Password Attacks

asleap is a tool for actively recovering LEAP and PPTP passwords by exploiting deficiencies in Cisco LEAP networks. It uses dictionary files with NT hashes and libpcap captures to crack authentication credentials.

bopscrk generates smart and powerful wordlists for targeted password attacks by combining personal information related to a target and applying transformations. It includes a lyricpass module to incorporate lyrics from artists into the wordlists.

bruteforce-luks attempts to discover passwords for LUKS encrypted volumes by trying all possible combinations. It is particularly useful when partial password knowledge is available, such as in forensics scenarios.

Try to find the passphrase for files encrypted with OpenSSL using exhaustive or dictionary attacks. Supports multithreading and various OpenSSL ciphers and digests.

bruteforce-wallet attempts to recover passwords for encrypted cryptocurrency wallet files like Peercoin, Bitcoin, or Litecoin wallet.dat files using exhaustive or dictionary-based methods.

Brutespray is a bruteforce tool that automates password spraying against services discovered in Nmap scans and other vulnerability scanner outputs. It supports interactive mode and has been rewritten in Golang for faster performance without external dependencies.

ccrypt is a utility for secure encryption and decryption of files and streams using the Rijndael cipher, the basis for AES. It serves as a replacement for the weak Unix crypt utility.

chntpw is an NT SAM password recovery utility that allows viewing information and changing user passwords in Windows NT/2000 user database files without knowing the old passwords. It includes a registry editor and hex-editor for modifying registry hives and file contents.

cisco7crack is used to crack Cisco Type 7 passwords by decrypting and encrypting them. It allows quick decryption of stored passwords on Cisco devices.

CmosPwd is a cross-platform tool to decrypt passwords stored in CMOS used to access a computer's BIOS setup. It works out of the box on most modern systems, though some esoteric BIOSes may require additional steps.

Crack is a password guessing program that quickly locates vulnerabilities in Unix or other password files by scanning for weak login passwords. It provides variants for crypt() and MD5 password hashing.

Swiss army knife for pentesting Windows/Active Directory environments. Enumerates users, shares, executes attacks, and dumps credentials using native WinAPI calls.

Crowbar is a brute forcing tool for penetration tests that supports OpenVPN, RDP with NLA, SSH private key authentication, and VNC key authentication. It differs from typical brute forcers by using SSH keys instead of username/password pairs for SSH.

Crunch is a wordlist generator that creates dictionaries based on specified character sets, lengths, and combinations. It supports numbers, symbols, upper and lower case characters, and Unicode.

eapmd5pass extracts challenge-response pairs from EAP-MD5 authentication exchanges and performs offline dictionary attacks to crack user passwords. It works with live monitor-mode interfaces or libpcap capture files.

enumIAX is an Inter Asterisk Exchange (IAX) protocol username brute-force enumerator that supports dictionary attacks and sequential username guessing against target hosts.

fcrackzip is a fast password cracker for zip archives using brute force or dictionary attacks. It optionally tests results with unzip and can crack cpmask'ed images.

A simple Ruby script that decrypts Group Policy Preferences (GPP) encrypted strings. It recovers passwords from GPP XML files found in Windows environments.

Tool to identify the different types of hashes used to encrypt data and especially passwords. It analyzes input hashes and lists possible and least possible hash types.

World’s fastest and most advanced password recovery utility supporting over 300 highly-optimized hashing algorithms. Hashcat enables CPU, GPU, and hardware-accelerated cracking with multiple attack modes.

Hashcat-utils is a set of small utilities for advanced password cracking. They are packed into multiple stand-alone binaries, each designed to execute only one specific function.

hashID identifies over 175 unique hash types using regular expressions. It analyzes single hashes or parses files to detect hash types, including salted passwords.

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, enabling researchers and security consultants to demonstrate unauthorized remote system access.

John the Ripper is an active password cracking tool designed to detect weak passwords through dictionary attacks, rule mangling, and brute force methods. It supports numerous hash types and includes utilities for preprocessing wordlists and extracting hashes from various formats.

Johnny provides a graphical user interface for the John the Ripper password cracking tool. It simplifies the process of cracking passwords using a user-friendly GUI.

Kerberoast provides tools for attacking Microsoft Kerberos implementations. It enables extraction of SPN accounts, ticket acquisition, and cracking of TGS tickets.

High-performance word generator with per-position configurable charset. Enumerates combinations from user-defined keyspace using masks compatible with Hashcat.

Medusa is a fast, parallel, modular login brute-forcer for network services. It supports brute-force testing against multiple hosts, users, or passwords concurrently.

Mimikatz uses admin rights on Windows to display passwords of currently logged in users in plaintext. It is a post-exploitation tool for extracting credentials from Windows systems.

GPU accelerated password cracking tool featuring CUDA and OpenCL support for rainbow table generation and hash brute forcing. Supports multiple hash types including MD5, SHA1, LM, NTLM, and more.

name-that-hash identifies MD5, SHA256, and over 300 other hash types from provided hash strings or files. It helps users quickly determine the algorithm used for unknown hashes.

Nasty is a tool that helps recover forgotten GPG or PGP key passphrases. It supports customizable length, guessing modes, and charset filters.

High-speed network authentication cracking tool for testing poor passwords on hosts and devices. Supports protocols like RDP, SSH, HTTP(S), SMB, and more for large-scale auditing.

oclgausscrack cracks verification hashes of the Gauss Virus encrypted payload using OpenCL acceleration. It employs a 10k MD5 loop optimized for maximum performance on multi-GPU setups.

Ophcrack is a Windows password cracker that uses rainbow tables for rapid recovery of alphanumeric passwords. It supports Windows NT/2000/XP/Vista/7 and recovers 99.9% of such passwords in seconds.

Password analysis and cracking kit that analyzes wordlists to generate statistics and Hashcat masks for efficient password cracking. Aids in 'better than bruteforce' attacks by identifying common password patterns.

Password analysis and cracking kit that aids in preparing for better-than-brute-force password attacks by analyzing password creation patterns. It generates statistical databases and attack masks for tools like oclHashcat.

Patator is a multi-purpose brute-forcer with a modular design for flexible usage across various protocols and services. It supports modules for brute-forcing logins, enumerating users, fuzzing, and more.

PDFCrack is a simple tool for recovering passwords from PDF documents. It supports cracking both owner and user passwords using wordlists or bruteforcing.

pipal performs statistical analysis on password dumps to generate stats and information for analyzing passwords. It provides insights into top passwords, base words, lengths, and other patterns.

Standalone password candidate generator using the PRINCE algorithm. Generates chains of combined words from a single input wordlist as an advanced combinator attack.

RainbowCrack is a password cracker that uses rainbow tables to crack hashes via time-memory tradeoff. It implements Philippe Oechslin's faster technique, differing from brute force methods.

rarcrack is a brute force password cracker for encrypted RAR, ZIP, and 7Z archives. It automatically detects archive types and supports multi-threading for faster cracking.

rcracki-mt is a modified version of rcrack that supports hybrid and indexed rainbow tables for cracking password hashes. It adds multi-core support for faster processing.

Specialized passphrase recovery tool for GnuPG that helps recover nearly remembered passphrases by trying known parts and alternatives in all combinations. It supports GnuPG keys, symmetric encryption, and LUKS block devices.

RSMangler is a wordlist mangling tool that takes input words and performs various manipulations, including generating all permutations and acronyms before applying additional mangles. It is similar to John the Ripper's mangling capabilities but with unique preprocessing steps.

SIPcrack is a suite of tools to sniff and crack digest authentications within the SIP protocol. It includes sipdump for capturing SIP login data and sipcrack for bruteforcing passwords from the dump file.

Password Spraying tool for Active Directory Credentials. Sprays passwords against targets over time using password policy input to avoid account lockouts.

SprayHound is a Python library for safely password spraying in Active Directory. It sets pwned users as owned in Bloodhound and detects paths to Domain Admins.

A set of Python scripts for efficient password spraying attacks against Lync/S4B, OWA, and O365. Includes tools like atomizer for spraying and spindrift for username generation.

SQLdict is a dictionary attack tool specifically designed for SQL Server. It performs brute-force attacks using wordlists to crack SQL Server credentials.

Statsprocessor is a word generator based on per-position Markov chains packed into a single stand-alone binary. It generates candidate words based on a Hashcat format .hcstat file using statistical analysis of the original input dictionary.

sucrack is a multithreaded Linux/UNIX tool for cracking local user accounts via wordlist bruteforcing su. It enables efficient password attempts from a low-privilege account when su to other users is permitted.

Brute force program against PPTP VPN endpoints on TCP port 1723. Supports MSChapV2 authentication and exploits a weakness in Microsoft's anti-brute force implementation to try 300 passwords per second.

TrueCrack is a bruteforce password cracker for TrueCrypt volumes optimized with Nvidia CUDA technology. It supports PBKDF2 based on RIPEMD160, SHA512, or Whirlpool key derivation functions and AES, Serpent, or Twofish encryption.

twofi generates custom word lists from Twitter searches for keywords related to password cracking. It takes multiple search terms and returns words sorted by most common first.

Wordlistraider is a Python tool for preparing existing wordlists by filtering words that match specified conditions. It optimizes large wordlists, such as selecting only passwords with at least 8 characters, to save unnecessary requests.

Collection of wordlists for password cracking, directory enumeration, and other security testing tasks. Includes the popular rockyou.txt wordlist with over 14 million passwords.