zxcvbn - Low-Budget Password Strength Estimation

•    CoffeeScript

zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.Consider using zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".

hashcat - World's fastest and most advanced password recovery utility

•    C

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking. hashcat is licensed under the MIT license. Refer to docs/license.txt for more information.

wifi-cracking - Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat 🖧

Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat. This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network's security or break into one nearby. The attack outlined below is entirely passive (listening only, nothing is broadcast from your computer) and it is impossible to detect provided that you don't actually use the password that you crack. An optional active deauthentication attack can be used to speed up the reconnaissance process and is described at the end of this document.

KeychainCracker - macOS keychain cracking tool

•    Objective-C

macOS keychain cracking tool. I wrote this software in order to help relatives of a deceased friend to recover data from his computer. Please enjoy it responsibly, and please do not hack/harm people.

hashtopolis - A Hashcat wrapper for distributed hashcracking

•    PHP

Aiming for high usability even on restricted networks, Hashtopolis communicates over HTTP(S) using a human-readable, hashing-specific dialect of JSON. The server part runs on PHP using MySQL as the database back end. It is vital that your MySQL server is configured with performance in mind. Queries can be very expensive and proper configuration makes the difference between a few milliseconds of waiting and disastrous multi-second lags. The database schema heavily profits from indexing. Therefore, if you see a hint about pre-sorting your hashlist, please do so.

duplicut - Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

•    C

Modern password wordlist creation usually implies concatenating multiple data sources. Ideally, most probable passwords should stand at start of the wordlist, so most common passwords are cracked instantly.

SharpCrack

Hash cracker written in managed code.

reverse-engineering-tutorials - Reverse Engineering Tutorials

•    HTML

Run everything on a virtual machine at your OWN Risk. Shared for educational purposes only.

xAnalyzer - xAnalyzer plugin for x64dbg

•    C

xAnalyzer is a plugin for the x86/x64 x64dbg debugger by @mrexodia. This plugin is based on APIInfo Plugin by @mrfearless, although some improvements and additions have been made. xAnalyzer is capable of doing various types of analysis over the static code of the debugged application to give more extra information to the user. This plugin is going to make an extensive API functions call detections to add functions definitions, arguments and data types as well as any other complementary information, something close at what you get with OllyDbg analysis engine, in order to make it even more comprehensible to the user just before starting the debuggin task. Defined and generic functions, arguments, data types and additional debugging info recognition.

FileVaultCracker - macOS FileVault cracking tool

•    Objective-C

macOS FileVault cracking tool. I wrote this software in order to help relatives of a deceased friend to recover data from his computer. Please enjoy it responsibly, and please do not hack/harm people.

dcipher - Decipher hashes using online rainbow & lookup table attack services.

•    Javascript

Decipher hashes using online rainbow & lookup table attack services. Returns the plaintext value of a hash.

dcipher-cli - Crack hashes using online rainbow & lookup table attack services, right from your terminal

•    Javascript

Crack hashes using online rainbow & lookup table attack services, right from your terminal.

ethaddrgen - Custom Ethereum vanity address generator made in Rust

•    Rust

Disclaimer: Do not use the private key shown in this demo; it's public, strangers could steal your Eth. Never share your private key with anyone. It's your and only your responsibility to keep your private key in secret. Download the latest release here. To display usage, run ethaddrgen -h or ethaddrgen --help for a longer version. ethaddrgen expects the last arguments to be patterns. If no patterns are provided as arguments, ethaddrgen reads patterns from the standard input where each pattern is on a separate line.

TwitterX - Keeping Twitter for macOS alive with code injection

•    Objective-C

An educational project aiming to maintain Twitter for macOS working while adding new features... All this by injecting code into the official binary. Twitter for macOS provides the best native and free experience, although it lacks some features available on the web version.

hashtopolis-agent - Official agents for using the distributed hashcracker Hashtopolis

•    CSharp

Official agents for using the distributed hashcracker Hashtopolis.

distributed-password-cracking - Borrow CPU cycles from visitor's web browsers to crack MD5 password hashes 😲

•    Javascript

Borrow CPU cycles from visitor's web browsers to crack MD5 password hashes. Embedding a hidden <iframe> to a website will automatically add a visitor's browser as a node in a password cracking botnet. Their browser will received MD5 hashes and password candidates from a command-and-control server and report back any passwords it cracks for the duration of the time the visitor is browsing the "infected" website. This is proof-of-concept code for the Browser as Botnet talk (video) at Radical Networks 2017. As such, it is not optimized. There are far more efficient ways to crack passwords if that is your goal. This project is intended to illustrate how compute jobs can be massively distributed across browsers.

badtouch - Scriptable network authentication cracker

•    Rust

badtouch is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you may still end up writing your own python scripts when testing credentials for web applications. The scope of badtouch is specifically cracking custom services. This is done by writing scripts that are loaded into a lua runtime. Those scripts represent a single service and provide a verify(user, password) function that returns either true or false. Concurrency, progress indication and reporting is magically provided by the badtouch runtime.

bopscrk - A tool to generate smart and powerful wordlists.

•    Python

Bopscrk (Before Outset PaSsword CRacKing) is a tool to assist in all the previous process of password cracking. By now, it's able to generate smart and powerful wordlists. The first idea was inspired by Cupp and Crunch. We could say that bopscrk is a wordlist generator situated between them, taking the best of each one. The challenge was try to apply the Cupp's idea to more generic-situations and amplify the shoot-range of the resultant wordlist, without loosing this custom-wordlist-profiler feature.

ssh_brute_force - Crack SSH Password using Dictionary and Brute Force Method

•    C

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users. The program is working as a single thread application. I wish to implement it as a multithreaded application so that it can be used in real world scenario.