Sign In
Create Account
1. Brutus
One of the widely used remote online tools used for password-cracking is Brutus. Brutus claims to be the fastest paced and flexible password cracking tool. It is available free of cost and can only be operated in Windows. I t was released in October 2000.
HTTP for Basic Authentication, Pop3, Telnet, HTTP (HTML Form/CGI), FTP, SMB, and other types such as NetBus, IMAP, NNTP, etc. are supported in this. One can also create his own types of authentication. This tool supports the multi-stage authentication engines and is also capable of connecting with 60 simultaneous targets. Resume and Load are two of its good features. Using these features, one can halt the attack process any time and then resume whenever one would want to resume.
This tool hasn’t been updated for years now. However, it can still be used in the current times.
2. RainbowCrack
It falls in the hash cracker tool category that utilizes a large-scale time-memory trade off process for faster password cracking compared to traditional brute force tools. Time & memory trade-off is a process of computation where all plain text and hash pairs get calculated by using a chosen hash algorithm. The results are then stored in the rainbow table. This process can be very time-consuming. But, once the table is ready, it is capable of cracking passwords much faster than tools using brute force.
One doesn’t necessarily need to make tablets (rainbow) by themselves. RainbowCrack’s makers have been successful in generating rainbow tables (LM), md 5 rainbow table, rainbow table (NTLM), and sha 1 rainbow table.
The tables are free, therefore, anyone can get these tables and utilize them for their cracking of password processes.
This tool is for Linux and Windows systems also.
3. Wfuzz
Wfuzz is a web application for password cracking that cracks passwords using brute forcing. It can be used to find hidden resources too like servlets, directories and scripts. This tool is also capable of identifying different kinds of injections with, XSS Injection, LDAP Injection, SQL Injection, etc. in applications of Web.
Prominent features of Wfuzz tool:
Capability of injecting via multiple dictionaries with multiple points.
Output with coloured HTML.
Headers, post and authenticated data brute forcing.
SOCK and Proxy Support.
Multiple Proxy Support.
Multi-Threading.
Brute Force HTTP Password.
GET and POST Brute forcing.
Time delay between two requests.
Fuzzing of cookies.
4. Cain & Abel
Cain and Abel is a popular password cracking tool. Is can handle varying tasks. The most noticeable thing is the tool’s availability only in Windows platforms. It can function as a sniffer on the network, for cracking of encrypted passwords by the dictionary attack, uncovering cached passwords, decoding scrambled passwords, brute attacks, recording VoIP conversations, password boxes revelation, cryptanalysis attacks, and analysing protocols of routing.
Abel & Cain don’t exploit any bugs or vulnerability. It covers only the security weakness of a protocol to grab the password. This tool was mainly developed for network administrators, forensics staff, security professionals, and testers of penetration.
5. John the Ripper
John the Ripper is yet another popular free open source tool for password cracking in Linux, Mac OS X and Unix. A version for Windows is also available. This tool detects weak passwords. The pro-version of this tool is also available, which offers greater features with native packages for the test of target operating systems.
6. THC Hydra
THC Hydra can be said to be the fast paced network logon tool for password cracking. In comparison to other similar tools, it is clearly shown why it is faster. New modules can be easy to install in the tool. One can easily enhance the features by adding modules. It is available only for Windows, Free BSD, Linux, Solaris and OS X. The tool supports a large variety for network protocols. Currently supporting HTTP-FORM-POST, HTTP-PROXY, HTTP-GET, HTTPS-FORM-POST, HTTP-HEAD, HTTPS-FORM-GET, HTTP-FORM-GET, Ms(sql), Nntp, My(SQL), Ncp, PCNFS, Oracle’s Listener, Oracle, HTTPS-HEAD, pc-anywhere, Oracle’s SID, Pop3, Postgres, R.D.P, Rlogin, Rsh, rexec, SAP’s R3, Asterisk, Afp, Cisco’s AAA, Cisco auth, Cisco enable, Cvs, Firebird, FTP, HTTPS-GET, Telnet, Icq, IRC, HTTP-Proxy, SSH v1 & v2, Teamspeak (TS2), VMware-Auth, Subversion , XMPP & VNC, Imap, SIP, LDAP, SMB, SMTP Enum, SMTP, SOCKS5 and SNMP.
If one is a developer, then he can also contribute to the development of the tool.
THC Hydra
7. Medusa
Medusa is another tool for password cracking like THC Hydra. It is known to be a speedy parallel, login brute forcing tool and modular. When cracking the password; host, password and username can be a flexible input while the performance of the attack.
Medusa is popular for being the command line tool, so one need to understand commands before utilizing the tool. Tool’s efficiency depends on network’s connectivity. It can test 2000 passwords per minute on a local system.
In this tool the attacker can also carry out parallel attacks at one time. It allows one to crack passwords of multiple email accounts simultaneously. He can specify the username list along with the password list.
8. OphCrack
OphCrack is available for free which is a rainbow-table based tool for password cracking on Windows. It is a popular Windows password cracking tool which can also be used on Linux or Mac. It can crack LM and NTLM hashes. For cracking Windows 7, Vista or Windows XP, free rainbow-tables are made available.
A live CD of OphCrack is made available for the simplification of the cracking. One can utilize the Live CD of OphCrack to crack the Windows-based passwords. This tool is made available for free.
9. L0phtCrack
L0phtCrack serves as substitute to OphCrack. It makes various attempts on cracking Windows passwords from hashes. For cracking these passwords, it utilizes the primary controllers of domain, workstations (windows), network server, also Active Directory. It also makes use of dictionary attack and brute force attacking in guessing and generating of passwords. It became an acquisition to Symantec and discontinued in the year 2006. Later developers of L0pht again re-acquired it and launched their L0phtCrack in the year 2009.
It is available with an audit feature of schedule routine. One can set daily, weekly or monthly audit, it will still start scanning on the scheduled time.
L0phtCrack
10. Aircrack-NG
Aircrack-NG is a tool for cracking of WiFi passwords that can crack WPA or WEP passwords. It analyses wireless encrypted packets also then tries to crack the passwords with cracking its algorithm. The FMS attack is utilized with other useful attacking methods for cracking of passwords. It is available on Linux and Windows systems. CD of Aircrack is also made available live.
