[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-71100":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":40,"readmeContent":41,"aiSummary":42,"trendingCount":15,"starSnapshotCount":15,"syncStatus":43,"lastSyncTime":44,"discoverSource":45},71100,"DefaultCreds-cheat-sheet","ihebski\u002FDefaultCreds-cheat-sheet","ihebski","One place for all the default credentials to assist the Blue\u002FRed teamers identifying devices with default password 🛡️","https:\u002F\u002Fpypi.org\u002Fproject\u002FDefaultCreds_cheat_sheet\u002F",null,"Python",6596,775,91,0,5,16,62,15,88.87,"MIT License",false,"main",true,[26,27,28,29,30,31,32,33,34,35,36,37,38,39],"blueteam","blueteam-tools","blueteaming","bugbounty","cheatsheet","cybersecurity","default-password","exploit","infosec","offensive-security","offensive-security-projects","pentest","pentesting","soc","2026-06-12 04:00:59","\n# Default Credentials Cheat Sheet\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\"https:\u002F\u002Fmedia.moddb.com\u002Fcache\u002Fimages\u002Fgames\u002F1\u002F65\u002F64034\u002Fthumb_620x2000\u002FLockpicking.jpg\"\u002F>\n\u003C\u002Fp>\n\n**One place for all the default credentials to assist pentesters\u002Fblue Teamers during engagements, featuring default login\u002Fpassword details for various products sourced from multiple references.**\n\n> P.S : Most of the credentials were extracted from changeme,routersploit and Seclists projects, you can use these tools to automate the process https:\u002F\u002Fgithub.com\u002Fztgrace\u002Fchangeme , https:\u002F\u002Fgithub.com\u002Fthreat9\u002Froutersploit (kudos for the awesome work)\n\n- [x] Project in progress\n\n## Motivation\n- One document for the most known vendors default credentials\n- Assist pentesters during a pentest\u002Fred teaming engagement\n- **Helping the Blue teamers to secure the company infrastructure assets by discovering this security flaw in order to mitigate it**. See \n[OWASP Guide [WSTG-ATHN-02] - Testing_for_Default_Credentials](https:\u002F\u002Fowasp.org\u002Fwww-project-web-security-testing-guide\u002Fv42\u002F4-Web_Application_Security_Testing\u002F04-Authentication_Testing\u002F02-Testing_for_Default_Credentials \"OWASP Guide\")\n\n\n#### Short stats of the dataset\n\n|       | Product\u002FVendor |\tUsername | Password |\n| --- | --- | --- | --- |\n| **count**\t| 3711\t| 3711\t| 3711 |\n| **unique** |\t1398\t| 1121 |\t1680 |\n| **top** |\tOracle| \u003Cblank> | \u003Cblank> |\n| **freq** |\t235 |\t814 |\t479 |\n\n#### Sources\n\n- [Changeme](https:\u002F\u002Fgithub.com\u002Fztgrace\u002Fchangeme \"Changeme project\")\n- [Routersploit]( https:\u002F\u002Fgithub.com\u002Fthreat9\u002Froutersploit \"Routersploit project\")\n- [betterdefaultpasslist]( https:\u002F\u002Fgithub.com\u002Fgovolution\u002Fbetterdefaultpasslist \"betterdefaultpasslist\")\n- [Seclists]( https:\u002F\u002Fgithub.com\u002Fdanielmiessler\u002FSecLists\u002Ftree\u002Fmaster\u002FPasswords\u002FDefault-Credentials \"Seclist project\")\n- [ics-default-passwords](https:\u002F\u002Fgithub.com\u002Farnaudsoullie\u002Fics-default-passwords) (thanks to @noraj)\n- Vendors documentations\u002Fblogs\n\n## Installation & Usage\n\nThe Default Credentials Cheat Sheet tool is available on [pypi](https:\u002F\u002Fpypi.org\u002Fproject\u002Fdefaultcreds-cheat-sheet\u002F)\n\n```bash\n$ pip3 install defaultcreds-cheat-sheet\n$ creds search tomcat\n```\n\n| Operating System   | Tested         |\n|---------------------|-------------------|\n| Linux(Kali,Ubuntu,Lubuntu)             | ✔️                |\n| Windows(10,11)               | ✔️                |\n| macOS               | ✔️               |\n\n##### Manual Installation\n\n```bash\n$ git clone https:\u002F\u002Fgithub.com\u002Fihebski\u002FDefaultCreds-cheat-sheet\n$ pip3 install -r requirements.txt\n$ cp creds \u002Fusr\u002Fbin\u002F && chmod +x \u002Fusr\u002Fbin\u002Fcreds\n$ creds search tomcat\n```\n\n## Creds script\n\n### Usage Guide\n```bash\n# Search for product creds\n➤ creds search tomcat\n+----------------------------------+------------+------------+\n| Product                          |  username  |  password  |\n+----------------------------------+------------+------------+\n| apache tomcat (web)              |   tomcat   |   tomcat   |\n| apache tomcat (web)              |   admin    |   admin    |\n...\n+----------------------------------+------------+------------+\n\n# Update records\n➤ creds update\nCheck for new updates...🔍\nNew updates are available 🚧\n[+] Download database...\n\n# Export Creds to files (could be used for brute force attacks)\n➤ creds search tomcat export\n+----------------------------------+------------+------------+\n| Product                          |  username  |  password  |\n+----------------------------------+------------+------------+\n| apache tomcat (web)              |   tomcat   |   tomcat   |\n| apache tomcat (web)              |   admin    |   admin    |\n...\n+----------------------------------+------------+------------+\n\n[+] Creds saved to \u002Ftmp\u002Ftomcat-usernames.txt , \u002Ftmp\u002Ftomcat-passwords.txt 📥\n```\n\n**Run creds through proxy**\n```bash\n# Search for product creds\n➤ creds search tomcat --proxy=http:\u002F\u002Flocalhost:8080\n\n# update records\n➤ creds update --proxy=http:\u002F\u002Flocalhost:8080\n\n# Search for Tomcat creds and export results to \u002Ftmp\u002Ftomcat-usernames.txt , \u002Ftmp\u002Ftomcat-passwords.txt\n➤ creds search tomcat --proxy=http:\u002F\u002Flocalhost:8080 export\n```\n\n> **Proxy option** is only available from version 0.5.2\n  \n[![asciicast](https:\u002F\u002Fasciinema.org\u002Fa\u002F526599.svg)](https:\u002F\u002Fasciinema.org\u002Fa\u002F526599)\n  \n#### Pass Station\n\n[noraj][noraj] created CLI & library to search for default credentials among this database using `DefaultCreds-Cheat-Sheet.csv`.\nThe tool is named [Pass Station][pass-station] ([Doc][ps-doc]) and has some powerful search feature (fields, switches, regexp, highlight) and output (simple table, pretty table, JSON, YAML, CSV).\n\n[![asciicast](https:\u002F\u002Fasciinema.org\u002Fa\u002F397713.svg)](https:\u002F\u002Fasciinema.org\u002Fa\u002F397713)\n\n[noraj]:https:\u002F\u002Fpwn.by\u002Fnoraj\u002F\n[pass-station]:https:\u002F\u002Fgithub.com\u002Fsec-it\u002Fpass-station\n[ps-doc]:https:\u002F\u002Fsec-it.github.io\u002Fpass-station\u002F\n\n## Contribute\n\nIf you cannot find the password for a specific product, please submit a pull request to update the dataset.\u003Cbr>\n\n> ### Disclaimer\n> **For educational purposes only, use it at your own responsibility.** \n","DefaultCreds-cheat-sheet 是一个收集了多种设备默认凭据的工具，旨在帮助蓝队和红队成员识别使用默认密码的设备。其核心功能是提供了一个包含3711条记录的数据集，涵盖了1398个不同产品或供应商的用户名和密码信息，这些数据来源于多个知名安全项目如Changeme、Routersploit等。该工具支持通过命令行界面快速查询特定产品的默认凭证，并且易于安装，在Linux、Windows以及macOS系统上均经过测试。它非常适合网络安全评估、渗透测试以及企业内部安全审计场景中使用，有助于发现并修复因默认凭据设置不当带来的安全隐患。",2,"2026-06-11 03:35:54","high_star"]