Merge pull request #2858 from ethanous/update_default_logins_user_pass

Modified most of the default_logins templates to output username and …

default-logins/UCMDB/ucmdb-default-login.yaml

@@ -7,16 +7,27 @@ info:
   tags: ucmdb,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/ucmdb-ui/cms/loginRequest.do;"
+        POST /ucmdb-ui/cms/loginRequest.do; HTTP/1.1
-    body: "customerID=1&isEncoded=false&userName=diagnostics&password=YWRtaW4=&ldapServerName=UCMDB"
+        Host: {{Hostname}}
+
+        customerID=1&isEncoded=false&userName={{username}}&password={{base64(password)}}&ldapServerName=UCMDB
+
+    attack: pitchfork
+    payloads:
+      username:
+        - diagnostics
+      password:
+        - admin
+
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: word
+        part: header
         words:
           - "LWSSO_COOKIE_KEY"
-        part: header

default-logins/abb/cs141-default-login.yaml

@@ -17,23 +17,18 @@ requests:
         Accept: application/json, text/plain, */*
         Content-Type: application/json
 
-        {"userName":"admin","password":"cs141-snmp"}
+        {"userName":"{{user}}","password":"{{pass}}"}
 
-      - |
+    attack: pitchfork
-        POST /api/login HTTP/1.1
+    payloads:
-        Host: {{Hostname}}
+      user:
-        Accept: application/json, text/plain, */*
+        - admin
-        Content-Type: application/json
+        - engineer
-
+        - guest
-        {"userName":"engineer","password":"engineer"}
+      pass:
-
+        - cs141-snmp
-      - |
+        - engineer
-        POST /api/login HTTP/1.1
+        - guest
-        Host: {{Hostname}}
-        Accept: application/json, text/plain, */*
-        Content-Type: application/json
-
-        {"userName":"guest","password":"guest"}
 
     stop-at-first-match: true
     matchers-condition: and

default-logins/activemq/activemq-default-login.yaml

@@ -7,11 +7,20 @@ info:
   tags: apache,activemq,default-login
 
 requests:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/admin/'
+        GET /admin/ HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Authorization: "Basic YWRtaW46YWRtaW4="
+        Authorization: Basic {{base64(username + ':' + password)}}
+
+    payloads:
+      username:
+        - user
+        - admin
+      password:
+        - user
+        - admin
+    attack: pitchfork
     matchers:
       - type: word
         words:

default-logins/aem/aem-default-login.yaml

@@ -4,7 +4,7 @@ info:
   name: Adobe AEM Default Login
   author: random-robbie
   severity: critical
-  tags: aem,default-login,fuzz
+  tags: aem,default-login
 
 requests:
   - raw:
@@ -15,35 +15,22 @@ requests:
         Origin: {{BaseURL}}
         Referer: {{BaseURL}}/libs/granite/core/content/login.html
 
-        _charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true
+        _charset_=utf-8&j_username={{aem_user}}&j_password={{aem_pass}}&j_validate=true
 
+    attack: pitchfork
     payloads:
-
+      aem_user:
-      rr_username:
         - admin
         - grios
         - replication-receiver
         - vgnadmin
-        - aparker@geometrixx.info
-        - jdoe@geometrixx.info
-        - james.devore@spambob.com
-        - matt.monroe@mailinator.com
-        - aaron.mcdonald@mailinator.com
-        - jason.werner@dodgit.com
 
-      rr_password:
+      aem_pass:
         - admin
         - password
         - replication-receiver
         - vgnadmin
-        - aparker
-        - jdoe
-        - password
-        - password
-        - password
-        - password
 
-    attack: pitchfork  # Available options: sniper, pitchfork and clusterbomb
     stop-at-first-match: true
     matchers-condition: and
     matchers:
@@ -53,7 +40,7 @@ requests:
 
       - type: word
         part: header
+        condition: and
         words:
           - login-token
           - crx.default
-        condition: and

default-logins/alibaba/canal-default-login.yaml

@@ -7,21 +7,29 @@ info:
   tags: alibaba,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/api/v1/user/login"
+        POST /api/v1/user/login HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Content-Type: application/json
+        Content-Type: application/json
-    body: |
+
-      {"username":"admin","password":"123456"}
+        {"username":"{{user}}","password":"{{pass}}"}
+
+    attack: pitchfork
+    payloads:
+      user:
+        - admin
+      pass:
+        - 123456
 
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: word
+        condition: and
         words:
           - 'data":{"token"'
           - '"code":20000'
-        condition: and

default-logins/ambari/ambari-default-login.yaml

@@ -7,11 +7,17 @@ info:
   tags: ambari,default-login
 
 requests:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name'
+        GET /api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Authorization: "Basic YWRtaW46YWRtaW4="
+        Authorization: Basic {{base64(username + ':' + password)}}
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
     matchers:
       - type: word
         words:

default-logins/apache/airflow-default-login.yaml

@@ -21,8 +21,14 @@ requests:
         Content-Type: application/x-www-form-urlencoded
         Referer: {{BaseURL}}/admin/airflow/login
 
-        username=airflow&password=airflow&_csrf_token={{csrf_token}}
+        username={{username}}&password={{password}}&_csrf_token={{csrf_token}}
 
+    payloads:
+      username:
+        - airflow
+      password:
+        - airflow
+    attack: pitchfork
     extractors:
       - type: regex
         name: csrf_token

default-logins/apache/superset-default-login.yaml

@@ -21,11 +21,18 @@ requests:
         Content-Type: application/x-www-form-urlencoded
         Referer: {{BaseURL}}/admin/airflow/login
 
-        csrf_token={{csrff_token}}&username=admin&password=admin
+        csrf_token={{csrf_token}}&username={{username}}&password={{password}}
+
+    attack: pitchfork
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
 
     extractors:
       - type: regex
-        name: csrff_token
+        name: csrf_token
         group: 1
         part: body
         internal: true

default-logins/arl/arl-default-login.yaml

@@ -7,23 +7,31 @@ info:
   tags: arl,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/api/user/login"
+        POST /api/user/login HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Content-Type: application/json; charset=UTF-8
+        Content-Type: application/json; charset=UTF-8
-    body: |
+
-      {"username":"admin","password":"arlpass"}
+        {"username":"{{username}}","password":"{{password}}"}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - arlpass
+    attack: pitchfork
 
     matchers-condition: and
     matchers:
 
       - type: word
+        condition: and
         words:
           - '"message": "success"'
           - '"username": "admin"'
           - '"type": "login"'
-        condition: and
+
       - type: status
         status:
           - 200

default-logins/axis2/axis2-default-login.yaml

@@ -7,13 +7,27 @@ info:
   tags: axis,apache,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/axis2-admin/login"
+        POST /axis2-admin/login HTTP/1.1
-      - "{{BaseURL}}/axis2/axis2-admin/login"
+        Host: {{Hostname}}
-    headers:
+        Content-Type: application/x-www-form-urlencoded
-      Content-Type: application/x-www-form-urlencoded
+
-    body: "userName=admin&password=axis2&submit=+Login+"
+        loginUsername={{username}}&loginPassword={{password}}
+
+      - |
+        POST /axis2/axis2-admin/login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        userName={{username}}&password={{password}}&submit=+Login+
+
+    payloads:
+      username:
+        - admin
+      password:
+        - axis2
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/azkaban/azkaban-default-login.yaml

@@ -14,8 +14,14 @@ requests:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
-        action=login&username=admin&password=admin
+        action=login&username={{username}}&password={{password}}
 
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
     matchers-condition: and
     matchers:
       - type: word

default-logins/chinaunicom/chinaunicom-default-login.yaml

@@ -7,15 +7,26 @@ info:
   tags: chinaunicom,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/cu.html"
+        POST /cu.html HTTP/1.1
-    body: "frashnum=&action=login&Frm_Logintoken=1&Username=CUAdmin&Password=CUAdmin&Username=&Password="
+        Host: {{Hostname}}
+
+        frashnum=&action=login&Frm_Logintoken=1&Username={{username}}&Password={{password}}&Username=&Password=
+
+    attack: pitchfork
+    payloads:
+      username:
+        - CUAdmin
+      password:
+        - CUAdmin
+
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 302
+
       - type: word
         words:
           - "/menu.gch"

default-logins/dell/dell-idrac-default-login.yaml

@@ -6,11 +6,19 @@ info:
   tags: dell,idrac,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/data/login"
+        POST /data/login HTTP/1.1
+        Host: {{Hostname}}
 
-    body: "user=root&password=calvin"
+        user={{username}}&password={{password}}
+
+    payloads:
+      username:
+        - root
+      password:
+        - calvin
+    attack: pitchfork
 
     headers:
       Content-Type: "application/x-www-form-urlencode"

default-logins/dell/dell-idrac9-default-login.yaml

@@ -11,8 +11,15 @@ requests:
       - |
         POST /sysmgmt/2015/bmc/session HTTP/1.1
         Host: {{Hostname}}
-        User: "root"
+        User: "{{username}}"
-        Password: "calvin"
+        Password: "{{password}}"
+
+    payloads:
+      username:
+        - root
+      password:
+        - calvin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/dell/emcecom-default-login.yaml

@@ -9,11 +9,18 @@ info:
   tags: dell,emc,ecom,default-login
 
 requests:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}'
+        GET / HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Authorization: Basic YWRtaW46IzFQYXNzd29yZA==
+        Authorization: Basic {{base64(username + ':' + password)}}
+
+    payloads:
+      username:
+        - root
+      password:
+        - calvin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/druid/druid-default-login.yaml

@@ -7,12 +7,25 @@ info:
   tags: druid,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/druid/submitLogin"
+        POST /druid/submitLogin HTTP/1.1
-      - "{{BaseURL}}/submitLogin"
+        Host: {{Hostname}}
 
-    body: "loginUsername=admin&loginPassword=admin"
+        loginUsername={{username}}&loginPassword={{password}}
+
+      - |
+        POST /submitLogin HTTP/1.1
+        Host: {{Hostname}}
+
+        loginUsername={{username}}&loginPassword={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/dvwa/dvwa-default-login.yaml

@@ -20,7 +20,14 @@ requests:
         Cookie: PHPSESSID={{session}}; security=low
         Connection: close
 
-        username=admin&password=password&Login=Login&user_token={{token}}
+        username={{username}}&password={{password}}&Login=Login&user_token={{token}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - password
+    attack: pitchfork
 
     extractors:
       - type: regex

default-logins/exacqvision/exacqvision-default-login.yaml

@@ -15,7 +15,14 @@ requests:
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
         Connection: close
 
-        action=login&u=admin&p=admin256
+        action=login&u={{username}}&p={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin256
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/flir/flir-default-login.yaml

@@ -14,7 +14,14 @@ requests:
         Accept: */*
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
-        user_name=admin&user_password=admin
+        user_name={{username}}&user_password={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/frps/frp-default-login.yaml

@@ -8,11 +8,18 @@ info:
   reference: https://github.com/fatedier/frp/issues/1840
 
 requests:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/api/proxy/tcp"
+        GET /api/proxy/tcp HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Authorization: "Basic YWRtaW46YWRtaW4="
+        Authorization: Basic {{base64(username + ':' + password)}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/gitlab/gitlab-weak-login.yaml

@@ -17,13 +17,13 @@ requests:
         Referer: {{BaseURL}}
         content-type: application/json
 
-        {"grant_type":"password","username":"§gitlab_user§","password":"§gitlab_password§"}
+        {"grant_type":"password","username":"{{username}}","password":"{{password}}"}
 
     payloads:
-      gitlab_password:
+      password:
         - 12345
         - 123456789
-      gitlab_user:
+      username:
         - 1234
         - admin
 

default-logins/glpi/glpi-default-login.yaml

@@ -1,4 +1,5 @@
 id: glpi-default-login
+
 info:
   name: GLPI Default Login
   author: andysvints
@@ -20,10 +21,14 @@ requests:
         Content-Type: application/x-www-form-urlencoded
         Referer: {{BaseURL}}
 
-        {{name}}=glpi&{{password}}=glpi&auth=local&submit=Submit&_glpi_csrf_token={{token}}
+        {{name}}={{user}}&{{password}}={{pass}}&auth=local&submit=Submit&_glpi_csrf_token={{token}}
 
-    cookie-reuse: true
+    attack: pitchfork
-    redirects: true
+    payloads:
+      user:
+        - glpi
+      pass:
+        - glpi
 
     extractors:
       - type: regex
@@ -50,11 +55,13 @@ requests:
         regex:
           - "type=\"password\" name=\"([0-9a-z]+)\" id=\"login_password\" required=\"required\""
 
+    cookie-reuse: true
     matchers-condition: and
     matchers:
       - type: word
         words:
           - '<title>GLPI - Standard Interface</title>'
+
       - type: status
         status:
           - 200

default-logins/grafana/grafana-default-login.yaml

@@ -19,15 +19,17 @@ requests:
         Referer: {{BaseURL}}
         content-type: application/json
 
-        {"user":"admin","password":"§grafana_password§"}
+        {"user":"{{username}}","password":"{{password}}"}
-
 
+    attack: pitchfork
     payloads:
-      grafana_password:
+      username:
-        - prom-operator
+        - admin
         - admin
 
-    attack: sniper
+      password:
+        - prom-operator
+        - admin
 
     matchers-condition: and
     matchers:

default-logins/guacamole/guacamole-default-login.yaml

@@ -16,7 +16,14 @@ requests:
         Origin: {{Hostname}}
         Referer: {{Hostname}}
 
-        username=guacadmin&password=guacadmin
+        username={{username}}&password={{password}}
+
+    payloads:
+      username:
+        - guacadmin
+      password:
+        - guacadmin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/hongdian/hongdian-default-login.yaml

@@ -11,17 +11,26 @@ requests:
       - |
         GET / HTTP/1.1
         Host: {{Hostname}}
-        Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
+        Authorization: Basic {{base64(username + ':' + password)}}
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
         Accept-Encoding: gzip, deflate
 
       - |
         GET / HTTP/1.1
         Host: {{Hostname}}
-        Authorization: Basic YWRtaW46YWRtaW4=
+        Authorization: Basic {{base64(username + ':' + password)}}
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
         Accept-Encoding: gzip, deflate
 
+    payloads:
+      username:
+        - guest
+        - admin
+      password:
+        - guest
+        - admin
+    attack: pitchfork
+
     matchers-condition: and
     matchers:
       - type: word

default-logins/hortonworks/smartsense-default-login.yaml

@@ -9,11 +9,18 @@ info:
   tags: hortonworks,smartsense,default-login
 
 requests:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/apt/v1/context'
+        GET /apt/v1/context HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Authorization: Basic YWRtaW46YWRtaW4=
+        Authorization: Basic {{base64(username + ':' + password)}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/hp/hp-switch-default-login.yaml

@@ -14,7 +14,13 @@ requests:
           POST /htdocs/login/login.lua HTTP/1.1
           Host: {{Hostname}}
 
-          username=admin&password=
+          username={{username}}&password=
+
+    payloads:
+      username:
+        - admin
+
+    attack: sniper
 
     matchers-condition: and
     matchers:

default-logins/ibm/ibm-storage-default-credential.yaml

@@ -14,7 +14,14 @@ requests:
         Origin: {{BaseURL}}
         Content-Type: application/x-www-form-urlencoded
 
-        j_username=admin&j_password=admin&continue=&submit=submit+form
+        j_username={{username}}&j_password={{password}}&continue=&submit=submit+form
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/idemia/idemia-biometrics-default-login.yaml

@@ -9,11 +9,17 @@ info:
   tags: idemia,biometrics,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/cgi-bin/login.cgi'
+        POST /cgi-bin/login.cgi HTTP/1.1
+        Host: {{Hostname}}
 
-    body: password=12345
+        password={{password}}
+
+    payloads:
+      password:
+        - 12345
+    attack: sniper
 
     matchers-condition: and
     matchers:

default-logins/iptime/iptime-default-login.yaml

@@ -13,7 +13,14 @@ requests:
         Host: {{Hostname}}
         Referer: {{BaseURL}}/sess-bin/login_session.cgi
 
-        username=admin&passwd=admin
+        username={{username}}&passwd={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/jenkins/jenkins-default.yaml

@@ -18,21 +18,22 @@ requests:
         Content-Type: application/x-www-form-urlencoded
         Cookie: {{cookie}}
 
-        j_username=admin&j_password=admin&from=%2F&Submit=Sign+in
+        j_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in
-
-      - |
-        POST /j_spring_security_check HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-        Cookie: {{cookie}}
-
-        j_username=jenkins&j_password=password&from=%2F&Submit=Sign+in
 
       - |
         GET / HTTP/1.1
         Host: {{Hostname}}
         Cookie: {{cookie}}
 
+    attack: pitchfork
+    payloads:
+      username:
+        - admin
+        - jenkins
+      password:
+        - admin
+        - password
+
     extractors:
       - type: regex
         name: cookie
@@ -44,7 +45,7 @@ requests:
     req-condition: true
     matchers:
       - type: dsl
-        dsl:
-          - 'contains(body_4, "/logout")'
-          - 'contains(body_4, "Dashboard [Jenkins]")'
         condition: and
+        dsl:
+          - 'contains(body_3, "/logout")'
+          - 'contains(body_3, "Dashboard [Jenkins]")'

default-logins/minio/minio-default-login.yaml

@@ -7,23 +7,20 @@ info:
   tags: default-login,minio
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/minio/webrpc"
+        POST /minio/webrpc HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
 
-    headers:
+        {"id":1,"jsonrpc":"2.0","params":{"username":"{{username}}","password":"{{password}}"},"method":"Web.Login"}
-      Content-Type: application/json
 
-    body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}'
+    payloads:
-
+      username:
-  - method: POST
+        - minioadmin
-    path:
+      password:
-      - "{{BaseURL}}/minio/webrpc"
+        - minioadmin
-
+    attack: pitchfork
-    headers:
-      Content-Type: application/json
-
-    body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}'
 
     matchers-condition: and
     matchers:

default-logins/nagios/nagios-default-login.yaml

@@ -6,17 +6,27 @@ info:
   tags: nagios,default-login
   reference: https://www.nagios.org
 requests:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/nagios/side.php"
+        GET /nagios/side.php HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Authorization: Basic bmFnaW9zYWRtaW46bmFnaW9zYWRtaW4=
+        Authorization: Basic {{base64(username + ':' + password)}}
+
+    payloads:
+      username:
+        - nagiosadmin
+        - root
+      password:
+        - nagiosadmin
+        - nagiosxi
+    attack: pitchfork
 
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
+
       - type: word
         words:
           - 'Current Status'

default-logins/nexus/nexus-default-login.yaml

@@ -14,7 +14,14 @@ requests:
         X-Nexus-UI: true
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
-        username=YWRtaW4%3D&password=YWRtaW4xMjM%3D
+        username={{base64(username)}}&password={{base64(password)}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin123
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/nps/nps-default-login.yaml

@@ -7,13 +7,21 @@ info:
   tags: nps,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/login/verify"
+        POST /login/verify HTTP/1.1
-    body: "username=admin&password=123"
+        Host: {{Hostname}}
-    headers:
+        Content-Type: application/x-www-form-urlencoded
-      Content-Type: application/x-www-form-urlencoded
+        Referer: {{Hostname}}/login/index
-      Referer: "{{Hostname}}/login/index"
+
+        username={{username}}&password={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - 123
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/ofbiz/ofbiz-default-login.yaml

@@ -7,12 +7,21 @@ info:
   tags: ofbiz,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/control/login'
+        POST /control/login HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Content-Type: application/x-www-form-urlencoded
+        Content-Type: application/x-www-form-urlencoded
-    body: USERNAME=admin&PASSWORD=ofbiz&FTOKEN=&JavaScriptEnabled=Y
+
+        USERNAME={{username}}&PASSWORD={{password}}&FTOKEN=&JavaScriptEnabled=Y
+
+    payloads:
+      username:
+        - admin
+      password:
+        - ofbiz
+    attack: pitchfork
+
     matchers:
       - type: word
         words:

default-logins/oracle/businessintelligence-default-login.yaml

@@ -19,13 +19,20 @@ requests:
            <soapenv:Header/>
            <soapenv:Body>
               <rep:createSession soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
-                 <username xsi:type="xsd:string">Administrator</username>
+                 <username xsi:type="xsd:string">{{username}}</username>
-                 <password xsi:type="xsd:string">Administrator</password>
+                 <password xsi:type="xsd:string">{{password}}</password>
                  <domain xsi:type="xsd:string">bi</domain>
               </rep:createSession>
            </soapenv:Body>
         </soapenv:Envelope>
 
+    payloads:
+      username:
+        - Administrator
+      password:
+        - Administrator
+    attack: pitchfork
+
     matchers-condition: and
     matchers:
       - type: status

default-logins/paloalto/panos-default-login.yaml

@@ -9,11 +9,20 @@ info:
   tags: paloalto,panos,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/php/login.php'
+        POST /php/login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
 
-    body: user=admin&passwd=admin&challengePwd=&ok=Login
+        user={{username}}&passwd={{password}}&challengePwd=&ok=Login
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/panabit/panabit-default-login.yaml

@@ -19,15 +19,22 @@ requests:
         Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
 
         ------WebKitFormBoundaryAjZMsILtbrBp8VbC
-        Content-Disposition: form-data; name="username"
+        Content-Disposition: form-data; name="{{username}}"
 
         admin
         ------WebKitFormBoundaryAjZMsILtbrBp8VbC
-        Content-Disposition: form-data; name="password"
+        Content-Disposition: form-data; name="{{password}}"
 
         panabit
         ------WebKitFormBoundaryAjZMsILtbrBp8VbC--
 
+    payloads:
+      username:
+        - username
+      password:
+        - password
+    attack: pitchfork
+
     matchers-condition: and
     matchers:
       - type: word

default-logins/rabbitmq/rabbitmq-default-login.yaml

@@ -7,11 +7,20 @@ info:
   tags: rabbitmq,default-login
 
 requests:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/api/whoami"
+        GET /api/whoami HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Authorization: "Basic Z3Vlc3Q6Z3Vlc3Q="
+        Content-Type: application/x-www-form-urlencoded
+        Authorization: Basic {{base64(username + ':' + password)}}
+
+    payloads:
+      username:
+        - guest
+      password:
+        - guest
+    attack: pitchfork
+
     matchers-condition: and
     matchers:
       - type: word

default-logins/ricoh/ricoh-weak-password.yaml

@@ -14,7 +14,12 @@ requests:
         Host: {{Hostname}}
         Cookie: cookieOnOffChecker=on;
 
-        wimToken=&userid_work=&userid=YWRtaW4%3D&password_work=&password=&open=
+        wimToken=&userid_work=&userid={{base64(username)}}&password_work=&password=&open=
+
+    payloads:
+      username:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/rockmongo/rockmongo-default-login.yaml

@@ -14,7 +14,14 @@ requests:
         Content-Type: application/x-www-form-urlencoded
         Referer: {{Hostname}}/index.php?action=login.index
 
-        more=0&host=0&username=admin&password=admin&db=&lang=en_us&expire=3
+        more=0&host=0&username={{username}}&password={{password}}&db=&lang=en_us&expire=3
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/samsung/samsung-wlan-default-login.yaml

@@ -8,18 +8,28 @@ info:
   tags: samsung,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/main.ehp"
+        POST /main.ehp HTTP/1.1
-    body: "httpd;General;lang=en&login_id=root&login_pw=sweap12~"
+        Host: {{Hostname}}
+
+        httpd;General;lang=en&login_id={{username}}&login_pw={{password}}
+
+    payloads:
+      username:
+        - root
+      password:
+        - sweap12~
+    attack: pitchfork
 
     matchers-condition: and
     matchers:
       - type: word
+        part: body
         words:
           - "document.formParent2.changepasswd1.value"
           - "passwd_change.ehp"
-        part: body
+
       - type: status
         status:
           - 200

default-logins/showdoc/showdoc-default-login.yaml

@@ -9,14 +9,21 @@ info:
   tags: showdoc,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/server/index.php?s=/api/user/login"
+        POST /server/index.php?s=/api/user/login HTTP/1.1
-    body: |
+        Host: {{Hostname}}
-      username=showdoc&password=123456&v_code=
+        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
+
+        username={{username}}&password={{password}}&v_code=
+
+    payloads:
+      username:
+        - showdoc
+      password:
+        - 123456
+    attack: pitchfork
 
-    headers:
-      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
     matchers-condition: and
     matchers:
 

default-logins/solarwinds/solarwinds-default-login.yaml

@@ -12,12 +12,22 @@ info:
   # {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337}
 
 requests:
-  - method: GET
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS" # First path is default base path
+        GET /SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
-      - "{{BaseURL}}/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS"
+        Host: {{Hostname}}
-    headers:
+        Authorization: Basic {{base64(username)}}
-      Authorization: "Basic YWRtaW46"
+
+      - |
+        GET /InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
+        Host: {{Hostname}}
+        Authorization: Basic {{base64(username)}}
+
+    payloads:
+      username:
+        - admin
+    attack: pitchfork
+
     matchers-condition: and
     matchers:
       - type: word

default-logins/spectracom/spectracom-default-login.yaml

@@ -13,7 +13,14 @@ requests:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-        data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D=spadmin&data%5BUser%5D%5Bpassword%5D=admin123
+        data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D={{username}}&data%5BUser%5D%5Bpassword%5D={{password}}
+
+    payloads:
+      username:
+        - spadmin
+      password:
+        - admin123
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/szhe/szhe-default-login.yaml

@@ -9,13 +9,20 @@ info:
     - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/login/"
+        POST /login/ HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Content-Type: application/x-www-form-urlencoded
+        Content-Type: application/x-www-form-urlencoded
-    body: |
+
-      email=springbird@qq.com&password=springbird&remeber=true
+        email={{username}}&password={{password}}&remeber=true
+
+    payloads:
+      username:
+        - springbird@qq.com
+      password:
+        - springbird
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/vidyo/vidyo-default-login.yaml

@@ -24,7 +24,14 @@ requests:
         Referer: {{RootURL}}/super/login.html?lang=en
         Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en
 
-        username=super&password=password
+        username={{username}}&password={{password}}
+
+    payloads:
+      username:
+        - super
+      password:
+        - password
+    attack: pitchfork
 
     extractors:
       - type: regex

default-logins/viewpoint/trilithic-viewpoint-login.yaml

@@ -16,7 +16,14 @@ requests:
         Content-Type: application/json
         Cookie: trilithic_win_auth=false
 
-        {u:"admin", t:"undefined", p:"trilithic", d:"", r:false, w:false}
+        {u:"{{username}}", t:"undefined", p:"{{password}}", d:"", r:false, w:false}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - trilithic
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/visionhub/visionhub-default-login.yaml

@@ -9,11 +9,18 @@ info:
   reference: https://www.qognify.com/products/visionhub/
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/VisionHubWebApi/api/Login'
+        POST /VisionHubWebApi/api/Login HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Authorization: Basic YWRtaW46YWRtaW4=
+        Authorization: Basic {{base64(username + ':' + password)}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/wifisky/wifisky-default-login.yaml

@@ -16,7 +16,14 @@ requests:
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
         Connection: close
 
-        username=admin&password=admin
+        username={{username}}&password={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/wso2/wso2-default-login.yaml

@@ -14,7 +14,14 @@ requests:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-        username=admin&password=admin
+        username={{username}}&password={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     redirects: false
     matchers:

default-logins/xxljob/xxljob-default-login.yaml

@@ -14,7 +14,14 @@ requests:
         Host:{{Hostname}}
         Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 
-        userName=admin&password=123456
+        userName={{username}}&password={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - 123456
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/zabbix/zabbix-default-login.yaml

@@ -7,14 +7,21 @@ info:
   tags: zabbix,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/index.php'
+        POST /index.php HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-      X-Requested-With: XMLHttpRequest
+        X-Requested-With: XMLHttpRequest
 
-    body: name=Admin&password=zabbix&autologin=1&enter=Sign+in
+        name={{username}}&password={{password}}&autologin=1&enter=Sign+in
+
+    payloads:
+      username:
+        - Admin
+      password:
+        - zabbix
+    attack: pitchfork
 
     matchers-condition: and
     matchers:

default-logins/zmanda/zmanda-default-login.yaml

@@ -9,14 +9,21 @@ info:
   tags: zmanda,default-login
 
 requests:
-  - method: POST
+  - raw:
-    path:
+      - |
-      - '{{BaseURL}}/ZMC_Admin_Login'
+        POST /ZMC_Admin_Login HTTP/1.1
-    headers:
+        Host: {{Hostname}}
-      Content-Type: application/x-www-form-urlencoded
+        Content-Type: application/x-www-form-urlencoded
-      Cookie: zmc_cookies_enabled=true
+        Cookie: zmc_cookies_enabled=true
 
-    body: login=AEE&last_page=&username=admin&password=admin&submit=Login&JS_SWITCH=JS_ON
+        login=AEE&last_page=&username={{username}}&password={{password}}&submit=Login&JS_SWITCH=JS_ON
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
 
     matchers-condition: and
     matchers: