Scanning for weak/default passwords in web servers

Tess Sluijter

Well-known member
Apr 1, 2020
376
1
535
the Netherlands
www.kilala.nl
Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.
 

Innocent V. Mulula

Well-known member
Nov 10, 2021
30
45
Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.
Thanks @Tess Sluijter
 
Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.
Great suggestion Tess! There are also a couple of different implementations of Hydra using Docker. That would be a great way to demo the use of containers.

https://hub.docker.com/r/linuxserver/hydra

and