Today Hackingloops has came up with list of best password hacking softwares for Penetration testing. We have reviewed lot of Password hacking tools available for ethical hackers or Penetration testers and came up with list of best password hacking tools for Penetration testers. These tools are created for the sole purpose of security awareness and education, they should not be used against systems that you do not have permission to test or attack.
List contains password hacking tools of all genres from hacking an operating system password to hacking web application authentication vulnerabilities. Most of Password hacking tools are open source or free versions, so anybody can download them and try them for Penetration Testing.
Best Password Hacking Softwares for Penetration Testers :
1. John the Ripper : John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS.
Download: John the Ripper
2. FSCrack : FSCrack is a front end for John the Ripper (JtR) that provides a graphical user interface (GUI) for access to most of JtR’s functions.
JtR is described as follows “John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt (3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.”
Download : FSCrack
3. Cain & Abel : Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.
Download : Cain & Abel
4. CacheDump : CacheDump is a tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). This tool also explains the technical issues underneath Windows password cache entries, which are undocumented by Microsoft.
Download : CacheDump
5. Hydra : A very fast network logon cracker which support many different services.Number one of the biggest security holes are passwords, as every password security study shows.
Download : Hydra
6. Medusa : Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.
7. NCrack : Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Download : NCrack
8. RainbowCrack : RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.
Download : RainbowCrack
9. OphCrack : Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
Download : OphCrack
10. phrasen|drescher : phrasen|drescher is a cracking tool used for the purpose of finding the pass phrase for RSA or DSA keys as they would be used by SSH for instance. It performs wordlist and rule based attacks against the key. The tool can be used on multiple keys at once and is known to run on FreeBSD, NetBSD, OpenBSD, MacOS and Linux.
Download : phrasen|drescher
11. Crunch : My favourite word list generator. Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. Crunch can generate all possible combinations and permutations that you specify.
Download : Crunch
12. FCrackZip : FCrackZip is a zip password cracker. Naturally, programs are born out of an actual need. The situation with fcrackzip was no different… I’m not using zip very much, but recently I needed a password cracker. Tried this one and boom, one of best zip brute forcer. It searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.
Download : FCrackZip
13. EnumIAX : EnumIAX is an Inter Asterisk Exchange version 2 (IAX2) protocol username brute-force enumerator. enumIAX may operate in two distinct modes; Sequential Username Guessing or Dictionary Attack.
Download : EnumIAX
14. Bruter : Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Download : Bruter
15. BruteSSH or ScanSSH : These tools were developed to test SSH servers in penetration tests. The first two scripts are:
a. Brutessh: Is a tool to perform dictionary attacks to the SSH servers, it’s a simple tool, you set the target server, target account, wordlist, port and wait.
b. Scanssh: This tools will allow to perform an internal network portscanning through an SSH server with port forwarding enabled, and can automatically map open ports to local host.
Download : BruteSSH or ScanSSH
16. SSHatter : SSHatter uses a brute force technique to determine how to log into an SSH server. It rigorously tries each combination in a list of usernames and passwords to determine which ones successfully log in.
Download : SSHatter
17. Wyd : Wyd project is a password profiler. In current IT security environments, files and services are often password protected. In certain situations it is required to get access to files and/or data even when they are protected and the password is unknown. wyd.pl was born of those two of situations:
a. A penetration test should be performed and the default wordlist does not contain a valid password
b. During a forensic crime investigation a password protected file must be opened without knowing the the password.
Download : Wyd
18. Lodowep : Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system. The tool supports both session- and basic-authentication. It runs 20 simultaneous connection guessing passwords specified in a dictionaryfile against the supplied userfile. The tool is written in java and is released under the GPL version 2.
Download : Lodowep
That’s all friends ! You can crack almost all passwords using above Password Hacking Penetration Testing tools. If you know about more tools feel free to share with us. I will review them and add to our Best Password Hacking Softwares List for Penetration testers.
Want to show gratitude, just visit our sponsors.