Potentially useful for both legitimate and nefarious purposes, this list of default passwords currently boasts 1715 out-of-the-box passwords from 374 vendors.
The list is provided by cirt.net, which is "maintained by some people who work in the security industry." CIRT is presumably an acronym for Computer Incident Response Team, and a little further digging leads us to Chris Sullo, co-founder of the Open Security Foundation and developer of Nikto:
...an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
There's also a brief interview with Chris regarding Nikto.
Nikto, (which may or may not be a reference to a race of reptilian humanoids from Star Wars, or even a tip of the hat to an obscure science fiction reference), is listed on sectools.org as the number one web vulnerability scanner.