{"id":15034127,"url":"https://github.com/ihebski/defaultcreds-cheat-sheet","last_synced_at":"2025-03-25T02:31:34.258Z","repository":{"id":37586326,"uuid":"326038947","full_name":"ihebski/DefaultCreds-cheat-sheet","owner":"ihebski","description":"One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️","archived":false,"fork":false,"pushed_at":"2024-09-18T16:14:42.000Z","size":591,"stargazers_count":5603,"open_issues_count":0,"forks_count":686,"subscribers_count":87,"default_branch":"main","last_synced_at":"2024-10-29T11:24:49.337Z","etag":null,"topics":["blueteam","bugbounty","cheatsheet","credentials-gathering","cybersecurity","default-password","exploit","infosec","offensive-security","pentest","pentesting"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ihebski.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-01T19:02:36.000Z","updated_at":"2024-10-28T12:44:16.000Z","dependencies_parsed_at":"2022-08-19T16:21:42.636Z","dependency_job_id":"1c600320-11ad-44ad-9f2a-e7d907243ea7","html_url":"https://github.com/ihebski/DefaultCreds-cheat-sheet","commit_stats":{"total_commits":298,"total_committers":28,"mean_commits":"10.642857142857142","dds":0.6812080536912752,"last_synced_commit":"7912acc321c009488ac61b6dc33e9cb0b59e870c"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FDefaultCreds-cheat-sheet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FDefaultCreds-cheat-sheet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FDefaultCreds-cheat-sheet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FDefaultCreds-cheat-sheet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ihebski","download_url":"https://codeload.github.com/ihebski/DefaultCreds-cheat-sheet/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245385491,"owners_count":20606659,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","bugbounty","cheatsheet","credentials-gathering","cybersecurity","default-password","exploit","infosec","offensive-security","pentest","pentesting"],"created_at":"2024-09-24T20:24:01.382Z","updated_at":"2025-03-25T02:31:34.252Z","avatar_url":"https://github.com/ihebski.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# Default Credentials Cheat Sheet\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://media.moddb.com/cache/images/games/1/65/64034/thumb_620x2000/Lockpicking.jpg\"/\u003e\n\u003c/p\u003e\n\n**One place for all the default credentials to assist pentesters/blue Teamers during engagements, featuring default login/password details for various products sourced from multiple references.**\n\n\u003e P.S : Most of the credentials were extracted from changeme,routersploit and Seclists projects, you can use these tools to automate the process https://github.com/ztgrace/changeme , https://github.com/threat9/routersploit (kudos for the awesome work)\n\n- [x] Project in progress\n\n## Motivation\n- One document for the most known vendors default credentials\n- Assist pentesters during a pentest/red teaming engagement\n- **Helping the Blue teamers to secure the company infrastructure assets by discovering this security flaw in order to mitigate it**. See \n[OWASP Guide [WSTG-ATHN-02] - Testing_for_Default_Credentials](https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials \"OWASP Guide\")\n\n\n#### Short stats of the dataset\n\n|       | Product/Vendor |\tUsername | Password |\n| --- | --- | --- | --- |\n| **count**\t| 3681\t| 3681\t| 3681 |\n| **unique** |\t1362\t| 1117 |\t1670 |\n| **top** |\tOracle| \u003cblank\u003e | \u003cblank\u003e |\n| **freq** |\t235 |\t794 |\t473 |\n\n#### Sources\n\n- [Changeme](https://github.com/ztgrace/changeme \"Changeme project\")\n- [Routersploit]( https://github.com/threat9/routersploit \"Routersploit project\")\n- [betterdefaultpasslist]( https://github.com/govolution/betterdefaultpasslist \"betterdefaultpasslist\")\n- [Seclists]( https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-Credentials \"Seclist project\")\n- [ics-default-passwords](https://github.com/arnaudsoullie/ics-default-passwords) (thanks to @noraj)\n- Vendors documentations/blogs\n\n## Installation \u0026 Usage\n\nThe Default Credentials Cheat Sheet tool is available on [pypi](https://pypi.org/project/defaultcreds-cheat-sheet/)\n\n```bash\n$ pip3 install defaultcreds-cheat-sheet\n$ creds search tomcat\n```\n\n| Operating System   | Tested         |\n|---------------------|-------------------|\n| Linux(Kali,Ubuntu,Lubuntu)             | ✔️                |\n| Windows(10,11)               | ✔️                |\n| macOS               | ✔️               |\n\n##### Manual Installation\n\n```bash\n$ git clone https://github.com/ihebski/DefaultCreds-cheat-sheet\n$ pip3 install -r requirements.txt\n$ cp creds /usr/bin/ \u0026\u0026 chmod +x /usr/bin/creds\n$ creds search tomcat\n```\n\n## Creds script\n\n### Usage Guide\n```bash\n# Search for product creds\n➤ creds search tomcat                                                                                                      \n+----------------------------------+------------+------------+\n| Product                          |  username  |  password  |\n+----------------------------------+------------+------------+\n| apache tomcat (web)              |   tomcat   |   tomcat   |\n| apache tomcat (web)              |   admin    |   admin    |\n...\n+----------------------------------+------------+------------+\n\n# Update records\n➤ creds update\nCheck for new updates...🔍\nNew updates are available 🚧\n[+] Download database...\n\n# Export Creds to files (could be used for brute force attacks)\n➤ creds search tomcat export\n+----------------------------------+------------+------------+\n| Product                          |  username  |  password  |\n+----------------------------------+------------+------------+\n| apache tomcat (web)              |   tomcat   |   tomcat   |\n| apache tomcat (web)              |   admin    |   admin    |\n...\n+----------------------------------+------------+------------+\n\n[+] Creds saved to /tmp/tomcat-usernames.txt , /tmp/tomcat-passwords.txt 📥\n```\n\n**Run creds through proxy**\n```bash\n# Search for product creds\n➤ creds search tomcat --proxy=http://localhost:8080\n\n# update records\n➤ creds update --proxy=http://localhost:8080\n\n# Search for Tomcat creds and export results to /tmp/tomcat-usernames.txt , /tmp/tomcat-passwords.txt\n➤ creds search tomcat --proxy=http://localhost:8080 export\n```\n\n\u003e **Proxy option** is only available from version 0.5.2\n  \n[![asciicast](https://asciinema.org/a/526599.svg)](https://asciinema.org/a/526599)\n  \n#### Pass Station\n\n[noraj][noraj] created CLI \u0026 library to search for default credentials among this database using `DefaultCreds-Cheat-Sheet.csv`.\nThe tool is named [Pass Station][pass-station] ([Doc][ps-doc]) and has some powerful search feature (fields, switches, regexp, highlight) and output (simple table, pretty table, JSON, YAML, CSV).\n\n[![asciicast](https://asciinema.org/a/397713.svg)](https://asciinema.org/a/397713)\n\n[noraj]:https://pwn.by/noraj/\n[pass-station]:https://github.com/sec-it/pass-station\n[ps-doc]:https://sec-it.github.io/pass-station/\n\n## Contribute\n\nIf you cannot find the password for a specific product, please submit a pull request to update the dataset.\u003cbr\u003e\n\n\u003e ### Disclaimer\n\u003e **For educational purposes only, use it at your own responsibility.** \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fihebski%2Fdefaultcreds-cheat-sheet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fihebski%2Fdefaultcreds-cheat-sheet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fihebski%2Fdefaultcreds-cheat-sheet/lists"}