forked from ztgrace/changeme
-
Notifications
You must be signed in to change notification settings - Fork 0
/
changeme.1
126 lines (126 loc) · 3.16 KB
/
changeme.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
.TH CHANGEME "1" "June 2018" "changeme 1.1.1" "User Commands"
.SH NAME
changeme \- Default Credential Scanner
.SH DESCRIPTION
A default Credential Scanner with support for various protocols
.PP
.SH SYNOPSIS
.B changeme [options] <target>
.IP
.SH OPTIONS
.SS "required arguments:"
.TP
\fBtarget\fR
Target to scan. Can be IP, subnet, hostname, nmap xml
file, text file or proto://host:port
.SS "optional arguments:"
.TP
\fB\-h\fR, \fB\-\-help\fR
show this help message and exit
.TP
\fB\-\-all\fR, \fB\-a\fR
Scan for all protocols
.TP
\fB\-\-category\fR, \fB\-c\fR CATEGORY
Category of default creds to scan for
.TP
\fB\-\-contributors\fR
Display cred file contributors
.TP
\fB\-\-debug\fR, \fB\-d\fR
Debug output
.TP
\fB\-\-delay\fR, \fB\-dl\fR DELAY
Specify a delay in milliseconds to avoid 429 status
codes default=500
.TP
\fB\-\-dump\fR
Print all of the loaded credentials
.TP
\fB\-\-dryrun\fR
Print urls to be scan, but don't scan them
.TP
\fB\-\-fingerprint\fR, \fB\-f\fR
Fingerprint targets, but don't check creds
.TP
\fB\-\-fresh\fR
Flush any previous scans and start fresh
.TP
\fB\-\-log\fR, \fB\-l\fR LOG
Write logs to logfile
.TP
\fB\-\-mkcred\fR
Make cred file
.TP
\fB\-\-name\fR, \fB\-n\fR NAME
Narrow testing to the supplied credential name
.TP
\fB\-\-noversion\fR
Don't perform a version check
.TP
\fB\-\-proxy\fR, \fB\-p\fR PROXY
HTTP(S) Proxy
.TP
\fB\-\-output\fR, \fB\-o\fR OUTPUT
Name of result file. File extension determines type
(csv, html, json).
.TP
\fB\-\-oa\fR
Output results files in csv, html and json formats
.TP
\fB\-\-protocols\fR PROTOCOLS
Comma separated list of protocols to test:
http,ssh,ssh_key. Defaults to http.
.TP
\fB\-\-portoverride\fR
Scan all protocols on all specified ports
.TP
\fB\-\-redishost\fR REDISHOST
Redis server
.TP
\fB\-\-redisport\fR REDISPORT
Redis server
.TP
\fB\-\-resume\fR, \fB\-r\fR
Resume previous scan
.TP
\fB\-\-shodan_query\fR, \fB\-q\fR SHODAN_QUERY
Shodan query
.TP
\fB\-\-shodan_key\fR, \fB\-k\fR SHODAN_KEY
Shodan API key
.TP
\fB\-\-ssl\fR
Force cred to SSL and fall back to non\-SSL if an
SSLError occurs
.TP
\fB\-\-threads\fR, \fB\-t\fR THREADS
Number of threads, default=10
.TP
\fB\-\-timeout\fR TIMEOUT
Timeout in seconds for a request, default=10
.TP
\fB\-\-useragent\fR, \fB\-ua\fR USERAGENT
User agent string to use
.TP
\fB\-\-validate\fR
Validate creds files
.TP
\fB\-\-verbose\fR, \fB\-v\fR
Verbose output
.SH EXAMPLES
\fBchangeme 192.168.2.100\fR Scan single host
.TP
\fBchangeme 192.168.2.0/24\fR Scan subnet
.TP
\fBchangeme subnet.xml\fR Scan using a nmap output file
.TP
\fBchangeme -n "Apache Tomcat" --timeout 5 192.168.2.0/24\fR Scan a subnet for Tomcat default creds and set the timeout to 5 seconds
.TP
\fBchangeme --shodan_query "Server: SQ-WEBCAM" --shodan_key keygoeshere -c camera\fR Use Shodan to populate a targets list and check them for default credentials
.TP
\fBchangeme --protocols ssh,ssh_key 192.168.2.0/24\fR Scan subnet for SSH and known SSH keys
.TP
\fBchangeme snmp://192.168.2.100\fR Scan a host for SNMP creds using the protocol syntax
.SH AUTHOR
changeme was developed by ztgrace, this manpage was made by Samuel Henrique <[email protected]> based on \fBchangeme --help\fR output and can be used by other projects as well.