Here is a Password Auditor - Discover weak credentials sample report:
The tool scans an IP address or hostname for network services that require authentication (ex. HTTP web forms, SSH, FTP, MYSQL, etc) and detects weak credentials by trying to login using a set of common usernames and passwords
The tool can be used to easily check if any common username/password was used in any network service. This could be an easy entry point into the network.
As a system administrator, you want to check if any of your users have set weak passwords on the services exposed to the internet. This verification should be done periodically.
When auditing the configuration settings of a network infrastructure, it is always needed to check the usage of default passwords (ex. cisco/cisco, admin/admin, etc).
|Target||This is the hostname or IP address to scan|
|Services||Choose which services you want to audit (WWW, SSH, FTP, etc)|
|Advanced - Custom login URL||Indicate a login URL where to perform web-form authentication attempts|
|Credentials||Specify custom credentials to use when doing authentication attempts. All usernames and passwords are separated by a new line. Each list doesn’t have to exceed 20.000 characters and 1000 lines.|
|Parallel requests||Set the number of parallel authentication attempts against a target host|
|Delay between attempts||Specify a delay (in seconds) between consecutive authentication attempts|
|Retries per credential||How many times we should retry a combination of username/password in case it has timedout or returned an error|