Password Auditor is an autonomous password auditing solution for network services and web applications.
Its purpose is to automate the manual work performed when using tools such as
Ncrack by automatically detecting the services which require authentication and launching the password audit with the right parameters.
One of the unique advantages of this tool is that it automatically detects web forms in web applications and it automatically attempts to log in with the given credentials. It can detect if a web form authentication was performed with success or not.
As a result, you can easily find web interfaces with weak passwords (e.g.
Cisco routers, etc.) together with network services (like
RDP, etc.), having default credentials.
|Target||This is the hostname or IP address to scan|
|Ports||Choose which ports to check for authentication (default: Top 100 common ports)|
|Services||Choose the services you want to have audited (|
|Wordlists||Specify a custom wordlist for usernames/passwords|
The Password Auditor starts by doing a port scan and service discovery against the target systems to discover which services require authentication.
The next step is to try common username/password combinations (taken from a predefined wordlist) for each service found in the previous step. In case the service is web-based, Password Auditor automatically detects the login interfaces and parameters for authentication. The tool is capable of knowing if a web-form authentication was performed successfully or not.