CrackStation is a web-based service that is used for retrieving passwords by cracking their hashes. In order to do this, a user simply has to enter the hashes in the given text box. About twenty hashes that are non-salted can be added in one session. Dozens of hashing algorithms are supported here for instance whirlpool, sha512, md5-half, ripeMD160, NTLM, etc.
Once the user has added the hashes, he has to fill a CAPTCHA and click ‘Crack Hashes’. The website even offers its entire password-cracking dictionary for download free of cost. Some of its key features include No prior registration, fast service, user-friendly interface, user guide, page hit stats display, and contact team.
MDCrack is software that is used for testing the strength of the hashed passwords. It does so by performing brute force attacks on these passwords using algorithms such as APACHE, PHP, MD2, MD4, MD5, HMAC, and FreeBSD among many others. If a user doesn’t know the hash, he can make the software guess the hash or he can enable auto-detect. A password of up to 55 characters can be cracked easily if the user is using additional protection.
Although it is a password cracking tool, it may also be used for integer calculus. You can even monitor the output file by redirecting it to a Syslog server. While testing hashes, you can even add nonprintable characters with configurable charsets and salts. Some of its additional features include Custom notifications, use of cores for more speed, multithreading, keyboard shortcuts, powerful toolset, command-line options, stats display, and Zip package.
Password Cracker is a software for Windows that is used for recovering forgotten passwords for different software and websites that you use from the browser. This is a particularly helpful tool for those who use too many things at a time where each of them is protected by a complex but forgetful password. You can test and view websites by putting their links in the given spaces after which the passwords you had for them will be displayed to you as soon as you click ‘enable’.
Passwords for files and software are also retrieved in a similar fashion. You can even change the language of the software. Various international languages are supported here. Some of its main features include low storage, lightweight, portability, user help, simplistic design, recovery in IE mode, and user-friendly interface.
Brutus Password Cracker is a password cracking tool that is used for recovering passwords for websites and software. To use this, a user just has to paste the URL of the website or software in the ‘target’ section and select its time. They can even configure connections by setting the number of ports, connections, and the connection timeout. Even the sequence of these connections is manipulated with a number of attempts at maintaining the connection.
In the authentication options, they can enter pass mode, pass file, and user ID. The results are displayed below in separate compartments for target, type, user name, and password. All the operations performed on the input are displayed in real-time with an illustrative bar at the bottom. Some of its main features include pause, stop, and clear buttons, ability to use username, single-user highlight, user help, percentage display, file section, toolset, and coherent dashboard.
RainbowCrack is software that can crack any password hash by attacking them with a rainbow table. This works by decrypting the cryptographic data stored in the database. These rainbow tables are compatible with multiple hash algorithms and charset and can easily be generated, converted, and sorted. It can also boost NVIDIA and AMD GPU performance using the CUDA and Open CL technology respectively.
This application is totally portable so you don’t have to worry about reinstalling it on the new system on the new system. It is a much better alternative to the brute force password cracking as it provides more efficiency and value for time. Some of its formidable features include Linux and Windows compatibility, command-line options, low storage, rainbow support for raw and compact file format, and a graphical user interface.
THC Hydra is a powerful password cracking tool that can crack any password. It supports a vast array of protocols for password cracking such as Cisco AAA, FTP, HTTP-GET, oracle, RTSP, POP3, SSHKEY, and much more. This can also be used as a password strength checking tool by individuals and enterprises. To crack a password, you must submit it to the software or website. It is a password off in the ‘target’ section and then click ‘start’.
The output along with the operations performed are displayed in real-time. You can stop the operation by clicking the button of same and can also clear the output. The password is displayed without hash in no time. Simplistic design, user-friendly interface, tuning options, Vast OS compatibility, and command-line interface are some of its fundamental features.
Cain and Abel was a software cracking tool for Windows that could crack nearly any password no matter how powerful it was. The software used various methods to retrieve passwords. Apart from standard brute attacks on the software, it could perform packet snipping on the network. It also makes brute attacks and attacks through dictionaries and cryptanalysis to decode hashes.
The program was used to make cryptanalysis attacks that were executed through window tables. The hashes it could crack included NTLM, NTLMv2, APOP, MD2, SHA-1, and 2, among many others. It could decrypt scrambled passwords as well as recover storage and cached passwords. Some of its amazing features include hash calculation, VoIP conversation recording, tracerouting, LSA secret dumper, and ARP spoofing.
WFuzz is software that cracks software on web-based applications by performing brute force attacks on them. Furthermore, it can be used to find unlinked sources such as scripts and servlets. While performing Brute force attacks, users can get or set parameters for injections, password and user name research, and testing. They get the ability to perform multiple injections using different dictionaries.
Output is delivered in HTML with a colored format and can be hidden with regex, return codes, and word numbers, etc. A HEAD scan can be performed for quick resource research and HTTP methods can be used to perform Brute Force attacks. Multithreading, cookies testing, support for proxies, built-in dictionaries for famous applications, NTLM verification, and Sock support are some of its formidable features.
Medusa Password Cracker is a hacking tool that can get you into the personal account of anyone on any platform by cracking their software even when you don’t have their user name or have one but not the other. It uses a brute force mechanism to crack the passwords and supports dozens of modules some of which include MySQL, HTTP, rlogin, Telnet, and SMB, etc.
Once you have the important information to decode a password, you can also test it on the software before making official attempts. Multiple tests can be performed for different target passwords, usernames, and hosts at the same time. Some of its modest features include quick service, user help, graphical interface, user-friendly design, command-line options, and full extensibility support.
Hashcat is software that is used to recover lost and forgotten passwords. Among the techniques supported here for password recovery are Brute-force attack, Fingerprint attack, Rule-based Attack, Dictionary Attack, Table-Lookup attack, and Hybrid Attack among others. Some of the many hash algorithms supported on the platform include MD4, MD5, MySQL, Unix Crypt, and SHA-family, etc.
Not only this, you can decode multiple passwords on multiple devices at the same time and place. Users can read about targets in files and stdin and open/restore sessions. They can also perform tuning and add keyspace automatically with the help of markov chains. Some of its decent features include support for multiple operating systems, automation, open-source, benchmarking support, thermal watchdog, pause/resume button, and compatibility with hex salt and hex charset.
OClHashcat-Plus is software that recovers lost or forgotten passwords for you by decoding their hash. Apart from cracking passwords, you can even test the password strength on this platform. It offers multiple options to crack these passwords, from standard Brute Force attacks to dictionary attacks, mask attacks, rule-based attacks, combinatory attacks, and hybrid attacks.
OClHashcat-Plus is a better alternative oclHashcat for two main reasons: It performs the same performance with both slow and fast algorithms and it comes with a better architecture. The tool operates in GPU to perform fast and efficient password cracking. While simple dictionary attacks work well with fast algorithms like MD4/5, NTLM, etc. they pose a problem when it comes to moving data to GPU memory. You can opt for GPU rule-based attacks while dealing with fast algorithms. User-friendly interface and agile service are two of its alluring features.
L0phtCrack is software that is used for cracking the passwords on websites and applications. It can be used for testing the strength of your password. Among the methods supported for password recovery include brute force attacks, hybrid attacks, rainbow tables, and dictionary attacks. The strength of the password is rated from weak, to medium and strong.
The software’s interface consists of a table with a separate compartment for Domain, user name, original password, LM password, and the age of password where all the said details are displayed after a password is cracked. Some of its great features are run wizard, import from a sniffer, ability to monitor networks, hashes import, pause and resume buttons, and tasks scheduling.
Cryptohaze is a platform used for recovering hashed passwords by working with NVIDIA/AMD graphic cards, Intel/AMD CPUs, and OpenCL devices and improving their performance as well. Passwords are cracked with the help of ‘Cryptohaze Multiforcer’, a powerful tool that can target a good number of hashes at the same time. Among the many algorithms it support include LM, MD5, NTLM, and SHA1 whereas Multiforcer New (MFN) attacks hashed passwords with CPU, CUDA, and OpenCL support. Lastly, you can also crack codes by performing rainbow tables attacks. Some of its main features include open sourcing, network support, advanced toolset, ease of usage, fast service.
GoCrack is an application that is used for cracking passwords on any website and application. It allows multiple users to monitor different password recovery tasks. The roles, as well as access to places, are defined by the main user which cannot be violated by anyone. The app features a simple interface where the number of active workers, the tasks happening currently, and the number of total and free devices are displayed in real-time.
The main add button can create new tasks where the task ID, task name, and case code among other things. All the completed tasks or cases are saved on the platform where they can be revisited again. As users are working on a task, their progress is tracked and shown with real-time updates. This includes the percentage of passwords recovered, working speed, and the estimated time. Ease of usage, search engine, devices display, and graphical interface are some of its alluring features.
BarsWF is a tool that is used for cracking passwords on websites and apps. As of now, it only supports this service for MD5 hash algorithms. In addition to this, this tool can be used to test the strength of your password as well. Thus, this is of equal use to enterprises and individual users. The tool operates with your graphic card to decode hashes but in its absence, a multi-core processor will do as well. Compatibility is provided for both NVIDIA and AMD graphic cards here. Some of its noticeable features include a simple user interface, fast service, character specification through –X switch, user help, save/restore buttons, and open-sourcing.
OClHashcat-Lite is software that cracks hashes passwords by performing Brute Force Attack, Mask Attack, and Markov Attack. It is a lite version of OCIHashcat so it can only perform a single hash crack at a time. Among the hash algorithms supported here include MD5, MySQL, NTLM, SHA256, and SL3 among many others.
Vast scalability is provided here as the users can decode most of the supported algorithms that are up to 55 characters long. In contrast to OClHashcat and oclHashcat-plus, its distinguishing feature is the speed at which it cracks the passwords which are achieved by performing pure brute-force attacks on just a single hash. User-friendly design and user help are two of its alluring features.
Fern Wifi Cracker is a top-notch attack and wireless security auditing solution that gives you the opportunity to break and recover WPS/WEP/WPA keys and conduct attacks on other networks such as Ethernet or wireless. You will find that it has all the features needed to crack the target network, and there are no deficiencies whatsoever present within it. The solution has been developed using Python and its Qt GUI library, which allows the end-user to experience high efficiency while executing tasks. The features include Update Support, stores key in the database whenever an attack is successful, Session Hijacking, Bruteforce Attacks, Session hijacking comprising of Ethernet and passive modes, and more.
Reaver is the best-in-class tool that enables you to recover WPA/WPA2 passphrases from a Wifi Protected Setup registrar PINS by implementing a brute force attack against it. It is highly efficient and does its job with full accuracy. The tool has been tested against multiple WPS implementations and access points, and the results have been consistent, meaning you can be sure of achieving the desired results. The time it takes to recover a passphrase depends on the Access Points, but on average, it takes somewhere between 4-10 hours, allowing you to get your hands on the passphrase without waiting much longer.
cSploit is a feature-rich Android security kit that you can use to access any device hooked to your network. The purpose of the application, according to the developers, is to enable everyone to check their network security. You can use the provided tool kit to find if the network is consistent along with all the devices linked with that network. It comes packed with many features such as Metasploit, mapping of the internal network, DNS Spoofing, Built-in Traceroute, instantly scans the network, and recognizes devices connected to it, and many more. lastly, you can also use it to add hosts to the network
Wifite is a powerful automated wireless tool that can be used only on Linux operating systems. It was conceived to be utilized alongside Linux Pentesting distributions, including BlackBox, Kali Linux, and many more. Besides these, it is also capable of running with Fedora 16, Ubuntu 11 and 10, and Debian 6. An important piece of information is that it cannot run without root access. The reason for this is that it contains a collection of programs that require root. Other essentials that you must have are a wireless card and the relevant drivers with injection support and monitor mode.