Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Username/Password NSE library
From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 17 Jun 2008 18:13:51 -0500

Kris Katterjohn wrote:

Now I need opinions on good username and password lists to ship and use by
default.  There is an ordered password list shipped with John the Ripper which
has 3107 entries.  The license[1] pretty much says we can distribute it if we
give credit and also ship the license.  Are there any ideas on a better list?

What about a good username list?

I suggest checking some of the Internet lists of default username/password
pairs.  It is ridiculous how often I come across equipment that has been
install and left in its default state.

It may also make sense to order this list such that more common software/devices
occur first.  If you like I can gather some of this information and condense
it down.

If you think these usernames and passwords would not be appropriate for your
application I may roll them into generic scripts based on protocol, such as
ftp, http, ssh, etc.



Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]