Description
changeme scans network services and web applications for default and known credentials. It supports HTTP forms, HTTP basic auth, SSH, MySQL, MSSQL, PostgreSQL, Redis, MongoDB, and more. A must-run tool in any pentest to find low-hanging fruit.
Installation
BASH
pip3 install changeme
# From source
git clone https://github.com/ztgrace/changeme.git
cd changeme && pip3 install .Basic Usage
BASH
# Scan a single target
changeme target.com
# Scan a subnet
changeme 10.0.0.0/24
# Scan specific port
changeme target.com:8080Advanced Usage
BASH
# Specific protocol
changeme --protocol http target.com
changeme --protocol ssh target.com
# Custom threads
changeme -t 20 target.com
# Output to file
changeme target.com -o results.csv
# Verbose
changeme -v target.com
# Only check specific category
changeme --category web target.comCommon Workflows
BASH
# Quick default credential sweep
changeme 10.0.0.0/24 -t 30 -o default_creds.csv
# Web-only default credentials
changeme --protocol http target.com
# Database default credentials
changeme --protocol mysql target.com:3306
changeme --protocol mssql target.com:1433
changeme --protocol postgres target.com:5432