List of users from a SSH brute force attack

1. # use 'zcat' for auth.log*.gz files, and 'cat' for auth.log and auth.log.1
2. # zcat auth.log.*.gz | grep "Invalid" - | awk -F"Invalid user " '{print $2}' | cut -f1 -d" " | sort | uniq
3. ____
4. 0admin
5. 0guest
6. 0racle
7. 1
8. 123123
9. a
10. admin
11. administrator
12. alias
13. andrea
14. app
15. auto
16. avouni
17. basilio
18. bebe
19. berila
20. bind
21. cisco
22. coffe
23. coffee
24. cron
25. cyrus
26. db2inst1
27. deployer
28. dev
29. D-Link
30. emunoz
31. fluffy
32. forum
33. ftp
34. ftpuser
35. gerente
36. ghost
37. git
38. GriGoRaS
39. guest
40. heggem
41. info
42. joomla
43. k1
44. lele
45. leonob
46. library
47. linux
48. mailnull
49. merrifield
50. minecraft
51. moodle
52. mysqladmin
53. mythtv
54. nagios
55. notice
56. office
57. oracle
58. pi
59. PlcmSpIp
60. plesk
61. postgres
62. postmaster
63. prueba
64. qmunoz
65. recruit
66. rmunoz
67. sales
68. samba
69. scan
70. shell
71. shop
72. smmsp
73. staff
74. support
75. test
76. tmunoz
77. tomcat
78. trash
79. ubnt
80. ubuntu
81. upload
82. user
83. vps
84. vyatta
85. webmaster
86. wmunoz
87. wordpress
88. www
89. x
90. xbian
91. xbmc
92. ymunoz