https://github.com/dhondta/searchpass
Tinyscript tool for searching for default passwords on various open source databases based on pybots
https://github.com/dhondta/searchpass
cybersecurity-tool default-credentials default-password network-device password pentest-tool search-tool security-testing tinyscript
Last synced: 3 months ago
JSON representation
Tinyscript tool for searching for default passwords on various open source databases based on pybots
- Host: GitHub
- URL: https://github.com/dhondta/searchpass
- Owner: dhondta
- License: gpl-3.0
- Created: 2022-09-12T22:07:58.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-11-09T13:54:02.000Z (7 months ago)
- Last Synced: 2025-02-14T06:21:13.712Z (3 months ago)
- Topics: cybersecurity-tool, default-credentials, default-password, network-device, password, pentest-tool, search-tool, security-testing, tinyscript
- Language: Python
- Homepage:
- Size: 285 KB
- Stars: 5
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
SearchPass
Get default passwords for network devices by vendor.
[](https://pypi.python.org/pypi/searchpass/)
[](https://pypi.python.org/pypi/searchpass/)
[](https://github.com/dhondta/searchpass/actions/workflows/python-package.yml)
[](https://snyk.io/test/github/dhondta/searchpass?targetFile=requirements.txt)
[](https://pypi.python.org/pypi/searchpass/)
This tool is similar to the Ruby implementation [SearchPass](https://github.com/michenriksen/searchpass) *for offline searching of default credentials for network devices, web applications and more*. The present tool expands its capabilities to **more databases of credentials** and allows to **update the local database**, a bit like [SearchSploit](https://www.exploit-db.com/searchsploit) allows to update references to exploits on your local machine.
It relies on :
- [`tinyscript`](https://github.com/dhondta/python-tinyscript), for the CLI tool mechanics
- [`pybots`](https://github.com/dhondta/python-pybots) for abstracting robots that download from the sources of default credentials
- [`sqlite3`](https://docs.python.org/3/library/sqlite3.html) for querying the underlying data using the `--query` option
Data from the different sources gets normalized into a SQLite DB when updating the tool. [`searchpass´](https://github.com/dhondta/searchpass) package embeds a database updated end 2024.
```session
$ pip install searchpass
[...]
$ searchpass --help
searchpass 2.0.0
Author : Alexandre D'Hondt ([email protected])
Copyright: © 2021-2024 A. D'Hondt
License : GPLv3 (https://www.gnu.org/licenses/gpl-3.0.fr.html)
Source : https://github.com/dhondta/searchpass
This tool aims to search for default passwords of common devices based on criteria like the vendor or the model.
It works by caching the whole lists of known default passwords downloaded from various sources (relying on pybots ;
including CIRTnet, DataRecovery, PasswordDB, RouterPasswd or even SaynamWeb) to perform searches locally.
usage: searchpass [-e] [--passwords] [-q QUERY] [--usernames] [--reset] [--show] [--stats] [--update] [-h] [--help] [-v]
search options:
-e, --empty include empty username or password (default: False)
--passwords get passwords only (default: False)
-q QUERY, --query QUERY
search query (default: None)
--usernames get usernames only (default: False)
action arguments:
--reset remove cached credentials databases
--show show records of credentials databases
--stats get statistics on credentials databases
--update update credentials databases
extra arguments:
-h show usage message and exit
--help show this help message and exit
-v, --verbose verbose mode (default: False)
Usage examples:
searchpass --update
searchpass --passwords
searchpass --stats
searchpass --query "username='user'
searchpass --query "username LIKE \"Admin%%\"" --passwords
```
## :clap: Supporters
[](https://github.com/dhondta/searchpass/stargazers)
[](https://github.com/dhondta/searchpass/network/members)
