A default credential scanner.
changeme picks up where commercial scanners leave off. It focuses on detecting default and backdoor credentials and not necessarily common credentials. Its default mode is to scan HTTP default credentials but has support for other credentials.
changeme is designed to be simple to add new credentials without having to write any code or modules. changeme keeps credential data separate from the code. All credentials are stored in yaml files so they can be both easily read by humans and processed by changeme. Credential files can be created by using the ./changeme.py –mkcred tool and answering a few questions.
changeme supports the http/https, mssql, mysql, Postgres, ssh, ssh w/key, snmp, mongodb and ftp protocols. Use ./changeme.py –dump to output all of the currently available credentials.
You can load your targets using a variety of methods, single ip address/host, subnet, list of hosts, nmap xml file, and Shodan query. All methods except for Shodan are loaded as a positional argument and the type is inferred.
- Merged @binarycanary‘s Telnet scanner code
- New Creds
- Cisco Collaboration Endpoint
- SonarQube 7.x
- Misc IoT creds
- Netscreen backdoor creds
git clone https://github.com/ztgrace/changeme.git
pip install -r requirements.txt
Scan a subnet for default creds:
./changeme.py -s 192.168.59.0/24
Scan a single host:
./changeme.py -s 192.168.59.100
Scan using a nmap file
./changeme.py -x subnet.xml
Scan a subnet for Tomcat default creds and set the timeout to 5 seconds:
./changeme.py -s 192.168.59.0/24 -n “Apache Tomcat” –timeout 5
Use Shodan to populate a targets list and check them for default credentials:
./changeme.py –shodan_query “Server: SQ-WEBCAM” –shodan_key keygoeshere -c camera
Scan for SSH and known SSH keys
./changeme.py -s 192.168.59.0/24 –protocols ssh,ssh_key
Copyright (C) ztgrace