credmap: The Credential Mapper
Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites...
Category: Password Attacks
wildPwn: Brute forcer and shell deployer for WildFly
wildPwn – WildFly Exploitation Tool It is a tool for WildFly. The tool can be used to brute force or shell deploy. wildPwn.war contains modified Laudanum Shell. userList.txt contains common usernames and passList.txt contains common passwords....
TheDoc: SQLMAP automator with built in admin finder, hash cracker
TheDoc is a simple but very useful SQLMAP Automator with built-in admin finder, hash cracker(using hashcat) and more! Abilities: Counts total injections tried. Crawls given domain for vulnerabilities. Extracts Database...
Passhunt: searching of default credentials for network devices, web applications
Passhunt Passhunt is a simple tool for searching for default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords. How to install?...
cheetah-gui: fast brute force webshell password tool
Cheetah is a dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey. Cheetah’s working principle is that it can submit a large number of detection...
rid enum: null session RID cycle attack for brute forcing domain controllers
RID ENUM – A simple open source method for performing null session brute forces Rid Enum is a RID cycling attack that attempts to enumerate user accounts through null sessions...
usernamer: generate usernames/logins based on supplied names
usernamer usernamer is a penetration testing tool to generate a list of possible usernames/logins for a determined name (ex: John Doe Doeson) for user enumeration or bruteforcing. This tool also...
cracke-dit: perform regular password audits against Active Directory environments
cracke-dit (“Cracked It”) makes it easier to perform regular password audits against Active Directory environments. Ensuring your users have strong passwords throughout the organization is still your best line of defense against...
dymerge: dynamic dictionary merger
DyMerge A simple, yet powerful tool – written purely in python – which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition...
ophcrack v3.8 released, A windows password cracker
ophcrack (Time-Memory-Trade-Off-Crack) Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It...
bitcracker: open source password cracking tool for memory units encrypted with BitLocker
BitCracker BitCracker is the first open source password cracking tool for memory units (Hard Disk, USB Pendrive, SD card, etc…) encrypted with BitLocker, an encryption feature available on Windows Vista, 7,...
nozzlr: bruteforce framework
Nozzlr v1.1 Nozzlr is a multithread bruteforcer, truly modular and script-friendly. The other bruteforce tools are amazing, but the hardcoded parameters make it painful to script over complex tasks. Nozzlr...
wordsmith: creating tailored wordlists
wordsmith.rb The aim of Wordsmith is to assist with creating tailored wordlists and usernames that are primarily based on geolocation. Authors: @kawabungah & @porterhau5. Wild West Hackin’ Fest 2017 presentation. Wordsmith Parsers project: https://github.com/skahwah/wordsmith_parsers. Installation...
radiocarbon: Leak File Analyzer
What is RadioCarbon? Typically you get leaked credentials that look like the list in the following screenshot. They consist of email addresses or usernames, cleartext passwords or password hashes. The...
naive-hashcat: Crack password hashes without the fuss
Naive Hashcat Crack password hashes without the fuss. Naive hashcat is a plug-and-play script that is pre-configured with naive, empirically-tested, “good enough” parameters/attack types. Run hashcat attacks using ./naive-hashcat.sh without having to...
