In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.
hashID is a tool to help you identify different types of hashes used to encrypt data, especially passwords. It’s written in Python 3 and supports the identification of over 220 unique hash types using regular expressions. hashID is able to identify a single hash, parse a file or read multiple files in a directory and […]
Abbrase is an abbreviated passphrase password generator. An ‘abbrase’ is one of the passwords it produces. It generates a password and a phrase like “phyeigdolrejutt” and “physical eight dollars rejected utterly”. Creating secure passwords is easy. Remembering them is hard. Pwgen makes them memorable though pronounceability. XKCD suggests using a series of random common words, […]
Fluxion is an automated EvilAP attack tool for carrying out MiTM attacks on WPA Wireless networks written in a mix of Bash and Python. Fluxion is heavily based off Linset the Evil Twin Attack Bash Script, with some improvements and bug-fixes. How it Works Scan the networks. Capture a handshake (can’t be used without a […]
DyMerge is a simple, yet powerful bruteforce dictionary merging tool – written purely in python – which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition for a successful dictionary based (or bruteforce) attack. One day the author was making his way through a ctf challenge, and […]
DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to […]
IGHASHGPU is an efficient and comprehensive command line GPU based hash cracking program that enables you to retrieve SHA1, MD5 and MD4 hashes by utilising ATI and nVidia GPUs. It even works with salted hashes making it useful for MS-SQL, Oracle 11g, NTLM passwords and others than use salts. IGHASHGPU is meant to function with […]