Talon Talon is a tool designed to perform automated password guessing attacks while remaining undetected. It can enumerate a list of users to identify which users are valid, using Kerberos. Talon can also perform...
Narthex Narthex (Greek: Νάρθηξ, νάρθηκας) is a modular & minimal dictionary generator for Unix and Unix-like operating system written in C and Shell. It contains autonomous Unix-style programs for the creation of personalised dictionaries...
Kraken: A multi-platform distributed brute-force password cracking system What is Kraken Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator-based cracking across multiple...
BruteLoops A dead-simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. A “modular” example is included with the library that demonstrates how to use this package. It’s fully...
THC-Hydra is a very fast (multi-threaded) network logon cracker which supports many different services: AFP, Cisco, cisco-enable, CVS, Firebird, ftp, http-get, http-head, http-proxy, https-get, https-head, https-form-get, https-form-post, ICQ, IMAP, IMAP-NTLM, ldap2, ldap3, MySQL, mysql,...
COOK A customizable wordlist and password generator. USAGE cook -start admin,root -sep _,- -end secret,critical start:sep:end cook admin,root:_,-:secret,critical Predefined Extentions Sets Use archive for .rar, .7z, .zip, .tar, .tgz, … Use web for .html, .php, .aspx, .js,...
haiti A CLI tool (and library) to identify hash types (hash type identifier). Features 442+ hash types detected Modern algorithms supported (SHA3, Keccak, Blake2, etc.) Hashcat and John the Ripper references CLI tool &...
Weakpass rule-based online generator The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account,...
TREVORspray A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API Microsoft is getting better and better about blocking password spraying attacks against O365. TREVORspray can solve this by proxying its requests through an...
LDAP Password Hunter It happens that due to legacy services requirements or just bad security practices passwords are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter...
