{"id":50099912,"url":"https://github.com/nnposter/nndefaccts","last_synced_at":"2026-06-08T22:00:37.367Z","repository":{"id":44767656,"uuid":"149645328","full_name":"nnposter/nndefaccts","owner":"nnposter","description":"nnposter's alternate fingerprint dataset for Nmap script http-default-accounts","archived":false,"fork":false,"pushed_at":"2026-04-05T01:00:20.000Z","size":920,"stargazers_count":255,"open_issues_count":0,"forks_count":90,"subscribers_count":12,"default_branch":"master","last_synced_at":"2026-04-05T03:06:00.773Z","etag":null,"topics":["default-credentials","default-password","nmap","penetration-testing","security-audit"],"latest_commit_sha":null,"homepage":null,"language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nnposter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-09-20T17:23:51.000Z","updated_at":"2026-04-05T01:00:24.000Z","dependencies_parsed_at":"2024-03-13T23:23:37.819Z","dependency_job_id":"ea247ac4-02bb-4b02-ad32-caa497397677","html_url":"https://github.com/nnposter/nndefaccts","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nnposter/nndefaccts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnposter%2Fnndefaccts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnposter%2Fnndefaccts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnposter%2Fnndefaccts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnposter%2Fnndefaccts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nnposter","download_url":"https://codeload.github.com/nnposter/nndefaccts/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnposter%2Fnndefaccts/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34082130,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["default-credentials","default-password","nmap","penetration-testing","security-audit"],"created_at":"2026-05-23T07:00:33.067Z","updated_at":"2026-06-08T22:00:37.361Z","avatar_url":"https://github.com/nnposter.png","language":"Lua","funding_links":[],"categories":["🔧 Core NSE Script Updates"],"sub_categories":["2. Default Accounts — Credential Auditing"],"readme":"# NNdefaccts\n*[n-n-ˈdē-ˌfekts] (pun intended)*\n\n## TL;DR\n[NNdefaccts](https://github.com/nnposter/nndefaccts/) is nnposter's alternate fingerprint dataset for Nmap script http-default-accounts.\n\n## Synopsis\n```\n$ nmap --script http-default-accounts -p 80 192.168.1.1\n...\nPORT   STATE SERVICE\n80/tcp open  http\n| http-default-accounts:\n|   [Cacti] at /\n|     admin:admin\n|   [Nagios] at /nagios/\n|_    nagiosadmin:CactiEZ\n```\n\n## Overview\nOne of [Nmap](https://nmap.org/) scripts, [http-default-accounts](https://nmap.org/nsedoc/scripts/http-default-accounts.html), can be used to test a web target for presence of default credentials specific to various platforms, applications, and management interfaces. The script relies on a fingerprint dataset for correctly identifying the target and performing a login sequence.\n\nNmap comes with its own default fingerprint dataset; there is no inherent necessity to seek an alternative, such as this one. The key difference is that the NNdefaccts dataset is much larger so many more target types can be tested. Note though that this dataset is not provided, licensed, supported or endorsed by the Nmap project.\n\nTo various degrees, checking for default credentials is possible with other well-recognized tools besides Nmap: Metasploit, OpenVAS, Nessus, Qualys, Nexpose, Acunetix, and similar. Based on our evaluation, Nmap with the NNdefaccts dataset is one of the best with respect to web interfaces. Compared to some, it is an order of magnitude difference.\n\nBesides good coverage, scanning for default usernames and passwords with Nmap and the NNdefaccts dataset is straightforward, lightweight, and fast. A target on a local network can be typically tested in less than 30 seconds from start to finish.\n\n## Installation, Usage\nThe dataset requires Nmap 7.60 or higher. For best results please use Nmap 7.80 or build it fresh from its code repository.\n\nFor simple one-off use, just copy file `http-default-accounts-fingerprints-nndefaccts.lua` to your home directory and, instead of running:\n```\nnmap --script http-default-accounts -p 80 192.168.1.1\n```\nadd `--script-args http-default-accounts.fingerprintfile=...` to the command line:\n```\nnmap --script http-default-accounts --script-args http-default-accounts.fingerprintfile=~/http-default-accounts-fingerprints-nndefaccts.lua -p 80 192.168.1.1\n```\nFor more permanent use, you might consider replacing the default fingerprint dataset with this one. The default dataset is typically installed as `/usr/share/nmap/nselib/data/http-default-accounts-fingerprints.lua` on Linux or `%ProgramFiles(x86)%\\Nmap\\nselib\\data\\http-default-accounts-fingerprints.lua` on Windows.\n\n## Support\nFor help with running script http-default-accounts or Nmap in general, see https://nmap.org/.\n\nFor issues specific to NNdefaccts, see below.\n\n## Contributing\nContributions are appreciated but please review the rest of the section first.\n\n### Bug Reports\nIdentifying and reporting issues in the dataset is highly valuable. If you believe that you have found a defect, please make sure that you are using the latest version of the dataset and review currently open issues on GitHub to verify that the defect has not been already submitted. If not, create a new issue and be as specific as possible to help with reproducing the problem.\n\nIn many cases it is necessary to capture and inspect relevant HTTP traffic in detail. Please use [ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project), [Fiddler](https://www.telerik.com/download/fiddler) or [Burp](https://portswigger.net/burp) to capture the traffic and send the resulting session/project file to nndefaccts /at/ shared-files.de, referencing the issue. (Do not upload the file to GitHub because of its potentially sensitive content.)\n\n### Code Contributions\nPatches for fixing defects are welcome. Please note that by submitting any code related to the dataset to the NNdefaccts repository or passing it onto nnposter by other means you are assumed to have granted nnposter unlimited, irrevocable, perpetual non-exclusive license to the code, including reuse, modification, and relicensing.\n\n### Fingerprint Contributions\nAll fingerprints included in the dataset are developed and quality-tested against real targets. As a result, it is not currently possible to contribute new fingerprints directly, as a code. If your particular target is not covered by the dataset but you have access to a target instance and able to log in with its default credentials then you can instead contribute by submitting an HTTP session file, capturing the login.\n\nPlease send a Fiddler, Burp or ZAP session file to nndefaccts /at/ shared-files.de, prepared as follows:\n1. Close any browser tabs with the target loaded.\n1. Clear your browser cache, cookies, and local storage.\n1. Visit the target top (home) page, navigate to the login page, and log in with the correct default username but obviously wrong password, such as \"`wrongpassword`\".\n1. Repeat the first three steps but log in with the correct username and password.\n1. Name the file vendor-product-version, such as `Apache-Tomcat-8.0.saz`. (Extension `.saz` is used by Fiddler.)\n1. Send it to the above-mentioned e-mail.\n\nAs a much less preferred alternative to Fiddler, Burp, and ZAP, if the target device is using plain HTTP, not HTTPS, then you could also capture the network traffic generated by the above-mentioned steps into a pcap/pcapng file with a tool like Wireshark or Tcpdump and e-mail this file instead.\n\n## Author, License\nNNdefaccts is Copyright (c) 2012-2026 by nnposter (nnposter /at/ users.sourceforge.net, https://github.com/nnposter), a party separate from Fyodor, Nmap Project, and Insecure.Com, LLC.\n\nNNdefaccts is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\n\nFor details see the full license at [COPYING](https://github.com/nnposter/nndefaccts/blob/master/COPYING).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnnposter%2Fnndefaccts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnnposter%2Fnndefaccts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnnposter%2Fnndefaccts/lists"}