A curated record of superior instruments, analysis, papers and different tasks associated to password cracking and password safety.
Learn the tips earlier than contributing! In brief:
Books
Cloud
- Cloud_crack – Crack passwords utilizing Terraform and AWS.
- Cloudcat – A script to automate the creation of cloud infrastructure for hash cracking.
- Cloudstomp – Automated deployment of cases on EC2 by way of plugin for prime CPU/GPU purposes on the lowest worth.
- Cloudtopolis – A software that facilitates the set up and provisioning of Hashtopolis on the Google Cloud Shell platform, shortly and fully unattended (and in addition, free!).
- NPK – NPK is a distributed hash-cracking platform constructed solely of serverless elements in AWS together with Cognito, DynamoDB, and S3.
- Penglab – Abuse of Google Colab for cracking hashes.
- Rook – Automates the creation of AWS p3 cases to be used in GPU-based password cracking.
Conversion
- 7z2hashcat – Extract data from password-protected .7z archives (and .sfx information) such that you could crack these “hashes” with hashcat.
- MacinHash – Convert macOS plist password file to hash file for password crackers.
- NetNTLM-Hashcat – Converts John The Ripper/Cain format hashes (singular, or in bulk) to HashCat suitable hash format.
- Rubeus-to-Hashcat – Converts / codecs Rubeus kerberoasting output into hashcat readable format.
- WINHELLO2hashcat – With this software one can extract the “hash” from a WINDOWS HELLO PIN. This hash could be cracked with Hashcat.
- bitwarden2hashcat – A software that converts Bitwarden’s information right into a hashcat-suitable hash.
- hc_to_7z – Convert 7-Zip hashcat hashes again to 7z archives.
- hcxtools – Transportable resolution for conversion of cap/pcap/pcapng (gz compressed) WiFi dump information to hashcat codecs.
- itunes_backup2hashcat – Extract the knowledge wanted from the Manifest.plist information to transform it to hashes suitable with hashcat.
- mongodb2hashcat – Extract hashes from the MongoDB database server to a hash format that hashcat accepts: -m 24100 (SCRAM-SHA-1) or -m 24200 (SCRAM-SHA-256).
Hashcat
Hashcat is the “World’s quickest and most superior password restoration utility.” The next are tasks instantly associated to Hashcat in a method or one other.
- Autocrack – A set of shopper and server instruments for routinely, and calmly routinely cracking hashes.
- docker-hashcat – Newest hashcat docker for Ubuntu 18.04 CUDA, OpenCL, and POCL.
- Hashcat-Stuffs – Assortment of hashcat lists and issues.
- hashcat-utils – Small utilities which are helpful in superior password cracking.
- Hashfilter – Learn a hashcat potfile and parse differing types right into a sqlite database.
- known_hosts-hashcat – A information and gear for cracking ssh known_hosts information with hashcat.
- pyhashcat – Python C API binding to libhashcat.
Automation
- autocrack – Hashcat wrapper to assist automate the cracking course of.
- hashcat.launcher – A cross-platform app that run and management hashcat.
- hat – An Automated Hashcat Instrument for frequent wordlists and guidelines to hurry up the method of cracking hashes throughout engagements.
- hate_crack – A software for automating cracking methodologies by way of Hashcat from the TrustedSec group.
- Naive hashcat – Naive hashcat is a plug-and-play script that’s pre-configured with naive, emperically-tested, “adequate” parameters/assault sorts.
Distributed cracking
- CrackLord – Queue and useful resource system for cracking passwords.
- fitcrack – A hashcat-based distributed password cracking system.
- Hashtopolis – A multi-platform client-server software for distributing hashcat duties to a number of computer systems.
- Kraken – A multi-platform distributed brute-force password cracking system.
Guidelines
- clem9669 guidelines – Rule for hashcat or john.
- hashcat guidelines assortment – In all probability the most important assortment of hashcat guidelines on the market.
- Hob0Rules – Password cracking guidelines for Hashcat based mostly on statistics and business patterns.
- Kaonashi – Wordlist, guidelines and masks from Kaonashi venture (RootedCON 2019).
- nsa-rules – Password cracking guidelines and masks for hashcat generated from cracked passwords.
- nyxgeek-rules – Customized password cracking guidelines for Hashcat and John the Ripper.
- OneRuleToRuleThemAll – “One rule to crack all passwords. or atleast we hope so.”
- pantagrule – Massive hashcat rulesets generated from real-world compromised passwords.
Rule instruments
- duprule – Detect & filter duplicate hashcat guidelines.
Net interfaces
- crackerjack – CrackerJack is a Net GUI for Hashcat developed in Python.
- CrackQ – A Python Hashcat cracking queue system.
- hashpass – Hash cracking WebApp & Server for hashcat.
- Hashview – An internet front-end for password cracking and analytics.
- Wavecrack – Wavestone’s internet interface for password cracking with hashcat.
- WebHashCat – WebHashcat is a quite simple however environment friendly internet interface for hashcat password cracking software.
John the Ripper
John the Ripper is “an Open Supply password safety auditing and password restoration software out there for a lot of working programs.” The next are tasks instantly associated to John the Ripper in a method or one other.
- BitCracker – BitCracker is the primary open supply password cracking software for reminiscence models encrypted with BitLocker.
- johnny – GUI frontend to John the Ripper.
Misc
- hashID – Software program to determine the various kinds of hashes.
- Identify That Hash – Do not know what sort of hash it’s? Identify That Hash will title that hash sort! Establish MD5, SHA256 and 300+ different hashes. Comes with a neat internet app.
Web sites
Communities
- hashcat Discussion board – Discussion board by the builders of hashcat.
- Hashmob – A rising password restoration neighborhood aimed in direction of being a middle level of collaboration for cryptography fans.
- Hashkiller Discussion board – A password cracking discussion board with over 20,000 registered customers.
Lookup companies
- CMD5 – Offers on-line MD5 / sha1/ mysql / sha256 encryption and decryption companies.
- CrackStation – Free hash lookup service supplying wordlists as effectively.
- Hashes.com – A hash lookup service with paid options.
- Hashkiller – A hash lookup service with a discussion board.
- On-line Hash Crack – Cloud password restoration service.
Wordlist instruments
Instruments for analyzing, producing and manipulating wordlists.
Evaluation
- PACK – A set of utilities developed to assist in evaluation of password lists to be able to improve password cracking by way of sample detection of masks, guidelines, character-sets and different password traits.
- pcfg_cracker – This venture makes use of machine studying to determine password creation habits of customers.
- Pipal – THE password analyser.
Era/Manipulation
- common-substr – Easy software to extract the most typical substrings from an enter textual content. Constructed for password cracking.
- Crunch – Crunch is a wordlist generator the place you possibly can specify a regular character set or a personality set you specify. Crunch can generate all doable mixtures and permutations.
- CUPP – A software that allows you to generate wordlists by person profiling information corresponding to birthday, nickname, deal with, title of a pet or relative and so on.
- duplicut – Take away duplicates from MASSIVE wordlist, with out sorting it (for dictionary-based password cracking).
- Gorilla – Instrument for producing wordlists or extending an present one utilizing mutations.
- Keyboard-Stroll-Mills – Generate Keyboard Stroll Dictionaries for cracking.
- kwprocessor – Superior keyboard-walk generator with configureable basechars, keymap and routes.
- maskprocessor – Excessive-performance phrase generator with a per-position configureable charset.
- maskuni – A standalone quick phrase generator within the spirit of hashcat’s masks generator with unicode assist.
- Mentalist – Mentalist is a graphical software for customized wordlist technology. It makes use of frequent human paradigms for establishing passwords and might output the total wordlist in addition to guidelines suitable with Hashcat and John the Ripper.
- Phraser – Phraser is a phrase generator utilizing n-grams and Markov chains to generate phrases for passphrase cracking.
- princeprocessor – Standalone password candidate generator utilizing the PRINCE algorithm.
- Rephraser – A Python-based reimagining of Phraser utilizing Markov-chains for linguistically-correct password cracking.
- Rling – RLI Subsequent Gen (Rling), a sooner multi-threaded, characteristic wealthy various to rli present in hashcat utilities.
- statsprocessor – Phrase generator based mostly on per-position markov-chains.
- TTPassGen – Versatile and scriptable password dictionary generator which supportss brute-force, mixture, advanced rule modes and so on.
- token-reverser – Phrases record generator to crack safety tokens.
- WikiRaider – WikiRaider allows you to generate wordlists based mostly on nation particular databases of Wikipedia.
Wordlists
Laguage particular
- Albanian wordlist – A mixture of names, final names and a few albanian literature.
- Danish Telephone Wordlist Generator – This software can generate wordlists of Danish cellphone numbers by space and/or utilization (Cellular, landline and so on.) Helpful for password cracking or fuzzing Danish targets.
- Danish Wordlists – Assortment of danish wordlists for cracking danish passwords.
- French Wordlists – This venture goal to offer french glossary about every thing an individual might use as a base password.
Different
- Packet Storm Wordlists – A considerable assortment of various wordlists in a number of languages.
- Rocktastic – Contains many permutations of passwords and patterns which were noticed within the wild.
- RockYou2021 – RockYou2021.txt is a MASSIVE WORDLIST compiled of varied different wordlists.
- WeakPass – Assortment of huge wordlists.
Particular file codecs
- pdfrip – A multi-threaded PDF password cracking utility geared up with generally encountered password format builders and dictionary assaults.
PEM
JKS
- JKS non-public key cracker – Cracking passwords of personal key entries in a JKS fileCracking passwords of personal key entries in a JKS file.
ZIP
- bkcrack – Crack legacy zip encryption with Biham and Kocher’s recognized plaintext assault.
- frackzip – Small software for cracking encrypted ZIP archives.
Synthetic Intelligence
- adams – Decreasing Bias in Modeling Actual-world Password Power by way of Deep Studying and Dynamic Dictionaries. – Code for cracking passwords with neural networks.
- RNN-Passwords – Utilizing the char-rnn to be taught and guess passwords.
- rulesfinder – This software finds environment friendly password mangling guidelines (for John the Ripper or Hashcat) for a given dictionary and a listing of passwords.
Analysis
Papers
Talks