duplicut - Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

  •        68

Modern password wordlist creation usually implies concatenating multiple data sources. Ideally, most probable passwords should stand at start of the wordlist, so most common passwords are cracked instantly.

https://github.com/nil0x42/duplicut

Tags
Implementation
License
Platform

   




Related Projects

hashcat - World's fastest and most advanced password recovery utility

  •    C

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking. hashcat is licensed under the MIT license. Refer to docs/license.txt for more information.

naive-hashcat - Crack password hashes without the fuss :cat2:

  •    C

Crack password hashes without the fuss. Naive hashcat is a plug-and-play script that is pre-configured with naive, emperically-tested, "good enough" parameters/attack types. Run hashcat attacks using ./naive-hashcat.sh without having to know what is going on "under the hood". DISCLAIMER: This software is for educational purposes only. This software should not be used for illegal activity. The author is not responsible for its use. Don't be a dick.

hashview - A web front-end for password cracking and analytics

  •    CSS

Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat (https://hashcat.net) commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics with pretty pictures ready for ctrl+c, ctrl+v into your reports. Please see the Contribution Guide for how to develop and contribute. If you have any problems, please consult Issues page first. If you don't see a related issue, feel free to add one and we'll help.

wordlist - Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force

  •    

Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. The following is an alphabetical list of IP camera manufacturers and their default usernames and passwords. The goal is to help users quickly get started with cameras. At the bottom of the post, we examine the use and security concerns of using default passwords.


wifi-cracking - Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat 🖧

  •    

Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat. This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network's security or break into one nearby. The attack outlined below is entirely passive (listening only, nothing is broadcast from your computer) and it is impossible to detect provided that you don't actually use the password that you crack. An optional active deauthentication attack can be used to speed up the reconnaissance process and is described at the end of this document.

KeychainCracker - macOS keychain cracking tool

  •    Objective-C

macOS keychain cracking tool. I wrote this software in order to help relatives of a deceased friend to recover data from his computer. Please enjoy it responsibly, and please do not hack/harm people.

Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns

  •    

##hob064 This ruleset contains 64 of the most frequent password patterns used to crack passwords. Need a hash cracked quickly to move on to more testing? Use this list. ##d3adhob0 This ruleset is much more extensive and utilizes many common password structure ideas seen across every industry. Looking to spend several hours to crack many more hashes? Use this list.

hate_crack - A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

  •    Python

Brute forces all characters with the choice of a minimum and maximum password length. Uses StatsGen and MaskGen from PACK (https://thesprawl.org/projects/pack/) to perform a top mask attack using passwords already cracked for the current session. Presents the user a choice of target cracking time to spend (default 4 hours).

jBCrypt - A Java implementation of OpenBSD's Blowfish password hashing code

  •    Java

jBCrypt is an implementation the OpenBSD Blowfish password hashing algorithm, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres. This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking. The computation cost of the algorithm is parameterised, so it can be increased as computers get faster.

jBCrypt - A Java implementation of OpenBSD's Blowfish password hashing code

  •    Java

jBCrypt is an implementation the OpenBSD Blowfish password hashing algorithm, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres. This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking. The computation cost of the algorithm is parameterised, so it can be increased as computers get faster.

gocrack - GoCrack is a management frontend for password cracking tools written in Go

  •    Go

GoCrack provides APIs to manage password cracking tasks across supported cracking engines. MIT.

hashtopolis - A Hashcat wrapper for distributed hashcracking

  •    PHP

Aiming for high usability even on restricted networks, Hashtopolis communicates over HTTP(S) using a human-readable, hashing-specific dialect of JSON. The server part runs on PHP using MySQL as the database back end. It is vital that your MySQL server is configured with performance in mind. Queries can be very expensive and proper configuration makes the difference between a few milliseconds of waiting and disastrous multi-second lags. The database schema heavily profits from indexing. Therefore, if you see a hint about pre-sorting your hashlist, please do so.

hashcat-utils - Small utilities that are useful in advanced password cracking

  •    C

They all are packed into multiple stand-alone binaries. All of these utils are designed to execute only one specific function.

pack - PACK (Password Analysis and Cracking Kit)

  •    Python

PACK (Password Analysis and Cracking Kit)

hashcat-legacy - Advanced CPU-based password recovery utility

  •    C

Hashcat is an advanced CPU-based password recovery utility for Windows 7/8/10, Apple OS X, and GNU/Linux, supporting seven unique modes of attack for over 100 optimized hashing algorithms. Hashcat is licensed under the MIT license. Refer to docs/license.txt for more information.

zxcvbn - Low-Budget Password Strength Estimation

  •    CoffeeScript

zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.Consider using zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".

PassGAN - A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)

  •    Python

This repository contains code for the PassGAN: A Deep Learning Approach for Password Guessing paper. Use the pretrained model to generate 1,000,000 passwords, saving them to gen_passwords.txt.

secure-password - Making Password storage safer for all

  •    Javascript

They're both constrained by the constants SecurePassword.MEMLIMIT_MIN - SecurePassword.MEMLIMIT_MAX and SecurePassword.OPSLIMIT_MIN - SecurePassword.OPSLIMIT_MAX. If not provided they will be given the default values SecurePassword.MEMLIMIT_DEFAULT and SecurePassword.OPSLIMIT_DEFAULT which should be fast enough for a general purpose web server without your users noticing too much of a load time. However your should set these as high as possible to make any kind of cracking as costly as possible. A load time of 1s seems reasonable for login, so test various settings in your production environment. The settings can be easily increased at a later time as hardware most likely improves (Moore's law) and adversaries therefore get more powerful. If a hash is attempted verified with weaker parameters than your current settings, you get a special return code signalling that you need to rehash the plaintext password according to the updated policy. In contrast to other modules, this module will not increase these settings automatically as this can have ill effects on services that are not carefully monitored.

brainflayer - A proof-of-concept cracker for cryptocurrency brainwallets and other low entropy key alogrithms

  •    C

Brainflayer is a Proof-of-Concept brainwallet cracking tool that uses libsecp256k1 for pubkey generation. It was originally released as part of my DEFCON talk about cracking brainwallets (slides, video, why). The name is a reference to Mind Flayers, a race of monsters from the Dungeons & Dragons role-playing game. They eat brains, psionically enslave people and look like lovecraftian horrors.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.