Password Cracking

April 13, 2025, 6:40 a.m.

Yes, this is from ChatGPT. I wanted to throw this up and then go through some of these that I have never used before and maybe give a review.

🧠 General Cracking Frameworks

  • Hashcat – Fast and flexible GPU-accelerated password cracker supporting many hashing algorithms.

  • John the Ripper (JtR) – Versatile password cracker with extensive hash format support and wordlist/rule-based modes.

  • Hydra (THC-Hydra) – High-speed online brute-force tool for cracking network authentication (SSH, FTP, HTTP, etc.).

  • Medusa – Parallel, modular online password brute-forcer similar to Hydra but optimized for speed.

  • Ncrack – Network authentication cracking tool developed by the Nmap team, useful for services like RDP, SSH, and Telnet.

πŸ” Offline Hash Cracker

  • CrackStation – Web-based hash cracking service using massive precomputed wordlists.

  • Hash-Identifier – CLI tool to identify the hash type based on pattern recognition.

  • hashID – Python tool to identify hash types with regex matching and format suggestions.

πŸ“– Wordlist Utilities & Generators

  • Crunch – Custom wordlist generator that lets you define character sets, lengths, and patterns.

  • CeWL – Spider that crawls websites to generate custom wordlists from real content.

  • CupP – Common User Passwords Profiler, generates targeted wordlists based on victim profiling.

  • Mentalist – GUI-based tool for generating complex custom wordlists interactively.

πŸ”„ Combinators & Rules

  • Princeprocessor – Hashcat’s PRINCE algorithm tool to combine words into permutations of natural passwords.

  • Combinator.bin – Hashcat utility to combine two wordlists into all possible two-word combinations.

  • Rli (rli.py) – Rule-based line filter from the KoreLogic toolkit, useful for custom rule applications.

πŸ“¦ Hash Collection / Extraction

  • Mimikatz – Post-exploitation tool for extracting Windows credentials (hashes, tickets, plaintext).

  • LaZagne – Cross-platform tool to extract stored passwords from browsers, mail clients, and more.

  • fcrackzip – Password recovery tool for encrypted zip files.

  • John’s zip2john, pdf2john, rar2john – Tools to extract hash data from protected files for cracking with John.

🧰 Web-Specific

  • Burp Suite (with extensions) – Intercepting proxy with tools like “Turbo Intruder” for login brute-forcing.

  • WFuzz – Web fuzzer that can brute-force login forms, parameters, and directories.

  • Patator – Multi-purpose brute-force tool supporting many protocols and login mechanisms, including web.

🐍 Scripting / APIs

  • pyHashcat / pyrit (legacy) – Python wrappers around cracking tools for automation or custom cracking workflows.

  • Hydra-Wrapper / Medusa-Wrapper – Scripts that make large-scale credential spraying easier to manage.