As my previous post about enhancing password policy in ClearOS i mentioned about create simple PHP script for detecting user which using weak password. so i’d like to share it.
The script must be executed inside PDC server with modified user module (read my previous post for more detail) and it’s read file custom_weak_passwd_list.php as list of weak password that will be tried.
Make it executeable.
chmod +x check_weak_passwd.php
then run the script.
If you have a lot of user and bunch of list weak password you may run it outside peak hour also using background process terminal session such as tmux, screen, etc for preventing remote connection to server being lost.
The result file will be located at /tmp/list_weak_passwd.txt. here’s the real example output of script when i’m doing RnD.