Scanning for weak/default passwords in web servers

Innocent V. Mulula · Mar 15, 2023

Is there an open source and free software tool for scanning weak/default passwords in web servers?

Tess Sluijter · Mar 16, 2023

Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.

Innocent V. Mulula · Mar 16, 2023

Tess Sluijter said:
Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.

Thanks @Tess Sluijter

Fanuel · Mar 16, 2023

Hydra is one of the Best

Brian Ford · Mar 20, 2023

Tess Sluijter said:
Define "in web servers".

If you mean web applications, or HTML forms, or HTTP basic auth, then yes absolutely. Something like Hydra has existed for years. Configure the authentication, feed it a wordlist and let it rip. And it'll even work for different protocols.

Great suggestion Tess! There are also a couple of different implementations of Hydra using Docker. That would be a great way to demo the use of containers.

https://hub.docker.com/r/linuxserver/hydra

and

GitHub - linuxserver/docker-nzbhydra2

Contribute to linuxserver/docker-nzbhydra2 development by creating an account on GitHub.

github.com

Search

Search

Scanning for weak/default passwords in web servers

Innocent V. Mulula

Active member

Tess Sluijter

Well-known member

Innocent V. Mulula

Active member

Fanuel

Well-known member

Brian Ford

Well-known member

GitHub - linuxserver/docker-nzbhydra2