A comprehensive dataset and CLI tool providing default credentials for various devices to aid security professionals in identifying and mitigating default password vulnerabilities.
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
This tool is primarily used by penetration testers and red/blue teamers to quickly identify devices and systems using default login credentials during security assessments. It helps blue teams discover and remediate default credential vulnerabilities to strengthen organizational security posture.
Users should ensure they have permission to test target systems before using this tool to avoid unauthorized access. The dataset is continuously updated, so regular 'creds update' commands are recommended. Exported credential lists can be used for brute force testing but must be handled responsibly.
pip3 install defaultcreds-cheat-sheet
git clone https://github.com/ihebski/DefaultCreds-cheat-sheet
pip3 install -r requirements.txt
cp creds /usr/bin/ && chmod +x /usr/bin/credscreds search tomcat
Searches the database for default credentials related to the 'tomcat' product
creds update
Checks for and downloads updates to the default credentials database
creds search tomcat export
Searches for 'tomcat' credentials and exports usernames and passwords to separate files
creds search tomcat --proxy=http://localhost:8080
Performs a search for 'tomcat' credentials routing traffic through the specified proxy
creds update --proxy=http://localhost:8080
Updates the credentials database using the specified proxy