Scanning for weak/default passwords in web servers

Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.
 
Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.
Great suggestion Tess! There are also a couple of different implementations of Hydra using Docker. That would be a great way to demo the use of containers.

https://hub.docker.com/r/linuxserver/hydra

and