Scanning for weak/default passwords in web servers

[Innocent V. Mulula]

Is there an open source and free software tool for scanning weak/default passwords in web servers?

 

[Tess Sluijter]

Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.

 

[Innocent V. Mulula]

Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.

Thanks @Tess Sluijter

 

[Fanuel]

Hydra is one of the Best

 

[Brian Ford]

Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.

Great suggestion Tess! There are also a couple of different implementations of Hydra using Docker. That would be a great way to demo the use of containers.

https://hub.docker.com/r/linuxserver/hydra

and

GitHub - linuxserver/docker-nzbhydra2

Contribute to linuxserver/docker-nzbhydra2 development by creating an account on GitHub.

github.com