anotherhadi/blog
1
Fork 0
mirror of https://github.com/anotherhadi/blog.git synced 2026-04-02 11:42:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Init flake

Browse Source 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
This commit is contained in:
Hadi
2026-03-25 19:16:01 +01:00
parent e008473cf5
commit 8a6133dd15
8 changed files with 2071 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/content/blog/default-passwords.md
View File

@@ -12,7 +12,7 @@ When a manufacturer ships a router, a camera, or a piece of software, it needs t
_The problem?_ Most users never change them. Whether out of convenience, lack of awareness, or simply because the service "works fine as-is", these factory-set credentials often remain active long after deployment.. turning a minor convenience into a serious **security hole**.
To help security researchers and pentesters quickly identify these exposure points, I built **[default-creds](https://default-creds.hadi.diy)**. It's an open-source, community-driven database of default credentials. Just search for a device or service, and you'll instantly get its known factory-set username and password. It also comes with a public API, documented at [default-creds.hadi.diy/api-docs](https://default-creds.hadi.diy/api-docs).
To help security researchers and pentesters quickly identify these exposure points, I built **[default-creds](https://default-creds.hadi.icu)**. It's an open-source, community-driven database of default credentials. Just search for a device or service, and you'll instantly get its known factory-set username and password. It also comes with a public API, documented at [default-creds.hadi.icu/api-docs](https://default-creds.hadi.icu/api-docs).
## Real-world impact
@@ -36,11 +36,11 @@ Default credentials aren't just a consumer problem. Enterprises, developers, and
1. **Change default credentials immediately.** The moment you deploy a new device or service, changing the default username and password should be the first thing you do; before it ever touches a production network.
2. **Use strong, unique passwords.** Replacing `admin:admin` with `admin:admin123` doesn't count. Use a password manager to generate and store proper credentials for each service.
3. **Audit your infrastructure.** You can't fix what you don't know about. Regularly scan your own systems for services still running on default credentials: this is exactly the kind of task [default-creds](https://default-creds.hadi.diy/) is built for.
3. **Audit your infrastructure.** You can't fix what you don't know about. Regularly scan your own systems for services still running on default credentials: this is exactly the kind of task [default-creds](https://default-creds.hadi.icu/) is built for.
### For developers
1. **Never ship with hardcoded default credentials.** A default password baked into your codebase is a vulnerability waiting to be exploited (and it will end up in databases like [default-creds](https://default-creds.hadi.diy) :p )
1. **Never ship with hardcoded default credentials.** A default password baked into your codebase is a vulnerability waiting to be exploited (and it will end up in databases like [default-creds](https://default-creds.hadi.icu) :p )
2. **Force a password change on first launch.** If your software needs a default to function, make it temporary. Block access until the user has set their own credentials.
3. **Generate a random password instead.** Even better: skip the default entirely. Generate a strong, unique password at install time and print it once in the console or the setup logs. The user still should change this password.

6
src/content/projects/default-creds.md
View File

@@ -3,7 +3,7 @@ title: "Default-Creds"
description: "Default Creds is a centralized, community-driven repository of factory-set credentials. Designed for pentesters and security researchers, it helps identify weak access points during engagement phases or audit internal infrastructure before they become a security liability."
image: "../../../public/images/projects/default-creds.png"
tags: ["default-password", "cybersecurity"]
demoLink: "https://default-creds.hadi.diy"
demoLink: "https://default-creds.hadi.icu"
sourceLink: "https://github.com/anotherhadi/default-creds"
---
@@ -22,9 +22,9 @@ sourceLink: "https://github.com/anotherhadi/default-creds"
**Default Creds** is a centralized, community-driven repository of factory-set credentials. Designed for pentesters and security researchers, it helps identify weak access points during engagement phases or audit internal infrastructure before they become a security liability.
**Live Instance:** [default-creds.hadi.diy](https://default-creds.hadi.diy)
**Live Instance:** [default-creds.hadi.icu](https://default-creds.hadi.icu)
**API Documentation:** [default-creds.hadi.diy/api-docs](https://default-creds.hadi.diy/api-docs)
**API Documentation:** [default-creds.hadi.icu/api-docs](https://default-creds.hadi.icu/api-docs)
## 🎯 The Mission

12
src/content/projects/n4c.md
View File

@@ -3,7 +3,7 @@ title: "Nix 4 cyber"
description: "A modular, opensource toolkit & knowledge-base for cybersecurity professionals built with nix & markdown, for CTF, OSINT or Pentest."
image: "../../../public/images/projects/n4c.png"
tags: ["nix", "ctf", "cybersecurity", "cheatsheets"]
url: "https://n4c.hadi.diy"
url: "https://n4c.hadi.icu"
sourceLink: "https://github.com/nix4cyber/n4c"
---
@@ -19,9 +19,9 @@ N4C (**nix4cyber**) is a personal knowledge-base and toolbox for CTF (capture th
It combines three core components:
- [Nix-based shells](https://n4c.hadi.diy/shells): pre-configured environments for specific security domains (web, cracking, networking, forensic, ...).
- [Cheatsheets](https://n4c.hadi.diy/cheatsheets/cheatsheets): quick reference guides organized by category.
- [CTF writeups](https://n4c.hadi.diy/writeups): markdown-formatted reports of challenges we've solved.
- [Nix-based shells](https://n4c.hadi.icu/shells): pre-configured environments for specific security domains (web, cracking, networking, forensic, ...).
- [Cheatsheets](https://n4c.hadi.icu/cheatsheets/cheatsheets): quick reference guides organized by category.
- [CTF writeups](https://n4c.hadi.icu/writeups): markdown-formatted reports of challenges we've solved.
All content is served through a static website built with [Hugo](https://gohugo.io/) and the [Doks](https://github.com/DELIGHT-LABS/hugo-theme-doks) (<3) theme, hosted on Netlify. The project is fully opensource under the MIT license and lives on GitHub.
@@ -34,9 +34,9 @@ You can then start a shell with the following command:
nix develop github:nix4cyber/n4c#<toolkit>
```
You could also install the alias `n4c` ([see here](https://n4c.hadi.diy/shells#alias)) and only type `n4c <toolkit>`
You could also install the alias `n4c` ([see here](https://n4c.hadi.icu/shells#alias)) and only type `n4c <toolkit>`
More informations about shells & toolkits [here](https://n4c.hadi.diy/shells)
More informations about shells & toolkits [here](https://n4c.hadi.icu/shells)
### Example