  端口未开放\n[VULN][Redis](无需认证) 192.168.1.5:6379\n[ERR][Docker] 10.0.0.1:2375  连接超时\n────────────────────────────────────────\n目标数 3  ✓ 安全 2  ⚠ 高危 1  DefaultHound\n```\n\n`[VULN]` 行可直接被 grep 提取。\n\n统计按目标行数计算：一个目标只要有一个服务存在漏洞即计为高危。\n\n使用 `-v`（`--vuln`）时只输出高危行：\n\n```\ndefaulthound -f targets.txt -v\n```\n\n---\n\n## 内置服务 (40 个)\n\n| TCP Socket (12) | HTTP/Web (26) | 已有 (2) |\n|----------------|---------------|----------|\n| FTP, ZooKeeper, MongoDB, LDAP, VNC, Memcached, NFS, Dubbo, Rsync, SMB, uWSGI, CouchDB | Docker, DockerRegistry, Elasticsearch, Jenkins, Kibana, Kubernetes, Jupyter, Nacos, Ollama, Spark, WebLogic, Hadoop, JBoss, ActiveMQ, Zabbix, RabbitMQ, Solr, Harbor, WordPress, Crowd, Kong, ThinkAdmin, Swagger, SpringBoot, Druid, RuoYi | MySQL, Redis |\n\n---\n\n## 架构设计：checker 与端口解耦\n\nDefaultHound 的核心架构创新是 **Service Checker 与目标端口解耦**。\n\n```rust\n// 每个 checker 只关心「怎么检测这个服务」，不关心「端口是什么」\n#[async_trait]\npub trait ServiceChecker: Send + Sync {\n    fn service_name(\u0026self) -\u003e \u0026'static str;\n    fn default_port(\u0026self) -\u003e u16;  // 只是默认值，随时可覆盖\n    async fn check(\u0026self, ip: \u0026str, port: Option\u003cu16\u003e) -\u003e CheckResult;\n    //                            ^^^^^^^^^^ 端口由调用方传入\n}\n```\n\n当用户写 `192.169.33.12:redis^7789` 时：\n\n1. 解析器提取 `service = \"redis\"`、`ip = \"192.169.33.12\"`、`port = 7789`\n2. 调度器只选中 `RedisChecker`（其他 39 个 checker 跳过）\n3. `RedisChecker::check(\"192.169.33.12\", Some(7789))` 被调用\n4. 返回结果\n\n\u003e **不需要改 checker 源码、不需要重编译、不需要改默认端口。**\n\u003e\n\u003e 传统工具要扫非标端口只能改代码；DefaultHound 让你在**目标列表里**完成一切。\n\n## 架构\n\n```text\nsrc/\n├── lib.rs                  # ServiceChecker trait + CheckResult + Credential\n├── prelude.rs              # 公共导入\n├── bin/\n│   ├── defaulthound.rs     # CLI 入口\n│   └── defaulthound-gui.rs # GUI 入口（egui 原生桌面）\n├── default_creds.rs        # 默认凭据数据库（3766 条）\n├── checkers/\n│   ├── mod.rs              # 注册中心\n│   ├── http_helpers.rs     # HTTP 检测辅助函数\n│   ├── mysql.rs            # MySQL\n│   ├── redis.rs            # Redis\n│   ├── ftp.rs              # ...\n│   └── ...                 # 每个服务独立文件\n```\n\n## 添加一个新的 Service Checker\n\n```rust\nuse crate::prelude::*;\n\npub struct MyService;\n\n#[async_trait]\nimpl ServiceChecker for MyService {\n    fn service_name(\u0026self) -\u003e \u0026'static str { \"MyService\" }\n    fn default_port(\u0026self) -\u003e u16 { 1234 }\n    fn default_credentials(\u0026self) -\u003e Vec\u003cCredential\u003e { vec![\n        Credential::new(\"admin\", \"admin\"),\n    ]}\n    async fn check(\u0026self, ip: \u0026str, port: Option\u003cu16\u003e) -\u003e CheckResult {\n        let port = port.unwrap_or(self.default_port());\n        let mut stream = try_connect!(self, ip, port);\n        // 检测逻辑...\n        CheckResult::Vulnerable {\n            credentials: \"admin:admin\".into(),\n            details: \"默认凭据有效\".into(),\n        }\n    }\n}\n```\n\n在 `mod.rs` 加两行：\n\n```diff\n+ mod my_service;\n  fn all_checkers() -\u003e Vec\u003cBox\u003cdyn ServiceChecker\u003e\u003e {\n      vec![\n+         Box::new(my_service::MyService),\n      ]\n  }\n```\n\n## 参考项目\n\n灵感来源于：\n\n- **[Unauthorized_VUl](https://github.com/hackerchuan1/Unauthorized_VUl)** — Python 实现，40+ 未授权漏洞检测\n- **[Unauthorized_VUL_GUI](https://github.com/phoenix118go/Unauthorized_VUL_GUI)** — PyQt6 GUI 版本\n- **[Unauth-Vuln-Scanner](https://github.com/willsafe/Unauth-Vuln-Scanner)** — Java Swing GUI\n- **[unauthorized](https://github.com/xk11z/unauthorized)** — Python 命令行版\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffb0sh%2Fdefaulthound","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffb0sh%2Fdefaulthound","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffb0sh%2Fdefaulthound/lists"}