Password Utilities


Password Utilities

Use for management, recovery, cracking, and stress testing your password or phrase.

Hashcat — Multi-Platform
Hashcat is the world’s fastest and most advanced password recovery tool. This version combines the previous CPU-based hashcat (now called hashcat-legacy) and GPU-based oclHashcat.

Hashview — RVM, MySql, Resque, Ruby
Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat (https://hashcat.net) commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics with pretty pictures ready for ctrl+c, ctrl+v into your reports.

Hashtopolis — PHP
A Hashcat wrapper for distributed hashcracking. Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management.

Crowbar — Python
Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.

BruteX — Shell
Automatically brute force all services running on a target. Ports, Usernames, and Passwords 9 Scan modes to meet any pentest scenario. 16+ Auto-pwn exploits added.

Medusa — Parallel Network Login Auditor
Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.

Patator — Python
Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors.

THC-Hydra — C
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.

Dagon — Python
Named after the prince of Hell, Dagon (day-gone) is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more.

Pydictor — Python
You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on. You can use the pydictor built-in tool to safe delete, merge, unique, merge and unique, count word frequency to filter the wordlist. You also can specify your wordlist and use '-tool handler' to filter your wordlist

LaZange — Python
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.

BitCracker — GPU or CPU supporting OpenCL
BitCracker is the first open source password cracking tool for storage devices (Hard Disk, USB Pendrive, SD card, etc...) encrypted with BitLocker, an encryption feature available on Windows Vista, 7, 8.1 and 10 (Ultimate, Pro and Enterprise editions). BitLocker offers a number of different authentication methods to encrypt a storage device like Trusted Platform Module (TPM), Smart Card, Recovery Password, User supplied password.

UnCaptcha2 — Python
Created in April 2017, unCaptcha achieved 85% accuracy defeating Google's ReCaptcha. Since unCaptcha2 has to go to specific coordinates on the screen, you'll need to update the coordinates based on your setup. These coordinates are located at the top of run.py. On Linux, using the command xdotool getmouselocation --shell to find the coordinates of your mouse may be helpful.

GoCrack — Go
FireEye's Innovation and Custom Engineering (ICE) team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI (Figure 1 shows the dashboard) to create, view, and manage tasks. Simply deploy a GoCrack server along with a worker on every GPU/CPU capable machine and the system will automatically distribute tasks across those GPU/CPU machines.

Wavecrack — Python
A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. This Web application can be used to launch asynchronous password cracks with hashcat.

PassGan — Python
State-of-the-art password guessing tools, such as HashCat and John the Ripper, enable users to check billions of passwords per second against password hashes. In addition to performing straightforward dictionary attacks, these tools can expand password dictionaries using password generation rules, such as concatenation of words (e.g., "password123456") and leet speak (e.g., "password" becomes "p4s5w0rd"). Although these rules work well in practice, expanding them to model further passwords is a laborious task that requires specialized expertise. Read Paper

Hate Crack — Python
A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

CrackLord — Go
CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware systems into a single queueing service across two primary services: the Resource and Queue. It won't make these tasks faster, but it will make it easier to manage them.

kbd-audio — C++
This is a collection of command-line and GUI tools for capturing and analyzing audio data. Tools for capturing and analysing keyboard input paired with microphone capture.

Real-Time-Voice-Cloning — Python
This repository is an implementation of Transfer Learning from Speaker Verification to Multispeaker Text-To-Speech Synthesis (SV2TTS) with a vocoder that works in real-time. Feel free to read this thesis to look at the figures beyond the introduction.