Password Auditor

Character with goggles that can see vulnerabilities

Unlock full capabilities

There's so much you can do with this tool!
Plus, access to it means full access to all 20+ tools on the platform.

Find weak credentials in network services and web applications with zero manual work.

Automatically detect services that require authentication and launch password audits with preset or custom parameters. Test for common/default credentials with dictionary or password spraying attacks, plus ready-to-use, customizable wordlists, port lists, and more.

Reporting

Sample Password Auditor report

Every report our password audit tool includes:

  • A list of reachable network services

  • The weak credentials discovered

  • Full vulnerability and risk descriptions

  • Screenshots that confirm use of weak credentials

  • Mitigation recommendations

  • List of open ports found

Password Auditor Report Sample

How to use the pentesting tool

How ethical hackers use the Password Auditor

The Password Auditor automates all the manual work you’d do with a free tool like Medusa, Hydra, or Ncrack – and it does a lot more too!

With its automatic detection for web app login forms, you can test for common/default credentials and custom wordlists in minutes, with zero setup. In some cases, the Password Auditor even finds network services that don’t require authentication, such as Docker API.

  • Penetration Testing

    Instantly access poorly protected accounts and dig deeper into the target system with our tool. It extracts proof for pentest reports, highlighting the real risk of data breaches through unauthorized access to web interfaces and network services.

  • Compliance Testing

    Scan your network and web applications for non-compliant passwords (weak credentials, reused identical passwords, etc.) and generate detailed reports. Use the evidence in them to demonstrate compliance with cybersecurity standards such as PCI DSS, HIPAA, NIST, and others.

  • Risk Assessment

    Check for breached passwords in user accounts with default or custom wordlists that include credentials malicious hackers use. Export a detailed report with overall risk levels and mitigation recommendations for each finding to get suggestions on how to reduce your exposure.

  • Password Policy Enforcement

    Simulate password spraying and dictionary attacks and get the list of user and password combinations which increase your attack surface. Validate correct implementation of password policies (e.g. password length, 2FA, etc.) with scheduled scans. Get reports via email and instantly know which users need to change passwords and take additional steps to prevent intrusion.

  • Internal Security Audit

    Using the tool in security audits of internal networks speeds up how you find high-risk accounts. Security and IT teams can use the report to deploy additional tools and processes such as a password manager, two-factor authentication, and specific strong password standards.

  • Incident response

    In the event of a security breach or suspected unauthorized access, the Password Auditor can quickly scan networks and web apps for compromised credentials. This helps identify pwned accounts so you can act fast to secure them and prevent takeover attacks.

Password Auditor

Technical details

The Password Auditor is an autonomous password auditing solution for network services and web applications. It scans a URL, IP address, or hostname for network services that require authentication:

HTTP: Web forms, Basic, Digest, NTLM, RDP, SSH, Telnet, FTP, Redis, VNC, MySQL, MSSQL, PostgreSQL, WinRM, SMB, Docker, AMQP, MQTT, STOMP

The tool detects weak credentials automatically by trying to log in using the usernames and passwords from the input wordlists.

There are two default wordlists – with usernames and passwords – which you can use, but you can add as many custom ones as you need. A custom wordlist can include up to 50000 words (200 characters max. length/word) as long as it stays under 16 MB.

Another important functionality of our password auditing tool is the ability to test for default credentials based on the service found on a specific port.

Network scanner exploit with sniper

Our Password Auditor also has a unique feature: it automatically detects whether a web form authentication attempt was successful or not. This speeds up how you find weak credentials in:

  • Network services: HTTP, SSH, Telnet, FTP, Redis, VNC, RDP, MySQL, MSSQL, PostgreSQL, WinRM, SMB, AMQP, MQTT, STOMPSSH, FTP, MySQL, MSSQL, PostgreSQL, RDP, etc.
  • and Web interfaces: WordPress, Drupal, Sharepoint, cPanel, phpMyAdmin, etc.

The tool comes pre-loaded with a credential database for almost all frameworks and network services, which makes testing for known default/common credentials hassle-free and efficient.

The Password Auditor also correctly detects passwordless protocols (e.g. Docker API) and generates findings accordingly.

Our password auditing tool supports two types of attack:

  • Dictionary attacks, where it tries all the passwords in your wordlists against a username before moving on to test the next one.
  • Password Spraying attacks - where it tries every username against a password from the passwords wordlist before moving on to the next one. You can define how many attempts per period the tool runs in a time period you define, to avoid user account lockout.

Parameters

ParameterDescription
TargetThis is the URL/ IP address/hostname to scan.
Attack typeChoose the type of brute force attack that the Password Auditor will perform (Dictionary or Password Spraying). Default: Dictionary.
PortsChoose which ports to scan for authentication services. Default: Top 100 common ports.
Services Choose the services you want to audit (HTTP, SSH, FTP, Telnet, etc.). They will be automatically matched to the open ports. For example: Apache running on port 2174 will trigger the HTTP module.
WordlistsSpecify a custom wordlist for usernames/passwords.
Attempt default credentialsTry to log in with publicly known default/common credentials for each service and product. Default: enabled.
Delay between attempts Time delay (in seconds) between two consecutive authentication attempts. Default: 0 (no delay enforced). The value must be an integer between 0 and 600.
Lockout period (Password Spray only) Time delay (in minutes) between trying Attempts per period passwords for each username. Use this parameter to instruct the tool to wait until account lockout counters reset. Default: 5. The value must be an integer between 1 and 720.
Attempts per period (Password Spray only) The number of passwords to attempt for each username in the wordlist before waiting for the Lockout period for account lockout counters to reset. Default: 2. The value must be an integer between 1 and 50000.

How it works

The Password Auditor starts by doing a port scan and service discovery against the target system to discover which services support authentication.

It then tries common username/password combinations (from a predefined wordlist) or default credentials (from a credential database) for each service found in the previous step.

If the service is web-based, the Password Auditor uses Selenium to automatically detect the login interfaces and form parameters used for authentication. The tool is capable of determining if a web-form authentication was performed successfully or not.

Tools to use after running the Password Auditor

Website Vulnerability Scanner

If the Password Auditor finds weak credentials in a web service, you can dig deeper with an authenticated scan with the Website Vulnerability Scanner.

Using its configurable authentication option (user/password), the tool will deliver findings that include vulnerabilities such as XSS, SQLi, SSRF, and many others.

What’s more, the Website Scanner also offers the option to automatically replay the recorded authentication steps for future scans, speeding up the process.

Sniper Auto-Exploiter

If the Password Auditor finds weak credentials in a supported network service (SSH, WinRM, SMB, MySQL), you can use the remote, authenticated attack option in Sniper Auto-Exploiter to extract solid proof of compromise.

An authenticated Sniper scan gets you artefacts such as: the current user and directory, full system information (e.g. OS, equipment type and version, software type and version, running apps, architecture, hotfixes, etc.), the list of running processes, a visual summary of the network configuration, network neighbors, and much more.