Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Overview

Passhunt

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Screenshot

image

Pre-requisites

Make sure you have installed the following:

- Python 3.0 or later.
- pip3 (sudo apt-get install python3-pip)

How to install?

git clone https://github.com/Viralmaniar/Passhunt.git
cd Passhunt
pip3 install -r requirements.txt
python3 Passhunt.py

How do I use this?

  • Press 1: This will print the list of supported vendors.
  • Press 2: Enter the vendor name and search for default credentials.
  • Press 3: To exit from the program.

Credit

The list of default passwords is obtained from cirt.net. All passwords and vendor list maintained by cirt.net

TODO

  • Offline password search
  • Create username and password list in a json file and parse them
Comments
  • Certificate verify failed

    Certificate verify failed

    Using python 3.5, I got a ssl.SSLErroe CERTIFICATE_VERIFY_FAILED after pressing 2 on command line.

    Adding the following to imports fixed this problem:

    import os, sys import urllib.request

    import ssl import io import bs4 as bs

    try: _create_unverified_https_context = ssl._create_unverified_context except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default pass else: # Handle target environment that doesn't support HTTPS verification ssl._create_default_https_context = _create_unverified_https_context

    opened by bb78657 2
  • Traceback (most recent call last)

    Traceback (most recent call last)

    u0_a336@localhost  ~/Passhunt   master  python3 passhunt.py

    Traceback (most recent call last):
      File "/data/data/com.termux/files/home/Passhunt/passhunt.py", line 13, in <module>
        import bs4 as bs
    ModuleNotFoundError: No module named 'bs4'
    
    opened by ghost 1
  • No module named request

    No module named request

    On Kali, pip3 isn't installed by default. The person would need to first do an "apt-get install python3-pip". Additionally, there would be an error saying the following:

    Traceback (most recent call last): File "passhunt.py", line 11, in import urllib.request ImportError: No module named request

    The person would need to run "python3 passhunt.py"

    opened by ghost 1
  • ImportError

    ImportError

    Getting

    python passhunt.py Traceback (most recent call last): File "passhunt.py", line 11, in <module> import urllib.request ImportError: No module named request

    Would you please check? Thanks!

    opened by soaj1664 1
  • Fix environment call

    Fix environment call

    Updated the #! to call python3 via modified environment env. This should fix issue #4 in distros where python3 is not the default.

    Side note: I should get used to github's UI. :/

    opened by BaderSZ 0
  • code execution backdoor

    code execution backdoor

    We discovered a malicious backdoor in the project's dependencies, affected versions are 9a063f84e4ef9e1f067e5e9107c53ff1756aae68~54eb987d30ead2b8ebbf1f0b880aa14249323867. Its malicious backdoor is the request package, the requirements.txt file has a dependency request.

    image

    Even if the request has been deleted by PyPI, many mirror sites have not completely deleted this package, so it can still be installed. For example: https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

    Using such a mirror site to download and install this item will be vulnerable.

    image

    Analysis of malicious function of request package: 1.Remote download of malicious code When the request package is installed, the setup.py file in the package will be actively executed. The setup.py file contains the logic for the attacker to remotely download and execute malicious code. At the same time, the C2 domain name is encoded and obfuscated. The decrypted C2 address is: https://dexy.top/request/check.so. 2.Release the remote control Trojan and persist it The malicious code loaded remotely during the installation of the request package includes two functions: Release the remote control Trojan to the .uds folder of the current user's HOME directory. The Trojan name is _err.log (for example, /root/.uds/_err.log). The content of the _err.log remote control Trojan script is encoded and compressed by base64, which reduces the size and enhances the confrontation. Implant malicious backdoor commands in .bashrc to achieve persistence 3.Issue stealing instructions The attacker issues python secret stealing instructions through the remote control Trojan to steal sensitive information (coinbase account secret) After decrypting the stealing instruction, the function is to request the C2 service: http://dexy.top/x.pyx, and remotely load the stealing Trojan. Some of the functions of the remotely loaded secret stealing Trojan are shown below, which are used to steal browser cookies, coinbase accounts and passwords, etc.

    Repair suggestion: replace request in requirements.txt with requests

    opened by di1l0o 0
  • Change credentials source

    Change credentials source

    Hi!

    Currently source of credentials is CIRT.net.

    I create a database of credentials larger than a CIRT.net called Many passwords. I think it would be a good idea to replace CIRT.net with Many passwords. This provides more default credentials, provides the possibility of creating an offline version of the program (using the csv file). We can also convert csv file to json to easiest entries parse.

    What do you think about this idea?

    opened by piechowiakmichal 0
  • Invalid Syntax

    Invalid Syntax

    SyntaxError: Missing parentheses in call to 'print' Error in sys.excepthook: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 63, in apport_excepthook from apport.fileutils import likely_packaged, get_recent_crashes File "/usr/lib/python3/dist-packages/apport/init.py", line 5, in from apport.report import Report File "/usr/lib/python3/dist-packages/apport/report.py", line 21, in from urllib.request import urlopen File "/usr/lib/python3.5/urllib/request.py", line 88, in import http.client File "/usr/lib/python3.5/http/client.py", line 1217, in import ssl File "/tmp/pip-build-houdmkwo/ssl/ssl/init.py", line 140 except SSLError, x: ^ SyntaxError: invalid syntax

    Original exception was:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-houdmkwo/ssl/setup.py", line 33
        print 'looking for', f
                          ^
    SyntaxError: Missing parentheses in call to 'print'
    
    opened by zer0trip 6
Releases(1.0.0)
Django app that enables staff to log in as other users using their own credentials.

Impostor Impostor is a Django application which allows staff members to login as a different user by using their own username and password. Login Logg

Andreu Vallbona Plazas 144 Dec 13, 2022
django's default admin interface made customizable. popup windows replaced by modals. :mage: :zap:

django-admin-interface django-admin-interface is a modern responsive flat admin interface customizable by the admin itself. Features Beautiful default

Fabio Caccamo 1.3k Dec 31, 2022
Collection of admin fields and decorators to help to create computed or custom fields more friendly and easy way

django-admin-easy Collection of admin fields, decorators and mixin to help to create computed or custom fields more friendly and easy way Installation

Ezequiel Bertti 364 Jan 8, 2023
A curated list of the latest breakthroughs in AI by release date with a clear video explanation, link to a more in-depth article, and code.

A curated list of the latest breakthroughs in AI by release date with a clear video explanation, link to a more in-depth article, and code

Louis-François Bouchard 2.9k Jan 8, 2023
Lazymux is a tool installer that is specially made for termux user which provides a lot of tool mainly used tools in termux and its easy to use

Lazymux is a tool installer that is specially made for termux user which provides a lot of tool mainly used tools in termux and its easy to use, Lazymux install any of the given tools provided by it from itself with just one click, and its often get updated.

DedSecTL 1.8k Jan 9, 2023
Real-time monitor and web admin for Celery distributed task queue

Flower Flower is a web based tool for monitoring and administrating Celery clusters. Features Real-time monitoring using Celery Events Task progress a

Mher Movsisyan 5.5k Dec 28, 2022
WebVirtCloud is virtualization web interface for admins and users

WebVirtCloud is a virtualization web interface for admins and users. It can delegate Virtual Machine's to users. A noVNC viewer presents a full graphical console to the guest domain. KVM is currently the only hypervisor supported.

Anatoliy Guskov 1.3k Dec 29, 2022
A Django app that creates automatic web UIs for Python scripts.

Wooey is a simple web interface to run command line Python scripts. Think of it as an easy way to get your scripts up on the web for routine data anal

Wooey 1.9k Jan 1, 2023
Django Smuggler is a pluggable application for Django Web Framework that helps you to import/export fixtures via the automatically-generated administration interface.

Django Smuggler Django Smuggler is a pluggable application for Django Web Framework to easily dump/load fixtures via the automatically-generated admin

semente 373 Dec 26, 2022
A python application for manipulating pandas data frames from the comfort of your web browser

A python application for manipulating pandas data frames from the comfort of your web browser. Data flows are represented as a Directed Acyclic Graph, and nodes can be ran individually as the user sees fit.

Schlerp 161 Jan 4, 2023
Tornadmin is an admin site generation framework for Tornado web server.

Tornadmin is an admin site generation framework for Tornado web server.

Bharat Chauhan 0 Jan 10, 2022
DyStyle: Dynamic Neural Network for Multi-Attribute-Conditioned Style Editing

DyStyle: Dynamic Neural Network for Multi-Attribute-Conditioned Style Editing

null 74 Dec 3, 2022
Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django and Vue.

Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django and Vue. It uses an agent written in golan

Dan 1.4k Dec 30, 2022
Manuskript is an open-source tool for writers.

Manuskript is an open-source tool for writers. Manuskript runs on GNU/Linux, Mac OS X, and Windows.

Olivier 1.4k Jan 7, 2023
Simple and extensible administrative interface framework for Flask

Flask-Admin The project was recently moved into its own organization. Please update your references to [email protected]:flask-admin/flask-admin.git. Int

Flask-Admin 5.2k Dec 29, 2022
Simple and extensible administrative interface framework for Flask

Flask-Admin The project was recently moved into its own organization. Please update your references to [email protected]:flask-admin/flask-admin.git. Int

Flask-Admin 4.6k Feb 7, 2021
A flat theme for Django admin interface. Modern, fresh, simple.

Django Flat Theme django-flat-theme is included as part of Django from version 1.9! ?? Please use this app if your project is powered by an older Djan

elky 416 Sep 22, 2022
Django application and library for importing and exporting data with admin integration.

django-import-export django-import-export is a Django application and library for importing and exporting data with included admin integration. Featur

null 2.6k Jan 7, 2023
BitcartCC is a platform for merchants, users and developers which offers easy setup and use.

BitcartCC is a platform for merchants, users and developers which offers easy setup and use.

BitcartCC 270 Jan 7, 2023