Category: Password Attacks
wordsmith.rb The aim of Wordsmith is to assist with creating tailored wordlists and usernames that are primarily based on geolocation. Authors: @kawabungah & @porterhau5. Wild West Hackin’ Fest 2017 presentation. Wordsmith Parsers project: https://github.com/skahwah/wordsmith_parsers. Installation Start by cloning the...
What is RadioCarbon? Typically you get leaked credentials that look like the list in the following screenshot. They consist of email addresses or usernames, cleartext passwords or password hashes. The problem with those leaked...
Naive Hashcat Crack password hashes without the fuss. Naive hashcat is a plug-and-play script that is pre-configured with naive, empirically-tested, “good enough” parameters/attack types. Run hashcat attacks using ./naive-hashcat.sh without having to know what is going...
PassGAN This repository contains code for the PassGAN: A Deep Learning Approach for Password Guessing paper. The model from PassGAN is taken from Improved Training of Wasserstein GANs and it is assumed that the authors of PassGAN used...
lyncsmash a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations Note: these tools will not work with Skype/Lync installations hosted at Microsoft. Download git clone https://github.com/nyxgeek/lyncsmash.git scripts lyncsmash.py...
PowerSniper Password spraying script and helper for creating password lists. The Python script uses configurable parameters to extract complex passwords from a password list such as rockyou.txt. It then analyzes the Damerau-Levenshtein distance between...
SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time. Features Brute forces both version 1 and version 2c...
Nmap is a network connection scanning software, used to scan the Internet computer open network connection. Determine which services are running on those connections, and infer which operating system the computer is running (which...
Wavecrack A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Outline This Web application can be used to launch asynchronous password cracks with hashcat. The interface tries...
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper. Install Linux (APT...
gocrack GoCrack provides APIs to manage password cracking tasks across supported cracking engines. Building GoCrack From source Prerequisites Linux (Ubuntu 16.04+ although other distributions may work) or MacOS Computer(s) with NVIDIA or AMD GPUs...
SMB reverse brute Performs a 2 password reverse bruteforce against any hosts with NULL SMB sessions that allow RID cycling for usernames. Takes a hostlist file or a Nmap XML output file as input....
ROCA detection tool This tool is related to ACM CCS 2017 conference paper #124 Return of the Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli. It enables you to test public RSA keys for...
pentest-machine Automates some pentesting work via a nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first....
Hakku Framework What is Hakku Framework? Hakku is a simple framework that has been made for penetration testing tools. Hakku framework offers simple structure, basic CLI, and useful features for penetration testing tools developing....