ClearOS 6 weak password scanner

As my previous post about enhancing password policy in ClearOS i mentioned about create simple PHP script for detecting user which using weak password. so i’d like to share it.

The script must be executed inside PDC server with modified user module (read my previous post for more detail) and it’s read file custom_weak_passwd_list.php as list of weak password that will be tried.

Make it executeable.

chmod +x check_weak_passwd.php

then run the script.

  ./check_weak_passwd.php

If you have a lot of user and bunch of list weak password you may run it outside peak hour also using background process terminal session such as tmux, screen, etc for preventing remote connection to server being lost.

The result file will be located at /tmp/list_weak_passwd.txt. here’s the real example output of script when i’m doing RnD.

passwd_pol2.png

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s