Changeme Versions Save

A default credential scanner.

v1.2.3

4 years ago

Changes:

  • Moving from yaml.load to yaml.safe_load - #91 @Graph-X
  • Fixes in http_post scanner by @Graph-X

New Creds:

  • Endpoint Protector
  • iCatch or LILIN DVRs
  • EON SNMP - h4knet
  • Zyxel FTP - h4knet

Announcements

Likely the last version supporting python 2.7. Future plan is to move to Python 3 and reworking the scanning engine to take advantage of async.io instead of the current threading implementation.

v1.2.1

5 years ago
  • Fixing broken success.status check from #79
  • Adding @mzet-'s Aruba ClearPass credentials

v1.2.0

5 years ago
  • Merged @binarycanary's Telnet scanner code
  • New Creds
    • Cisco Collaboration Endpoint
    • SonarQube 7.x
    • Odoo
    • Misc IoT creds
    • Netscreen backdoor creds

v1.1.1

6 years ago

Changelog

  • Fixed #62
  • Reworked multiprocessing to help with #60 (crosses fingers)
  • Implemented --ssl switch to implement feature request #52
  • New credentials
    • Speco Technologies IP Camera
    • ActiveMQ
    • Proliphix Thermostat
    • MySQL
    • Postgres
    • Antsle
    • HipChat (SSH)
    • IBM Storwize

Thanks to sil3ntcor3, madtownliz for creds and inspiration.

v1.1

6 years ago

Changelog

  • Fixed #62
  • Reworked multiprocessing to help with #60 (crosses fingers)
  • Implemented --ssl switch to implement feature request #52
  • New credentials
    • Speco Technologies IP Camera
    • ActiveMQ
    • Proliphix Thermostat
    • MySQL
    • Postgres
    • Antsle
    • HipChat (SSH)
    • IBM Storwize
    • SSH from @jtesta #61

Thanks to @jtesta, @sil3ntcor3 and @madtownliz for creds and inspiration.

v1.0.5

6 years ago
  • A bug fix for non-redis backed scans that would result in false negatives
  • -n now supports multiple names separated by a comma i.e. -n "tomcat manager",jboss,nexus

v1.0.4

6 years ago
  • Closes #38 by upgrading persist-queue to 0.3.1 and making the storage mech :memory:
  • Optimized queue storage for fingerprints by modifying how the creds dict is passed to the methods
  • Modified to HttpFingerprint.__eq__ so it's better at uniquing fingerprints
  • Added Apache Tomcat Host Manager creds based on #48
  • Re-adding kanboard and makito creds that were accidentally removed during the refactor

Note: You'll need to run pip install -r requirements.txt to pick up the new library versions.

v1.0.3

6 years ago
  • Closed #45 - Run changeme from outside the project directory
  • Merged #44 - Strip trailing slashes from target to improve compatability with aquatone
  • New creds
    • Grafana
    • Modern IE SSH creds
    • Nuxeo

v1.0.2

6 years ago

This release fixes a number of bugs.

  • Closing #39 SSH bug
  • Splitting out dev/test requirements to dev-requirements.txt
  • Fixing bug with version check
  • Removing some extraneous debug logging
  • Merging Graph-X's port checking code for the Target class
  • Adding get_ip method to the Target class that resolves host names to ips
  • Splitting out snmp public/private community strings to their own cred file
  • Updated snmp test to have more stringent checks

v1.0.1

6 years ago
  • Fixes bug where sqlite didn't delete the found_q after a successful scan
  • Fixing python2/3 issue with --mkcred