pydictor - A powerful and useful hacker dictionary builder for a brute-force attack

•    Python

---

A powerful and useful hacker dictionary builder for a brute-force attack

password-generator wordlist-generator social-engineering-attacks password-dictionaries password-wordlist bruteforce-attacks brute-force blasting pentesting pentest hackertools password-cracker hacking-tool hacking wordlist weak-passwords bruteforce bruteforce-password-cracker brute

express-brute - Brute-force protection middleware for express routes by rate limiting incoming requests

•    Javascript

---

A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. An in-memory store for persisting request counts. Don't use this in production, instead choose one of the more robust store implementations listed below.

brute force bruteforce attack fibonacci rate limit security

credential - Easy password hashing and verification in Node

•    Javascript

---

Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.Employs cryptographically secure, per password salts to prevent rainbow table attacks. Key stretching is used to make brute force attacks impractical. A constant time verification check prevents variable response time attacks.

password passwords hash auth authorization authentication security login sign-in salt rainbow brute stretching pbkdf2

BruteX - Automatically brute force all services running on a target.

•    Shell

---

This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use. Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support for sniper.

brute-force bruteforce bruteforcing bruteforce-attacks brute hacking

dnsbrute - a fast domain brute tool

•    Go

---

a fast domain brute tool

pentest dns domain brute

ForcePlot

•    

---

Force plot is a user friendly graphing calculator which uses brute-force computing. It can plot difficult equations that many popular programs cannot plot.

brute-force calculator graph graphing plot

rar brute force shell script - rarbrute

•    Shell

---

This is rarbrute, a shell script to brute force encrypted rar files under unix and linux. A long wordlist and a paper about security in internet cafes is included.

MasterMind Solver

•    Java

---

This Java project is a rough example of how to develop a brute force validation algorithm to make your computer look like "making guesses". It will take the role of a MasterMind player trying to solve the puzzle set by you.

brute-force master-mind mastermind solver

Mindless Setback

•    CSharp

---

Setback is a card game popular in New England. This project uses a combination of brute force and Monte Carlo methods to play Setback. This is an experimental approach to playing cards and other games where incomplete information is available.

brute-force card cards console game monte-carlo

scrypt - A Ruby gem with native C extension for the scrypt password hashing algorithm.

•    C

---

The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt. The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.

buster - Brute force static site generator for Ghost

•    Python

---

Super simple, Totally awesome, Brute force static site generator for Ghost. Start with a clean, no commits Github repository.

express-rate-limit - Basic rate-limiting middleware for express

•    Javascript

---

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Note: this module does not share state with other processes/servers by default. If you need a more robust solution, I recommend using an addon store or trying out one of the excelent competing options.

express-rate-limit express rate limit ratelimit rate-limit middleware ip auth authorization security brute force bruteforce brute-force attack

gitbrute - brute-force a git commit hash

•    Go

---

brute-force a git commit hash

tactical-exploitation - Modern tactical exploitation toolkit.

•    Python

---

I've always been a big proponent of a tactical approach to penetration testing that does not focus on exploiting known software vulnerabilities, but relies on old school techniques such as information gathering and brute force. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects. This repository aims to provide a tactical exploitation toolkit to assist penetration testers during their assignments. The tools currently released are described below. See also http://www.0xdeadbeef.info/ for some older tools and techniques.

penetration-testing active-directory information-gathering brute-force metasploit-framework

bruteforce-database - Bruteforce database

•    

---

A Password dictionaries. Fork the project on Github.

duyetdev password-dictionaries seclists password brute-force bruteforce brute-force-attacks

wordlist - Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force

•    

---

Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. The following is an alphabetical list of IP camera manufacturers and their default usernames and passwords. The goal is to help users quickly get started with cameras. At the bottom of the post, we examine the use and security concerns of using default passwords.

MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics

•    

---

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics and checklist, which is mapped OWASP Mobile Risk Top 10 for conducting pentest. Your contributions and suggestions are welcome.

mobile-app pentesting android-application ios-app runtime-analysis network-analysis static-analysis reverse-engineers dynamic-analysis

rarcrack

•    C

---

This program uses a brute force algorithm to guess your encrypted compressed file\'s password. If you forget your encrypted file password, this program is the solution. This program can crack zip,7z and rar file passwords.

PseudoQ

•    Java

---

A java application for creating, playing and solving SuDoku puzzles of various types. Features both a Swing GUI and command-line operation. The automatic solving of puzzles uses quot;smartquot; techniques rather than a brute force search of every possibility.

FileHashler

•    Java

---

Java based API and commandline utility for cross-platform file encryption and archivation (up to 2,1 GB). Uses Twofish and SHA-256 *** due to current design error FHL has a weakness to brute force attacks and usage is deprecated!! ***