Default Credentials Cheat Sheet Github
Default Credentials Cheat Sheet Github

Default Credentials Cheat Sheet

One place for all the default credentials to assist the pentesters during an engagement, this document has a several products default credentials that are gathered from several sources.

P.S : Most of the credentials are extracted from the changeme,routersploit and Seclists projects, you can use these tools to automate the process changemeroutersploit (kudos for the awesome work)

Motivation

  • One document for the most known vendors default credentials
  • Assist pentesters during a pentest/red teaming engagement
  • Helping the Red/Blue teamers to secure the company infrastructure by discovering this security flaw in order to mitigate it. See OWASP Guide [WSTG-ATHN-02]

Short stats of the dataset

.Product/VendorUsernamePassword
count352531523525
unique107511691713
topOracleadmin
freq235507422

Sources

"
"

Creds script

You can turn the cheat sheet into a cli command and perform search queries for a specific product.

# Usage
➤ python3 creds search tomcat                                                                                                      
+----------------------------------+------------+------------+
| Product                          |  username  |  password  |
+----------------------------------+------------+------------+
| apache tomcat (web)              |   tomcat   |   tomcat   |
| apache tomcat (web)              |   admin    |   admin    |
...
+----------------------------------+------------+------------+

Contribute

If you cannot find the password for a specific product, please submit a pull request to update the dataset.

Disclaimer

For educational purposes only, use it at your own responsibility.

Product/VendorUsernamePassword
Zyxel (ssh)zyfwpPrOw!aN_fXp
APC UPS (web)apcapc 
Weblogic (web)systemmanager
Weblogic (web)systemmanager
Weblogic (web)weblogicweblogic1
Weblogic (web)WEBLOGICWEBLOGIC
Weblogic (web)PUBLICPUBLIC
Weblogic (web)EXAMPLESEXAMPLES
Weblogic (web)weblogicweblogic
Weblogic (web)systempassword
Weblogic (web)weblogicwelcome(1)
Weblogic (web)systemwelcome(1)
Weblogic (web)operatorweblogic
Weblogic (web)operatorpassword
Weblogic (web)systemPassw0rd
Weblogic (web)monitorpassword
more….…..
Dark Mode

DefaultCreds-cheat-sheet (this link opens in a new window) by ihebski (this link opens in a new window)

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️