Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/govolution/betterdefaultpasslist
https://github.com/govolution/betterdefaultpasslist
Last synced: 2 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/govolution/betterdefaultpasslist
- Owner: govolution
- Created: 2016-09-24T16:21:44.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2021-03-11T11:32:17.000Z (over 3 years ago)
- Last Synced: 2024-08-04T23:10:00.346Z (3 months ago)
- Size: 101 KB
- Stars: 595
- Watchers: 47
- Forks: 137
- Open Issues: 1
-
Metadata Files:
- Readme: README
Awesome Lists containing this project
- awesome-security-collection - **498**星
README
Note:
BetterDefaultPasslist is included in SecLists (https://github.com/danielmiessler/SecLists) and in future I will try to keep them both up-to-date (08.07.2018).
What:
- list includes default credentials from various manufacturers for their products like NAS, ERP, ICS etc., that are used for standard products like mssql, vnc, oracle and so on
- also examples for passwords, in practice those are also being used
- the sources are installation guides and other
- useful for network bruteforcing
- not meant as a complete bruteforcing list, hopefully it is a useful supplement
Why:
- some manufactures use default credentials for their products
- that might be poorly handled by the users
- setting networks at risk
What to do:
- manufacturers: do not use default passwords, instead force users to use strong credentials and document them
- users: check if it is possible to change the credentials, otherwise mitigate the risk, for example by network separation or by using proper firewall rules - yes, you can actually use local firewalls too
Changelog (small updates not included):
- 18.01.2021 added CVE-2017-7722, kudos to mcjon3z (https://github.com/govolution/betterdefaultpasslist/pull/7)
- 06.01.2021 added zyxel hard coded credentials for ssh, added web.txt (default creds for web apps) with same credentials
- 11.07.2020 added some backdoor credentials for telnet
- 10.10.2019 added default credentials for smb, ssh, mssql
- 10.10.2018 added 22 default credentials, ssh, telnet & mysql
- 12.07.2018 edoz90 added tomcat.txt
- 08.07.2018 added more credentials for ssh.txt and windows.txt
- 24.03.2018 added some creds, for VMs that are offered to download (SANS, osboxes.org and more)
- 27.09.2017 added about 10 creds
- 20.05.2017 added lots of passwords from http://www.petefinnigan.com/default/oracle_default_passwords.htm, msf wordlists and other sources, more than 600 new credentials (most oracle), added db2 and postgres.
Thanks to Pete Finnigan for creating the huge oracle default credentials list!
- 27.12.2016 addded 3 creds
- 08.11.2016 added cirros default credentials
- 01.11.2016 added a few credentials for telnet and ftp
- 29.10.2016 added sources.txt for the sources (more or less complete)
- 28.10.2016 added more credentials the last weeks
- 03.10.2016 added some default passwords from mirai bot
- 01.10.2016 now 305 default credentials
- 25.09.2016 added some credentials
- 24.09.2016 added README, 270 credentials