claudetools/CREDENTIAL_GAP_ANALYSIS.md

Credential Gap Analysis

Date: 2026-01-24 Scope: ClaudeTools codebase credential audit

---

Executive Summary

Comprehensive scan of ClaudeTools codebase identified 5 infrastructure servers with credentials documented in INITIAL_DATA.md but missing from credentials.md, plus 1 external VPS server actively in use.

Status:

• ✓ IX Server credentials added to credentials.md
• ⏳ 5 additional servers need documentation
• ⏳ GoDaddy VPS credentials need verification

---

Critical Priority Gaps

1. pfSense Firewall (172.16.0.1)

Status: CRITICAL - Active production firewall Source: INITIAL_DATA.md lines 324-331 Missing from: credentials.md

Credentials:

• Host: 172.16.0.1
• SSH Port: 2248
• User: admin
• Password: r3tr0gradE99!!
• Tailscale IP: 100.79.69.82
• Role: Primary firewall, VPN gateway, Tailscale gateway
• Subnet Routes: 172.16.0.0/16

Priority: CRITICAL - This is the network gateway

---

High Priority Gaps

2. WebSvr (websvr.acghosting.com)

Status: Active - DNS management server Source: INITIAL_DATA.md lines 362-367 Referenced in: clients/grabb-durando/website-migration/README.md

Credentials:

• Host: websvr.acghosting.com
• External IP: 162.248.93.81
• User: root
• SSH Port: 22
• Password: r3tr0gradE99#
• OS: CentOS 7 (WHM/cPanel)
• Role: Legacy hosting, DNS management for ACG Hosting

Priority: HIGH - Used for DNS management (grabbanddurando.com zone)

3. OwnCloud VM (172.16.3.22)

Status: Active - File sync server Source: INITIAL_DATA.md lines 333-340 Missing from: credentials.md

Credentials:

• Host: 172.16.3.22
• Hostname: cloud.acghosting.com
• User: root
• SSH Port: 22
• Password: NOT DOCUMENTED in INITIAL_DATA.md
• OS: Rocky Linux 9.6
• Role: OwnCloud file sync server
• Services: Apache, MariaDB, PHP-FPM, Redis

Priority: HIGH - Password needs verification Action Required: Determine OwnCloud root password

---

Medium Priority Gaps

4. Saturn (172.16.3.21)

Status: Decommissioned Source: INITIAL_DATA.md lines 316-322

Credentials:

• Host: 172.16.3.21
• User: root
• SSH Port: 22
• Password: r3tr0gradE99
• OS: Unraid 6.x
• Status: Migration to Jupiter complete

Priority: MEDIUM - Document for historical reference Note: May be offline, document as decommissioned

---

External Infrastructure

5. GoDaddy VPS (208.109.235.224)

Status: Active - CRITICAL disk space (99% full) Source: clients/grabb-durando/website-migration/README.md Missing from: credentials.md

Credentials:

• Host: 208.109.235.224
• User: root
• SSH Port: 22
• Auth: SSH key (id_ed25519)
• OS: CloudLinux 9.6
• cPanel: v126.0
• Role: data.grabbanddurando.com hosting (pending migration)

Database Credentials (on GoDaddy VPS):

• Database: grabblaw_gdapp
• User: grabblaw_gdapp
• Password: e8o8glFDZD

Priority: HIGH - Active production, urgent migration needed Action Required: Document for migration tracking

---

Credentials Already Documented (Verified)

✓ GuruRMM Server (172.16.3.30) ✓ Jupiter (172.16.3.20) ✓ IX Server (172.16.3.10) - ADDED TODAY ✓ Gitea credentials ✓ AD2 (192.168.0.6) ✓ D2TESTNAS (192.168.0.9) ✓ ClaudeTools database ✓ GuruRMM API access ✓ Peaceful Spirit VPN

---

Additional Findings

API Keys/Tokens Referenced

From INITIAL_DATA.md lines 569-574:

Priority for future documentation:

• Gitea API Token (generate as needed)
• Cloudflare API Token
• SyncroMSP API Key
• Autotask API Credentials
• CIPP API Client (ClaudeCipp2)

Status: Not critical yet, document when generated/used

---

Duplicate/Inconsistent Information

GuruRMM Server

Issue: Referenced as "Build Server" in some docs, "GuruRMM Server" in others Resolution: credentials.md uses "GuruRMM Server (172.16.3.30)" - CONSISTENT

Aliases found:

• Build Server (INITIAL_DATA.md)
• GuruRMM Server (credentials.md)
• gururmm (hostname)

Recommendation: Add note about aliases in credentials.md

---

Password Pattern Analysis

Common password base: r3tr0gradE99 with variations:

• r3tr0gradE99 (Saturn)
• r3tr0gradE99!! (pfSense)
• r3tr0gradE99# (WebSvr)
• Th1nk3r^99## (Jupiter)
• Gptf*77ttb!@#!@# (IX Server)
• Gptf*77ttb123!@#-rmm (Build Server)
• Gptf*77ttb123!@#-git (Gitea)

Security Note: Multiple servers share password base patterns Recommendation: Consider password rotation and unique passwords per server

---

Files Scanned

✓ credentials.md ✓ INITIAL_DATA.md ✓ GURURMM_API_ACCESS.md ✓ clients/internal-infrastructure/ix-server-issues-2026-01-13.md ✓ clients/grabb-durando/website-migration/README.md ✓ PROJECTS_INDEX.md ✓ 111 markdown files with IP addresses (scanned for patterns)

---

Recommendations

Immediate Actions

1. ✓ Add IX Server to credentials.md - COMPLETED
2. Add pfSense to credentials.md - CRITICAL
3. Add WebSvr to credentials.md - HIGH
4. Determine OwnCloud root password and document
5. Add GoDaddy VPS to credentials.md (Client section)

Documentation Improvements

6. Create "Decommissioned Infrastructure" section for Saturn
7. Add "External/Client Servers" section for GoDaddy VPS
8. Add server aliases/hostnames to existing entries
9. Document password patterns (separate secure doc?)
10. Add "API Keys & Tokens" section (future use)

Security Considerations

11. Review password reuse across servers
12. Consider password rotation schedule
13. Document SSH key locations and usage
14. Verify VPN access requirements for each server

---

Next Steps

1. Complete credential additions to credentials.md
2. Verify OwnCloud password (may need to reset or recover)
3. Test access to each documented server
4. Update credentials.md Last Updated timestamp
5. Run grepai indexing verification
6. Create final audit summary report

---

Audit Status: ClaudeTools scan COMPLETE, claude-projects scan PENDING Gaps Identified: 5 servers, 1 external VPS, multiple API keys Critical Gaps: 1 (pfSense firewall) High Priority Gaps: 2 (WebSvr, OwnCloud)