This is a two part project and I am accepting bids on the low end of my range for part 1 only, and towards the high end if you are going to do both parts.
Need a script that I can run on my server to test for insecure passwords. This script should run locally on the server only, I will not be using to test passwords remotely.
I want to make sure I don't have any users with passwords like:
I want this to test usernames in:
for easy to guess passwords (maybe like 100-1000 of the most common passwords), or variations of the username (IE, username backwards, a replaced with [at sign], username plus a number)
I also want the ability to have the script read from a word list.
Part 2 I want the script to also test email passwords, this is a cpanel server and the email passwords are in:
/etc/vmail]# cat [url removed, login to view]
test:x:32006:32008::/home/jeff/mail/[url removed, login to view]:/bin/bash
ronlost2:x:32006:32008::/home/jeff/mail/[url removed, login to view]:/bin/bash
for example it would need to assemble test the fully qualified username:
test[at sign][url removed, login to view] or test+[url removed, login to view]
ronlost2[at sign][url removed, login to view] or ronlost2+[url removed, login to view]
It would need to cycle through multiple domains in the /etc/vmail directory.
And it would also need to test additional FTP account logins:
which are in: /etc/proftpd/username
These logins need to be fully qualified also, so it would have to append the domain, which you might have to get from /etc/userdomains
The format of that file is:
so the fully qualified username for that one would be
trellsion[at sign][url removed, login to view] or trellsion+[url removed, login to view]