Displaying 1 to 20 from 47 results

sites-using-cloudflare - :broken_heart: Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement

  •    

This is an (archived) list of sites on Cloudflare DNS at the time of the CloudBleed HTTPS traffic leak announcement. Original vuln thread by Google Project Zero.This list is archived and no longer under active maintenance. It may contain stale or inaccurate data that will not be corrected. Do not link to it from press releases, it is not intended for end-users. If people want to find it, they can Google it.

MasterPassword - A stateless password management solution.

  •    Objective-C

Master Password is a completely new way of thinking about passwords. It consists of an algorithm that implements the core idea and applications for various platforms making the alogirthm available to users on a variety of devices and platforms.

payloads - Git All the Payloads! A collection of web attack payloads.

  •    Shell

run ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.

hashview - A web front-end for password cracking and analytics

  •    CSS

Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat (https://hashcat.net) commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics with pretty pictures ready for ctrl+c, ctrl+v into your reports. Please see the Contribution Guide for how to develop and contribute. If you have any problems, please consult Issues page first. If you don't see a related issue, feel free to add one and we'll help.




node-keytar - Native Password Node Module

  •    C++

A native Node module to get, add, replace, and delete passwords in system's keychain. On macOS the passwords are managed by the Keychain, on Linux they are managed by the Secret Service API/libsecret, and on Windows they are managed by Credential Vault.Currently this library uses libsecret so you may need to install it before running npm install.

credential - Easy password hashing and verification in Node

  •    Javascript

Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.Employs cryptographically secure, per password salts to prevent rainbow table attacks. Key stretching is used to make brute force attacks impractical. A constant time verification check prevents variable response time attacks.

encpass.sh - Lightweight solution for using encrypted passwords in shell scripts

  •    Shell

encpass.sh provides a lightweight solution for using encrypted passwords in shell scripts using OpenSSL. It allows a user to encrypt a password (or any other secret) at runtime and then use it, decrypted, within another script. This prevents shoulder surfing passwords and avoids storing the password in plain text, which could inadvertently be sent to or discovered by an individual at a later date. This script generates an AES 256 bit symmetric key for each script (or user-defined label) that stores secrets. This key will then be used to encrypt all secrets for that script or label.

hashtopolis - A Hashcat wrapper for distributed hashcracking

  •    PHP

Aiming for high usability even on restricted networks, Hashtopolis communicates over HTTP(S) using a human-readable, hashing-specific dialect of JSON. The server part runs on PHP using MySQL as the database back end. It is vital that your MySQL server is configured with performance in mind. Queries can be very expensive and proper configuration makes the difference between a few milliseconds of waiting and disastrous multi-second lags. The database schema heavily profits from indexing. Therefore, if you see a hint about pre-sorting your hashlist, please do so.


snappass - It's like SnapChat... for passwords.

  •    Javascript

It's like SnapChat... for Passwords. This is a webapp that lets you share passwords securely.

privy - An easy, fast lib to correctly password-protect your data

  •    Python

Privy is a small and fast utility for password-protecting secret data such as API keys, cryptocurrency wallets, or seeds for digital signatures.Say for example you are using GnuPG. You are about to sign a message but it first requires your password. Does your password become the input to instantiate your private key? No, it is first hashed by a secure key derivation function. That hash then becomes the input to a symmetric cipher such as AES which then decrypts your stored private key. That is what Privy does.

easy-scrypt - This is a nice and simple wrapper in Go over the scrypt password based key derivation algorithm

  •    Go

This is a nice and simple wrapper in Go over the raw scrypt libraries available. There are just 2 calls exposed by the library(and should be!) which makes it super easy to embed in any of your projects.The salt is randomly generated from the crypto/rand library which generates a cryptographically secure pseudorandom number.

passwd-user - Get the passwd user entry from a username or uid

  •    Javascript

Works on macOS and Linux. See user-info if you need cross-platform support.Accepts a username or uid number. Defaults to the current user (process.getuid()).

Cryptex - Secure secret storage and cryptographic key retrieval for Node.js

  •    Javascript

If you check database passwords into git, download credential files from S3 or some other server, provide plaintext keys to your continuous integration/deployment solution, or don't have the ability to limit engineers from getting production secrets, stop doing what you're doing. Following 12 Factor? Rock on. We have env var support already built-in.

g20 - Fast and Easy 20 Character CLI Password Generator

  •    Javascript

g20 (Generate a 20 Character Password) is the fastest and easiest cross-platform CLI password generator on the planet. For years I have been using something similar to it but it only works on OS X. Feel free to submit an issue if you're stuck. No.

pass-rotate - A tool and library for rotating your password on online services

  •    Python

pass-rotate is a library and CLI for rotating passwords on various web services. This software makes it easier to rotate your passwords, one at a time or in bulk, when security events or routine upkeep of your online accounts makes it necessary. This is the first step towards a better future - one where users never interact with passwords at all and they're managed entirely by software. Adding new services is a tedious process. If you'd like to support pass-rotate, you can contribute my Patreon page and request support for specific providers.