I've had ftp.disloops.com running for about ten years. It's an FTP host that's configured to allow anonymous connections and uploads. This creates some security risks that I wrote about when I deployed it. A previous article explored some of those risks in depth.
I recently wanted to extract all the username/password combinations I'd seen since deploying the server. Only two usernames are accepted by anonymous VSFTPD servers:
FTP. Clients using these usernames receive a prompt for an arbitrary password. Sessions initiated with any other username are immediately ended.
To extract the authentication data, I created a script that accepts a VSFTPD log file as input. It pulls all username/password combinations from the file and exports them as text or CSV.
The script can be downloaded here: https://github.com/disloops/vsftpd_parse
You can see sample output from my own server here: results.txt
Note that the script is currently designed for a server that only allows anonymous connections. This VSFTPD configuration results in a specific log format since passwords are not accepted for non-anonymous usernames. The script could easily be modified to handle non-anonymous logins instead.