Skip to main content
scan4all includes extensive built-in dictionaries for password brute-forcing, file fuzzing, and fingerprinting. You can customize these dictionaries by modifying paths in config/config.json or replacing the default files.

Dictionary Types

scan4all uses three types of dictionaries:
  1. Service Dictionaries - Username/password lists for network services
  2. Web Dictionaries - Wordlists for web application attacks
  3. Fuzzing Dictionaries - Lists for file/directory discovery and fuzzing

Service Dictionaries

Each service has three dictionary types:
  • <service>username - List of common usernames
  • <service>_pswd - List of common passwords
  • <service>_default - Username:password pairs (tab or colon separated)

SSH Dictionaries

{
  "ssh_username": "pkg/hydra/dicts/ssh_user.txt",
  "ssh_pswd": "pkg/hydra/dicts/ssh_pswd.txt",
  "ssh_default": "pkg/hydra/dicts/ssh_default.txt"
}
File location: pkg/hydra/dicts/ 
root	password
admin	admin
ubuntu	ubuntu123
user	user123
Both tab-separated and colon-separated formats are supported:
root:password
admin:admin

Database Dictionaries

{
  "mysqlusername": "pkg/hydra/dicts/mysql_user.txt",
  "mysql_pswd": "pkg/hydra/dicts/mysql_pswd.txt",
  "mysql_default": "pkg/hydra/dicts/mysql_default.txt"
}

{
  "postgresqlusername": "pkg/hydra/dicts/postgresql_user.txt",
  "postgresql_pswd": "pkg/hydra/dicts/postgresql_pswd.txt",
  "postgresql_default": "pkg/hydra/dicts/postgresql_default.txt"
}

{
  "mongodbusername": "pkg/hydra/dicts/mongodb_user.txt",
  "mongodb_pswd": "pkg/hydra/dicts/mongodb_pswd.txt",
  "mongodb_default": "pkg/hydra/dicts/mongodb_default.txt"
}

{
  "mssqlusername": "pkg/hydra/dicts/mssql_user.txt",
  "mssql_pswd": "pkg/hydra/dicts/mssql_pswd.txt",
  "mssql_default": "pkg/hydra/dicts/mssql_default.txt"
}

{
  "oracleusername": "pkg/hydra/dicts/oracle_user.txt",
  "oracle_pswd": "pkg/hydra/dicts/oracle_pswd.txt",
  "oracle_default": "pkg/hydra/dicts/oracle_default.txt"
}

{
  "redisusername": "pkg/hydra/dicts/redis_user.txt",
  "redis_pswd": "pkg/hydra/dicts/redis_pswd.txt",
  "redis_default": "pkg/hydra/dicts/redis_default.txt",
  "es_user": "pkg/hydra/dicts/es_user.txt",
  "es_pswd": "pkg/hydra/dicts/es_pswd.txt",
  "es_default": "pkg/hydra/dicts/es_default.txt"
}

Network Protocol Dictionaries

{
  "ftpusername": "pkg/hydra/dicts/ftp_user.txt",
  "ftp_pswd": "pkg/hydra/dicts/ftp_pswd.txt",
  "ftp_default": "pkg/hydra/dicts/ftp_default.txt"
}

{
  "rdpusername": "pkg/hydra/dicts/rdp_user.txt",
  "rdp_pswd": "pkg/hydra/dicts/rdp_pswd.txt",
  "rdp_default": "pkg/hydra/dicts/rdp_default.txt"
}

{
  "smbusername": "pkg/hydra/dicts/smb_user.txt",
  "smb_pswd": "pkg/hydra/dicts/smb_pswd.txt",
  "smb_default": "pkg/hydra/dicts/smb_default.txt"
}

{
  "telnetusername": "pkg/hydra/dicts/telnet_user.txt",
  "telnet_pswd": "pkg/hydra/dicts/telnet_pswd.txt",
  "telnet_default": "pkg/hydra/dicts/telnet_default.txt"
}

{
  "snmp_user": "pkg/hydra/dicts/snmp_user.txt",
  "snmp_pswd": "pkg/hydra/dicts/snmp_pswd.txt",
  "snmp_default": "pkg/hydra/dicts/snmp_default.txt"
}

Web Application Dictionaries

Application Server Credentials

{
  "tomcatuserpass": "brute/dicts/tomcatuserpass.txt",
  "jbossuserpass": "brute/dicts/jbossuserpass.txt",
  "weblogicuserpass": "brute/dicts/weblogicuserpass.txt"
}
File location: brute/dicts/ These contain username:password pairs specific to each application server: 
tomcat:tomcat
admin:admin
manager:manager
role1:role1
both:both

HTTP Basic Authentication

{
  "httpuser": "brute/dicts/httpuser.txt",
  "httpass": "brute/dicts/httpass.txt"
}
Used for HTTP Basic Authentication, WebDAV, and SVN brute-forcing.

Password Lists

{
  "top100pass": "brute/dicts/top100pass.txt"
}
A curated list of the 100 most common passwords for quick testing.

Fuzzing Dictionaries

File Discovery

{
  "filedic": "brute/dicts/filedic.txt",
  "bakSuffix": "brute/dicts/bakSuffix.txt",
  "prefix": "brute/dicts/prefix.txt"
}
DictionaryPurposeExample Entries
filedicCommon file/directory namesadmin, login, config, backup
bakSuffixBackup file extensions.bak, .old, .backup, .swp, ~
prefixCommon URL prefixesapi, admin, test, dev
.bak
.old
.backup
.orig
.tmp
.swp
.save
~
.copy
.1

Content-Type Fuzzing

{
  "fuzzct": "brute/dicts/fuzzContentType1.txt"
}
List of Content-Type headers for testing content-type bypass vulnerabilities.

404 Detection

{
  "fuzz404": "brute/dicts/fuzz404.txt",
  "404url": "brute/dicts/404url.txt",
  "page404Content1": "brute/dicts/page404Content.txt"
}
Used to identify custom 404 pages and false positives during fuzzing.

Fingerprint Dictionaries

{
  "eHoleFinger": "pkg/fingerprint/dicts/eHoleFinger.json",
  "localFinger": "pkg/fingerprint/dicts/localFinger.json"
}
JSON files containing fingerprint signatures for technology detection.
Fingerprint dictionaries are in JSON format and contain pattern matching rules.

Creating Custom Dictionaries

Step 1: Create Your Wordlist

Create a new text file with one entry per line: 
# Create custom SSH username list
cat > /path/to/custom_ssh_users.txt << EOF
admin
root
ubuntu
debian
centos
user
test
EOF

Step 2: Update config.json

Modify the dictionary path in config/config.json: 
{
  "ssh_username": "/path/to/custom_ssh_users.txt"
}
Use absolute paths or paths relative to the scan4all directory.

Step 3: Test Your Configuration

./scan4all -host ssh://192.168.1.1 -v

Dictionary Format Requirements

Username/Password Lists

One entry per line: 
root
admin
user
test

Credential Pairs

Tab-separated (preferred): 
root	password
admin	admin123
user	userpass
Colon-separated (alternative): 
root:password
admin:admin123
user:userpass
The tool automatically converts colon-separated format to tab-separated during parsing.

Default Dictionary Locations

All built-in dictionaries are located in:
  • Service credentials: pkg/hydra/dicts/
  • Web fuzzing: brute/dicts/
  • Fingerprints: pkg/fingerprint/dicts/

Performance Considerations

Thread Configuration

Adjust threads based on dictionary size: 
{
  "hydrathread": 64,
  "Fuzzthreads": 32
}
  • Small dictionaries (less than 100 entries): Lower threads (16-32)
  • Medium dictionaries (100-1000): Default threads (32-64)
  • Large dictionaries (more than 1000): Higher threads (64-128)
Too many threads can trigger rate limiting or IDS/IPS alerts. Start conservative and increase gradually.

Dictionary Optimization

  1. Remove duplicates - Sort and unique your lists
  2. Order by probability - Most common entries first
  3. Split large files - Create targeted lists per scenario
  4. Remove comments - Strip unnecessary metadata
# Optimize a password list
sort -u passwords.txt > passwords_sorted.txt

Environment Variable Override

You can specify dictionaries via environment variables: 
# Use custom SSH dictionaries for a single scan
ssh_username=/tmp/custom_users.txt \
ssh_pswd=/tmp/custom_passwords.txt \
./scan4all -host ssh://example.com

Best Practices

Keep It Focused

Use targeted dictionaries for specific services instead of massive generic lists

Test First

Validate custom dictionaries on test systems before production use

Monitor Performance

Watch scan speed and adjust thread counts accordingly

Update Regularly

Keep dictionaries current with new default credentials

Example: Custom Web Application Scan

{
  "httpuser": "/opt/custom/web_users.txt",
  "httpass": "/opt/custom/web_passwords.txt",
  "filedic": "/opt/custom/web_paths.txt",
  "Fuzzthreads": 16,
  "hydrathread": 32
}

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us