THC Hydra is extensible with the ability to easily install new modules. It is available for Windows, Linux, Free BSD, Solaris and OS X. THC Hydra is an online password-cracking tool that attempts to determine user credentials via brute-force password guessing attack.
It is also capable of supporting multi-stage authentication protocols and can attack up to sixty different targets in parallel. It was released back in October 2000.īrutus supports a number of different authentication types, including: This tool is free and is only available for Windows systems. It claims to be the fastest and most flexible password cracking tool. Brutusīrutus is one of the most popular remote online password-cracking tools. You can also download Openwall GNU/*/Linux that comes with John the Ripper.ĭownload John the Ripper here.
It goes beyond OS passwords to include common web apps (like WordPress), compressed archives, document files (Microsoft Office files, PDFs and so on), and more.Ī pro version of the tool is also available, which offers better features and native packages for target operating systems. John the Ripper offers password cracking for a variety of different password types.
John the Ripper is a well-known free open-source password cracking tool for Linux, Unix and Mac OS X. Cracking is optimized with integrated performance tuning and temperature monitoring.ĭownload Hashcat here.
Hashcat enables highly-parallelized password cracking with the ability to crack multiple different passwords on multiple different devices at the same time and the ability to support a distributed hash-cracking system via overlays. It is available on every operating system and supports over 300 different types of hashes. Hashcat is one of the most popular and widely used password crackers in existence. This post describes some of the most commonly used password-cracking tools. Most password-cracking or password finder tools enable a hacker to perform any of these types of attacks.
It starts by checking to see if a password can be cracked using a dictionary attack, then moves on to a brute-force attack if it is unsuccessful.
Taking a list of words and adding a few permutations - like substituting $ for s - enables a password cracker to learn a lot of passwords very quickly.
Instead, authentication systems store a password hash, which is the result of sending the password - and a random value called a salt - through a hash function. This would make it far too easy for a hacker or a malicious insider to gain access to all of the user accounts on the system. A well-designed password-based authentication system doesn’t store a user’s actual password.