brute library and all the NSE scripts depending on it use two separate databases to retrieve usernames and passwords when performing brute-force password-auditing attacks. The dictionaries distributed with Nmap are somewhat small since it wouldn't be practical to include and distribute large files. It is up to the users to either replace the dictionaries or provide different dictionaries via the library arguments, given that the default username and password dictionaries are only 72 KB and 46 KB in size, respectively.
Keep in mind that the effectiveness of all your brute-force attacks depends on how good your dictionaries are.
Usernames are stored in your Nmap data ...