daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2858 from ethanous/update_default_logins_user_pass 

Modified most of the default_logins templates to output username and …
patch-1
Prince Chaddha 2021-10-11 17:37:30 +05:30 committed by GitHub
parent d7cd9a21de dd3413ab06
commit 38948ce4d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
55 changed files with 606 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
default-logins/UCMDB/ucmdb-default-login.yaml
View File

@ -7,16 +7,27 @@ info:
tags: ucmdb,default-login tags: ucmdb,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/ucmdb-ui/cms/loginRequest.do;" POST /ucmdb-ui/cms/loginRequest.do; HTTP/1.1
body: "customerID=1&isEncoded=false&userName=diagnostics&password=YWRtaW4=&ldapServerName=UCMDB" Host: {{Hostname}}
customerID=1&isEncoded=false&userName={{username}}&password={{base64(password)}}&ldapServerName=UCMDB
attack: pitchfork
payloads:
username:
- diagnostics
password:
- admin
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
part: header
words: words:
- "LWSSO_COOKIE_KEY" - "LWSSO_COOKIE_KEY"
part: header

27
default-logins/abb/cs141-default-login.yaml
View File

@ -17,23 +17,18 @@ requests:
Accept: application/json, text/plain, */* Accept: application/json, text/plain, */*
Content-Type: application/json Content-Type: application/json
{"userName":"admin","password":"cs141-snmp"} {"userName":"{{user}}","password":"{{pass}}"}
- | attack: pitchfork
POST /api/login HTTP/1.1 payloads:
Host: {{Hostname}} user:
Accept: application/json, text/plain, */* - admin
Content-Type: application/json - engineer
- guest
{"userName":"engineer","password":"engineer"} pass:
- cs141-snmp
- | - engineer
POST /api/login HTTP/1.1 - guest
Host: {{Hostname}}
Accept: application/json, text/plain, */*
Content-Type: application/json
{"userName":"guest","password":"guest"}
stop-at-first-match: true stop-at-first-match: true
matchers-condition: and matchers-condition: and

21
default-logins/activemq/activemq-default-login.yaml
View File

@ -7,14 +7,23 @@ info:
tags: apache,activemq,default-login tags: apache,activemq,default-login
requests: requests:
- method: GET - raw:
path: - |
- '{{BaseURL}}/admin/' GET /admin/ HTTP/1.1
headers: Host: {{Hostname}}
Authorization: "Basic YWRtaW46YWRtaW4=" Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- user
- admin
password:
- user
- admin
attack: pitchfork
matchers: matchers:
- type: word - type: word
words: words:
- 'Welcome to the Apache ActiveMQ Console of <b>' - 'Welcome to the Apache ActiveMQ Console of <b>'
- '<h2>Broker</h2>' - '<h2>Broker</h2>'
condition: and condition: and

25
default-logins/aem/aem-default-login.yaml
View File

@ -4,7 +4,7 @@ info:
name: Adobe AEM Default Login name: Adobe AEM Default Login
author: random-robbie author: random-robbie
severity: critical severity: critical
tags: aem,default-login,fuzz tags: aem,default-login
requests: requests:
- raw: - raw:
@ -15,35 +15,22 @@ requests:
Origin: {{BaseURL}} Origin: {{BaseURL}}
Referer: {{BaseURL}}/libs/granite/core/content/login.html Referer: {{BaseURL}}/libs/granite/core/content/login.html
_charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true _charset_=utf-8&j_username={{aem_user}}&j_password={{aem_pass}}&j_validate=true
attack: pitchfork
payloads: payloads:
aem_user:
rr_username:
- admin - admin
- grios - grios
- replication-receiver - replication-receiver
- vgnadmin - vgnadmin
- aparker@geometrixx.info
- jdoe@geometrixx.info
- james.devore@spambob.com
- matt.monroe@mailinator.com
- aaron.mcdonald@mailinator.com
- jason.werner@dodgit.com
rr_password: aem_pass:
- admin - admin
- password - password
- replication-receiver - replication-receiver
- vgnadmin - vgnadmin
- aparker
- jdoe
- password
- password
- password
- password
attack: pitchfork # Available options: sniper, pitchfork and clusterbomb
stop-at-first-match: true stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
@ -53,7 +40,7 @@ requests:
- type: word - type: word
part: header part: header
condition: and
words: words:
- login-token - login-token
- crx.default - crx.default
condition: and

24
default-logins/alibaba/canal-default-login.yaml
View File

@ -7,21 +7,29 @@ info:
tags: alibaba,default-login tags: alibaba,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/api/v1/user/login" POST /api/v1/user/login HTTP/1.1
headers: Host: {{Hostname}}
Content-Type: application/json Content-Type: application/json
body: |
{"username":"admin","password":"123456"} {"username":"{{user}}","password":"{{pass}}"}
attack: pitchfork
payloads:
user:
- admin
pass:
- 123456
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
condition: and
words: words:
- 'data":{"token"' - 'data":{"token"'
- '"code":20000' - '"code":20000'
condition: and

16
default-logins/ambari/ambari-default-login.yaml
View File

@ -7,11 +7,17 @@ info:
tags: ambari,default-login tags: ambari,default-login
requests: requests:
- method: GET - raw:
path: - |
- '{{BaseURL}}/api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name' GET /api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name HTTP/1.1
headers: Host: {{Hostname}}
Authorization: "Basic YWRtaW46YWRtaW4=" Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers: matchers:
- type: word - type: word
words: words:

8
default-logins/apache/airflow-default-login.yaml
View File

@ -21,8 +21,14 @@ requests:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}/admin/airflow/login Referer: {{BaseURL}}/admin/airflow/login
username=airflow&password=airflow&_csrf_token={{csrf_token}} username={{username}}&password={{password}}&_csrf_token={{csrf_token}}
payloads:
username:
- airflow
password:
- airflow
attack: pitchfork
extractors: extractors:
- type: regex - type: regex
name: csrf_token name: csrf_token

11
default-logins/apache/superset-default-login.yaml
View File

@ -21,11 +21,18 @@ requests:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}/admin/airflow/login Referer: {{BaseURL}}/admin/airflow/login
csrf_token={{csrff_token}}&username=admin&password=admin csrf_token={{csrf_token}}&username={{username}}&password={{password}}
attack: pitchfork
payloads:
username:
- admin
password:
- admin
extractors: extractors:
- type: regex - type: regex
name: csrff_token name: csrf_token
group: 1 group: 1
part: body part: body
internal: true internal: true

24
default-logins/arl/arl-default-login.yaml
View File

@ -7,23 +7,31 @@ info:
tags: arl,default-login tags: arl,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/api/user/login" POST /api/user/login HTTP/1.1
headers: Host: {{Hostname}}
Content-Type: application/json; charset=UTF-8 Content-Type: application/json; charset=UTF-8
body: |
{"username":"admin","password":"arlpass"} {"username":"{{username}}","password":"{{password}}"}
payloads:
username:
- admin
password:
- arlpass
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
condition: and
words: words:
- '"message": "success"' - '"message": "success"'
- '"username": "admin"' - '"username": "admin"'
- '"type": "login"' - '"type": "login"'
condition: and
- type: status - type: status
status: status:
- 200 - 200

28
default-logins/axis2/axis2-default-login.yaml
View File

@ -7,13 +7,27 @@ info:
tags: axis,apache,default-login tags: axis,apache,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/axis2-admin/login" POST /axis2-admin/login HTTP/1.1
- "{{BaseURL}}/axis2/axis2-admin/login" Host: {{Hostname}}
headers: Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
body: "userName=admin&password=axis2&submit=+Login+" loginUsername={{username}}&loginPassword={{password}}
- |
POST /axis2/axis2-admin/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
userName={{username}}&password={{password}}&submit=+Login+
payloads:
username:
- admin
password:
- axis2
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

8
default-logins/azkaban/azkaban-default-login.yaml
View File

@ -14,8 +14,14 @@ requests:
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
action=login&username=admin&password=admin action=login&username={{username}}&password={{password}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word

19
default-logins/chinaunicom/chinaunicom-default-login.yaml
View File

@ -7,15 +7,26 @@ info:
tags: chinaunicom,default-login tags: chinaunicom,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/cu.html" POST /cu.html HTTP/1.1
body: "frashnum=&action=login&Frm_Logintoken=1&Username=CUAdmin&Password=CUAdmin&Username=&Password=" Host: {{Hostname}}
frashnum=&action=login&Frm_Logintoken=1&Username={{username}}&Password={{password}}&Username=&Password=
attack: pitchfork
payloads:
username:
- CUAdmin
password:
- CUAdmin
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 302 - 302
- type: word - type: word
words: words:
- "/menu.gch" - "/menu.gch"

16
default-logins/dell/dell-idrac-default-login.yaml
View File

@ -6,11 +6,19 @@ info:
tags: dell,idrac,default-login tags: dell,idrac,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/data/login" POST /data/login HTTP/1.1
Host: {{Hostname}}
body: "user=root&password=calvin" user={{username}}&password={{password}}
payloads:
username:
- root
password:
- calvin
attack: pitchfork
headers: headers:
Content-Type: "application/x-www-form-urlencode" Content-Type: "application/x-www-form-urlencode"

11
default-logins/dell/dell-idrac9-default-login.yaml
View File

@ -11,8 +11,15 @@ requests:
- | - |
POST /sysmgmt/2015/bmc/session HTTP/1.1 POST /sysmgmt/2015/bmc/session HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
User: "root" User: "{{username}}"
Password: "calvin" Password: "{{password}}"
payloads:
username:
- root
password:
- calvin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

17
default-logins/dell/emcecom-default-login.yaml
View File

@ -9,11 +9,18 @@ info:
tags: dell,emc,ecom,default-login tags: dell,emc,ecom,default-login
requests: requests:
- method: GET - raw:
path: - |
- '{{BaseURL}}' GET / HTTP/1.1
headers: Host: {{Hostname}}
Authorization: Basic YWRtaW46IzFQYXNzd29yZA== Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- root
password:
- calvin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

23
default-logins/druid/druid-default-login.yaml
View File

@ -7,12 +7,25 @@ info:
tags: druid,default-login tags: druid,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/druid/submitLogin" POST /druid/submitLogin HTTP/1.1
- "{{BaseURL}}/submitLogin" Host: {{Hostname}}
body: "loginUsername=admin&loginPassword=admin" loginUsername={{username}}&loginPassword={{password}}
- |
POST /submitLogin HTTP/1.1
Host: {{Hostname}}
loginUsername={{username}}&loginPassword={{password}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/dvwa/dvwa-default-login.yaml
View File

@ -20,7 +20,14 @@ requests:
Cookie: PHPSESSID={{session}}; security=low Cookie: PHPSESSID={{session}}; security=low
Connection: close Connection: close
username=admin&password=password&Login=Login&user_token={{token}} username={{username}}&password={{password}}&Login=Login&user_token={{token}}
payloads:
username:
- admin
password:
- password
attack: pitchfork
extractors: extractors:
- type: regex - type: regex

9
default-logins/exacqvision/exacqvision-default-login.yaml
View File

@ -15,7 +15,14 @@ requests:
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Connection: close Connection: close
action=login&u=admin&p=admin256 action=login&u={{username}}&p={{password}}
payloads:
username:
- admin
password:
- admin256
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/flir/flir-default-login.yaml
View File

@ -14,7 +14,14 @@ requests:
Accept: */* Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
user_name=admin&user_password=admin user_name={{username}}&user_password={{password}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

17
default-logins/frps/frp-default-login.yaml
View File

@ -8,11 +8,18 @@ info:
reference: https://github.com/fatedier/frp/issues/1840 reference: https://github.com/fatedier/frp/issues/1840
requests: requests:
- method: GET - raw:
path: - |
- "{{BaseURL}}/api/proxy/tcp" GET /api/proxy/tcp HTTP/1.1
headers: Host: {{Hostname}}
Authorization: "Basic YWRtaW46YWRtaW4=" Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

6
default-logins/gitlab/gitlab-weak-login.yaml
View File

@ -17,13 +17,13 @@ requests:
Referer: {{BaseURL}} Referer: {{BaseURL}}
content-type: application/json content-type: application/json
{"grant_type":"password","username":"§gitlab_user§","password":"§gitlab_password§"} {"grant_type":"password","username":"{{username}}","password":"{{password}}"}
payloads: payloads:
gitlab_password: password:
- 12345 - 12345
- 123456789 - 123456789
gitlab_user: username:
- 1234 - 1234
- admin - admin

13
default-logins/glpi/glpi-default-login.yaml
View File

@ -1,4 +1,5 @@
id: glpi-default-login id: glpi-default-login
info: info:
name: GLPI Default Login name: GLPI Default Login
author: andysvints author: andysvints
@ -20,10 +21,14 @@ requests:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}} Referer: {{BaseURL}}
{{name}}=glpi&{{password}}=glpi&auth=local&submit=Submit&_glpi_csrf_token={{token}} {{name}}={{user}}&{{password}}={{pass}}&auth=local&submit=Submit&_glpi_csrf_token={{token}}
cookie-reuse: true attack: pitchfork
redirects: true payloads:
user:
- glpi
pass:
- glpi
extractors: extractors:
- type: regex - type: regex
@ -50,11 +55,13 @@ requests:
regex: regex:
- "type=\"password\" name=\"([0-9a-z]+)\" id=\"login_password\" required=\"required\"" - "type=\"password\" name=\"([0-9a-z]+)\" id=\"login_password\" required=\"required\""
cookie-reuse: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- '<title>GLPI - Standard Interface</title>' - '<title>GLPI - Standard Interface</title>'
- type: status - type: status
status: status:
- 200 - 200

12
default-logins/grafana/grafana-default-login.yaml
View File

@ -19,15 +19,17 @@ requests:
Referer: {{BaseURL}} Referer: {{BaseURL}}
content-type: application/json content-type: application/json
{"user":"admin","password":"§grafana_password§"} {"user":"{{username}}","password":"{{password}}"}
attack: pitchfork
payloads: payloads:
grafana_password: username:
- prom-operator - admin
- admin - admin
attack: sniper password:
- prom-operator
- admin
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/guacamole/guacamole-default-login.yaml
View File

@ -16,7 +16,14 @@ requests:
Origin: {{Hostname}} Origin: {{Hostname}}
Referer: {{Hostname}} Referer: {{Hostname}}
username=guacadmin&password=guacadmin username={{username}}&password={{password}}
payloads:
username:
- guacadmin
password:
- guacadmin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

13
default-logins/hongdian/hongdian-default-login.yaml
View File

@ -11,17 +11,26 @@ requests:
- | - |
GET / HTTP/1.1 GET / HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= Authorization: Basic {{base64(username + ':' + password)}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate Accept-Encoding: gzip, deflate
- | - |
GET / HTTP/1.1 GET / HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Authorization: Basic YWRtaW46YWRtaW4= Authorization: Basic {{base64(username + ':' + password)}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate Accept-Encoding: gzip, deflate
payloads:
username:
- guest
- admin
password:
- guest
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word

17
default-logins/hortonworks/smartsense-default-login.yaml
View File

@ -9,11 +9,18 @@ info:
tags: hortonworks,smartsense,default-login tags: hortonworks,smartsense,default-login
requests: requests:
- method: GET - raw:
path: - |
- '{{BaseURL}}/apt/v1/context' GET /apt/v1/context HTTP/1.1
headers: Host: {{Hostname}}
Authorization: Basic YWRtaW46YWRtaW4= Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

8
default-logins/hp/hp-switch-default-login.yaml
View File

@ -14,7 +14,13 @@ requests:
POST /htdocs/login/login.lua HTTP/1.1 POST /htdocs/login/login.lua HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
username=admin&password= username={{username}}&password=
payloads:
username:
- admin
attack: sniper
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/ibm/ibm-storage-default-credential.yaml
View File

@ -14,7 +14,14 @@ requests:
Origin: {{BaseURL}} Origin: {{BaseURL}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
j_username=admin&j_password=admin&continue=&submit=submit+form j_username={{username}}&j_password={{password}}&continue=&submit=submit+form
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

14
default-logins/idemia/idemia-biometrics-default-login.yaml
View File

@ -9,11 +9,17 @@ info:
tags: idemia,biometrics,default-login tags: idemia,biometrics,default-login
requests: requests:
- method: POST - raw:
path: - |
- '{{BaseURL}}/cgi-bin/login.cgi' POST /cgi-bin/login.cgi HTTP/1.1
Host: {{Hostname}}
body: password=12345 password={{password}}
payloads:
password:
- 12345
attack: sniper
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/iptime/iptime-default-login.yaml
View File

@ -13,7 +13,14 @@ requests:
Host: {{Hostname}} Host: {{Hostname}}
Referer: {{BaseURL}}/sess-bin/login_session.cgi Referer: {{BaseURL}}/sess-bin/login_session.cgi
username=admin&passwd=admin username={{username}}&passwd={{password}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

25
default-logins/jenkins/jenkins-default.yaml
View File

@ -18,21 +18,22 @@ requests:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
Cookie: {{cookie}} Cookie: {{cookie}}
j_username=admin&j_password=admin&from=%2F&Submit=Sign+in j_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in
- |
POST /j_spring_security_check HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Cookie: {{cookie}}
j_username=jenkins&j_password=password&from=%2F&Submit=Sign+in
- | - |
GET / HTTP/1.1 GET / HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
Cookie: {{cookie}} Cookie: {{cookie}}
attack: pitchfork
payloads:
username:
- admin
- jenkins
password:
- admin
- password
extractors: extractors:
- type: regex - type: regex
name: cookie name: cookie
@ -44,7 +45,7 @@ requests:
req-condition: true req-condition: true
matchers: matchers:
- type: dsl - type: dsl
condition: and
dsl: dsl:
- 'contains(body_4, "/logout")' - 'contains(body_3, "/logout")'
- 'contains(body_4, "Dashboard [Jenkins]")' - 'contains(body_3, "Dashboard [Jenkins]")'
condition: and

27
default-logins/minio/minio-default-login.yaml
View File

@ -7,23 +7,20 @@ info:
tags: default-login,minio tags: default-login,minio
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/minio/webrpc" POST /minio/webrpc HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
headers: {"id":1,"jsonrpc":"2.0","params":{"username":"{{username}}","password":"{{password}}"},"method":"Web.Login"}
Content-Type: application/json
body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}' payloads:
username:
- method: POST - minioadmin
path: password:
- "{{BaseURL}}/minio/webrpc" - minioadmin
attack: pitchfork
headers:
Content-Type: application/json
body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}'
matchers-condition: and matchers-condition: and
matchers: matchers:

20
default-logins/nagios/nagios-default-login.yaml
View File

@ -6,17 +6,27 @@ info:
tags: nagios,default-login tags: nagios,default-login
reference: https://www.nagios.org reference: https://www.nagios.org
requests: requests:
- method: GET - raw:
path: - |
- "{{BaseURL}}/nagios/side.php" GET /nagios/side.php HTTP/1.1
headers: Host: {{Hostname}}
Authorization: Basic bmFnaW9zYWRtaW46bmFnaW9zYWRtaW4= Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- nagiosadmin
- root
password:
- nagiosadmin
- nagiosxi
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
words: words:
- 'Current Status' - 'Current Status'

9
default-logins/nexus/nexus-default-login.yaml
View File

@ -14,7 +14,14 @@ requests:
X-Nexus-UI: true X-Nexus-UI: true
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
username=YWRtaW4%3D&password=YWRtaW4xMjM%3D username={{base64(username)}}&password={{base64(password)}}
payloads:
username:
- admin
password:
- admin123
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

22
default-logins/nps/nps-default-login.yaml
View File

@ -7,13 +7,21 @@ info:
tags: nps,default-login tags: nps,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/login/verify" POST /login/verify HTTP/1.1
body: "username=admin&password=123" Host: {{Hostname}}
headers: Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded Referer: {{Hostname}}/login/index
Referer: "{{Hostname}}/login/index"
username={{username}}&password={{password}}
payloads:
username:
- admin
password:
- 123
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

21
default-logins/ofbiz/ofbiz-default-login.yaml
View File

@ -7,12 +7,21 @@ info:
tags: ofbiz,default-login tags: ofbiz,default-login
requests: requests:
- method: POST - raw:
path: - |
- '{{BaseURL}}/control/login' POST /control/login HTTP/1.1
headers: Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
body: USERNAME=admin&PASSWORD=ofbiz&FTOKEN=&JavaScriptEnabled=Y
USERNAME={{username}}&PASSWORD={{password}}&FTOKEN=&JavaScriptEnabled=Y
payloads:
username:
- admin
password:
- ofbiz
attack: pitchfork
matchers: matchers:
- type: word - type: word
words: words:

11
default-logins/oracle/businessintelligence-default-login.yaml
View File

@ -19,13 +19,20 @@ requests:
<soapenv:Header/> <soapenv:Header/>
<soapenv:Body> <soapenv:Body>
<rep:createSession soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <rep:createSession soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<username xsi:type="xsd:string">Administrator</username> <username xsi:type="xsd:string">{{username}}</username>
<password xsi:type="xsd:string">Administrator</password> <password xsi:type="xsd:string">{{password}}</password>
<domain xsi:type="xsd:string">bi</domain> <domain xsi:type="xsd:string">bi</domain>
</rep:createSession> </rep:createSession>
</soapenv:Body> </soapenv:Body>
</soapenv:Envelope> </soapenv:Envelope>
payloads:
username:
- Administrator
password:
- Administrator
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status

17
default-logins/paloalto/panos-default-login.yaml
View File

@ -9,11 +9,20 @@ info:
tags: paloalto,panos,default-login tags: paloalto,panos,default-login
requests: requests:
- method: POST - raw:
path: - |
- '{{BaseURL}}/php/login.php' POST /php/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
body: user=admin&passwd=admin&challengePwd=&ok=Login user={{username}}&passwd={{password}}&challengePwd=&ok=Login
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

11
default-logins/panabit/panabit-default-login.yaml
View File

@ -19,15 +19,22 @@ requests:
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
------WebKitFormBoundaryAjZMsILtbrBp8VbC ------WebKitFormBoundaryAjZMsILtbrBp8VbC
Content-Disposition: form-data; name="username" Content-Disposition: form-data; name="{{username}}"
admin admin
------WebKitFormBoundaryAjZMsILtbrBp8VbC ------WebKitFormBoundaryAjZMsILtbrBp8VbC
Content-Disposition: form-data; name="password" Content-Disposition: form-data; name="{{password}}"
panabit panabit
------WebKitFormBoundaryAjZMsILtbrBp8VbC-- ------WebKitFormBoundaryAjZMsILtbrBp8VbC--
payloads:
username:
- username
password:
- password
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word

19
default-logins/rabbitmq/rabbitmq-default-login.yaml
View File

@ -7,11 +7,20 @@ info:
tags: rabbitmq,default-login tags: rabbitmq,default-login
requests: requests:
- method: GET - raw:
path: - |
- "{{BaseURL}}/api/whoami" GET /api/whoami HTTP/1.1
headers: Host: {{Hostname}}
Authorization: "Basic Z3Vlc3Q6Z3Vlc3Q=" Content-Type: application/x-www-form-urlencoded
Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- guest
password:
- guest
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word

7
default-logins/ricoh/ricoh-weak-password.yaml
View File

@ -14,7 +14,12 @@ requests:
Host: {{Hostname}} Host: {{Hostname}}
Cookie: cookieOnOffChecker=on; Cookie: cookieOnOffChecker=on;
wimToken=&userid_work=&userid=YWRtaW4%3D&password_work=&password=&open= wimToken=&userid_work=&userid={{base64(username)}}&password_work=&password=&open=
payloads:
username:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/rockmongo/rockmongo-default-login.yaml
View File

@ -14,7 +14,14 @@ requests:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
Referer: {{Hostname}}/index.php?action=login.index Referer: {{Hostname}}/index.php?action=login.index
more=0&host=0&username=admin&password=admin&db=&lang=en_us&expire=3 more=0&host=0&username={{username}}&password={{password}}&db=&lang=en_us&expire=3
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

20
default-logins/samsung/samsung-wlan-default-login.yaml
View File

@ -8,18 +8,28 @@ info:
tags: samsung,default-login tags: samsung,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/main.ehp" POST /main.ehp HTTP/1.1
body: "httpd;General;lang=en&login_id=root&login_pw=sweap12~" Host: {{Hostname}}
httpd;General;lang=en&login_id={{username}}&login_pw={{password}}
payloads:
username:
- root
password:
- sweap12~
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body
words: words:
- "document.formParent2.changepasswd1.value" - "document.formParent2.changepasswd1.value"
- "passwd_change.ehp" - "passwd_change.ehp"
part: body
- type: status - type: status
status: status:
- 200 - 200

21
default-logins/showdoc/showdoc-default-login.yaml
View File

@ -9,14 +9,21 @@ info:
tags: showdoc,default-login tags: showdoc,default-login
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/server/index.php?s=/api/user/login" POST /server/index.php?s=/api/user/login HTTP/1.1
body: | Host: {{Hostname}}
username=showdoc&password=123456&v_code= Content-Type: application/x-www-form-urlencoded;charset=UTF-8
username={{username}}&password={{password}}&v_code=
payloads:
username:
- showdoc
password:
- 123456
attack: pitchfork
headers:
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
matchers-condition: and matchers-condition: and
matchers: matchers:

22
default-logins/solarwinds/solarwinds-default-login.yaml
View File

@ -12,12 +12,22 @@ info:
# {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337} # {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337}
requests: requests:
- method: GET - raw:
path: - |
- "{{BaseURL}}/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS" # First path is default base path GET /SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
- "{{BaseURL}}/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS" Host: {{Hostname}}
headers: Authorization: Basic {{base64(username)}}
Authorization: "Basic YWRtaW46"
- |
GET /InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username)}}
payloads:
username:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word

9
default-logins/spectracom/spectracom-default-login.yaml
View File

@ -13,7 +13,14 @@ requests:
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D=spadmin&data%5BUser%5D%5Bpassword%5D=admin123 data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D={{username}}&data%5BUser%5D%5Bpassword%5D={{password}}
payloads:
username:
- spadmin
password:
- admin123
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

21
default-logins/szhe/szhe-default-login.yaml
View File

@ -9,13 +9,20 @@ info:
- https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage
requests: requests:
- method: POST - raw:
path: - |
- "{{BaseURL}}/login/" POST /login/ HTTP/1.1
headers: Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
body: |
email=springbird@qq.com&password=springbird&remeber=true email={{username}}&password={{password}}&remeber=true
payloads:
username:
- springbird@qq.com
password:
- springbird
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/vidyo/vidyo-default-login.yaml
View File

@ -24,7 +24,14 @@ requests:
Referer: {{RootURL}}/super/login.html?lang=en Referer: {{RootURL}}/super/login.html?lang=en
Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en
username=super&password=password username={{username}}&password={{password}}
payloads:
username:
- super
password:
- password
attack: pitchfork
extractors: extractors:
- type: regex - type: regex

9
default-logins/viewpoint/trilithic-viewpoint-login.yaml
View File

@ -16,7 +16,14 @@ requests:
Content-Type: application/json Content-Type: application/json
Cookie: trilithic_win_auth=false Cookie: trilithic_win_auth=false
{u:"admin", t:"undefined", p:"trilithic", d:"", r:false, w:false} {u:"{{username}}", t:"undefined", p:"{{password}}", d:"", r:false, w:false}
payloads:
username:
- admin
password:
- trilithic
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

17
default-logins/visionhub/visionhub-default-login.yaml
View File

@ -9,11 +9,18 @@ info:
reference: https://www.qognify.com/products/visionhub/ reference: https://www.qognify.com/products/visionhub/
requests: requests:
- method: POST - raw:
path: - |
- '{{BaseURL}}/VisionHubWebApi/api/Login' POST /VisionHubWebApi/api/Login HTTP/1.1
headers: Host: {{Hostname}}
Authorization: Basic YWRtaW46YWRtaW4= Authorization: Basic {{base64(username + ':' + password)}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/wifisky/wifisky-default-login.yaml
View File

@ -16,7 +16,14 @@ requests:
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Connection: close Connection: close
username=admin&password=admin username={{username}}&password={{password}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

9
default-logins/wso2/wso2-default-login.yaml
View File

@ -14,7 +14,14 @@ requests:
Host: {{Hostname}} Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
username=admin&password=admin username={{username}}&password={{password}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
redirects: false redirects: false
matchers: matchers:

9
default-logins/xxljob/xxljob-default-login.yaml
View File

@ -14,7 +14,14 @@ requests:
Host:{{Hostname}} Host:{{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
userName=admin&password=123456 userName={{username}}&password={{password}}
payloads:
username:
- admin
password:
- 123456
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:

23
default-logins/zabbix/zabbix-default-login.yaml
View File

@ -7,14 +7,21 @@ info:
tags: zabbix,default-login tags: zabbix,default-login
requests: requests:
- method: POST - raw:
path: - |
- '{{BaseURL}}/index.php' POST /index.php HTTP/1.1
headers: Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest X-Requested-With: XMLHttpRequest
body: name=Admin&password=zabbix&autologin=1&enter=Sign+in name={{username}}&password={{password}}&autologin=1&enter=Sign+in
payloads:
username:
- Admin
password:
- zabbix
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers:
@ -24,4 +31,4 @@ requests:
- type: status - type: status
status: status:
- 302 - 302

21
default-logins/zmanda/zmanda-default-login.yaml
View File

@ -9,14 +9,21 @@ info:
tags: zmanda,default-login tags: zmanda,default-login
requests: requests:
- method: POST - raw:
path: - |
- '{{BaseURL}}/ZMC_Admin_Login' POST /ZMC_Admin_Login HTTP/1.1
headers: Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
Cookie: zmc_cookies_enabled=true Cookie: zmc_cookies_enabled=true
body: login=AEE&last_page=&username=admin&password=admin&submit=Login&JS_SWITCH=JS_ON login=AEE&last_page=&username={{username}}&password={{password}}&submit=Login&JS_SWITCH=JS_ON
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and matchers-condition: and
matchers: matchers: