I would like to check if any web interfaces for network/system devices (servers, routers, switches, printers) are using default vendor passwords ?
In VM module, we can run brute-force, but that doesn't check web interfaces, so how can I check?
Qualys Web Application Scanning (WAS) can be used for this. Just configure password brute forcing in your WAS option profile. There is pre-defined list with common credentials. Or you can provide your own list, which is probably better if you have specific default creds you are concerned about.
Retrieving data ...