About
Getting default credentials added to commercial scanners is often difficult and slow. changeme is designed to be simple to add new credentials without having to write any code or modules.
changeme keeps credential data separate from code. All credentials are stored in yaml files so they can be both easily read by humans and processed by changeme. Credential files can be created by using the ./changeme.py --mkcred
tool and answering a few questions.
changeme supports the http/https, mssql, mysql, postgres, ssh, ssh w/key, snmp, mongodb and ftp protocols. Use ./changeme.py --dump
to output all of the currently available credentials.
You can load your targets using a variety of methods, single ip address/host, subnet, list of hosts, nmap xml file and Shodan query. All methods except for Shodan are loaded as a positional argument and the type is inferred.
Installation
changeme has only been tested on Linux and has known issues on Windows and OS X/macOS. Use docker to run changeme on the unsupported platforms.
Stable versions of changeme can be found on the releases page.
For mssql support, unixodbc-dev
needs to be installed prior to installing the pyodbc
.
PhantomJS is required in your PATH for HTML report screenshots.
Use pip
to install the required python modules: pip install -r requirements.txt
Docker
A convenient way of running changeme is to do so inside a Docker container. You can run a pre-built container from Docker Hub, or build your own using the instructions below.
Run changeme in Docker
- Download the container:
docker pull ztgrace/changeme
- Run the container:
docker run -it ztgrace/changeme /bin/bash
Build from Dockerfile
- Build the docker container:
docker build -t changeme .
- Run changeme from inside the container: `docker run -it changeme /bin/bash’
Usage Examples
Below are some common usage examples.
- Scan a single host:
./changeme.py 192.168.59.100
- Scan a subnet for default creds:
./changeme.py 192.168.59.0/24
- Scan using an nmap file
./changeme.py subnet.xml
- Scan a subnet for Tomcat default creds and set the timeout to 5 seconds:
./changeme.py -s 192.168.59.0/24 -n "Apache Tomcat" --timeout 5
- Use Shodan to populate a targets list and check them for default credentials:
./changeme.py --shodan_query "Server: SQ-WEBCAM" --shodan_key keygoeshere -c camera
- Scan for SSH and known SSH keys:
./changeme.py 192.168.59.0/24 --protocols ssh,ssh_key
- Scan a host for SNMP creds using the protocol syntax:
./changeme.py snmp://192.168.1.20
Add Comment