Some time ago Paulino has authored NSE script http-default-accounts,
which is designed to detect presence of default accounts on HTTP
targets. The script uses a fingerprint dataset to cope with various
targets and their login flows. A default dataset is included with nmap.

I have put together an alternate fingerprint dataset, which consists of
300 fingerprints. Both common platforms and quite a few specialized
devices are covered, including thermostats, pool pumps, door locks,
intercoms, maritime navigation, solar systems, and RF relays.

https://github.com/nnposter/nndefaccts
(Licensed under GPL 3+)

It should work reasonably well with any relatively recent version of
nmap but for the best experience I do recommend using 7.70 because of
relevant improvements that were made to NSE libraries over the past few
years.

This dataset is maintained separately from nmap proper so please do not
report problems to this dev list or through nmap issues on GitHub.
Instead please review the repository README and open a GitHub issue at
https://github.com/nnposter/nndefaccts/issues

Cheers,
nnposter