Get started
Tools / Security Nuclei / Use Cases / Test for Default Credentials

Test for Default Credentials

Check whether services are accessible with factory-default usernames and passwords.

Tool
Security Nuclei icon
Security Nuclei

Default credentials are one of the simplest and most exploited attack vectors. Routers, databases, admin panels, IoT devices, and management interfaces often ship with well-known default usernames and passwords. If these are not changed during setup, anyone who knows the defaults can log in. Attackers automate this at scale.

The scan_targets skill includes templates that test for default credentials across hundreds of products and services. It checks login pages for known default username/password combinations without requiring manual testing of each service. A single finding here means an attacker could walk right in.

Agent Guides

Claude

  1. Connect ToolRouter: claude mcp add toolrouter -- npx -y toolrouter-mcp
  2. Ask Claude: "Test example.com for default credentials using security-nuclei"
  3. Claude checks for known default login combinations and reports findings
Read full guide →

ChatGPT

  1. Configure ToolRouter in ChatGPT
  2. Ask: "Check my services for default credentials" and provide the targets
  3. ChatGPT tests known defaults and reports any successful logins
Read full guide →

Copilot

  1. Add ToolRouter to Copilot MCP config
  2. In Copilot Chat: "Test our services for default credentials"
  3. Copilot checks for known defaults and reports findings
Read full guide →

OpenClaw

  1. Connect ToolRouter: openclaw mcp add toolrouter -- npx -y toolrouter-mcp
  2. Ask OpenClaw: "Test my services for default credentials"
  3. OpenClaw checks known defaults and reports any matches
Read full guide →

Related Use Cases

Open Check for Known CVE Exposures

Check for Known CVE Exposures

Detect whether your targets are affected by specific CVEs with publicly disclosed exploits.

Security Nuclei icon
Security Nuclei4 agent guides
Open Scan for Misconfigured Services

Scan for Misconfigured Services

Detect security misconfigurations like exposed admin panels, debug endpoints, and open directories.

Security Nuclei icon
Security Nuclei4 agent guides
Open Run Security Compliance Checks

Run Security Compliance Checks

Verify that your infrastructure meets security baselines by scanning for common compliance issues.

Security Nuclei icon
Security Nuclei4 agent guides

Related Workflows

Full Security AssessmentComprehensive security assessment combining infrastructure probing, vulnerability scanning, penetration testing, and CVE intelligence.Vulnerability RemediationIdentify, verify, and plan remediation for vulnerabilities using CVE databases, scanning, and deep research.Subdomain Security ScanEnumerate subdomains, probe services, scan for takeover vulnerabilities, and capture visual evidence.Compliance Security AuditAudit systems against compliance frameworks using automated scanning, vulnerability checks, auth testing, and research.Incident Response ToolkitInvestigate security incidents by verifying DNS integrity, scanning for compromise indicators, and researching threat intelligence.Continuous Security MonitoringMaintain ongoing security visibility through DNS monitoring, service probing, vulnerability scanning, and CVE tracking.