#passwords

psudohash
sponsor
psudohash

Password list generator for orchestrating brute force attacks.

ThievingFox
ThievingFox

Post-exploitation tools to gather credentials from various password managers and Windows utilities.

Genzai
Genzai

Helps to identify IoT related dashboards and scan them for default passwords.

gittyleaks
gittyleaks

Find sensitive information for a git repo.

CUPP
CUPP

Common User Passwords Profiler.

mentalist
mentalist

Graphical tool for custom wordlist generation.

Infection Monkey
Infection Monkey

Test a data center's resiliency to perimeter breaches and internal server infection.

crowbar
crowbar

Brute forcing tool that support several uncommon protocols.

HasMySecretLeaked
HasMySecretLeaked

Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.

cerbrutus
cerbrutus

Network brute force tool, faster than other existing solutions.

wifi-bruteforcer-fsecurify
wifi-bruteforcer-fsecurify

Android application to brute force WiFi passwords without requiring a rooted device.

DeHashed
DeHashed

DeHashed provides free deep-web scans and protection against credential leaks.

spraykatz
spraykatz

Credentials gathering tool automating remote procdump and parse of lsass process.

HackBrowserData
HackBrowserData

Decrypt passwords/cookies/history/bookmarks from the browser.

LaZagne
LaZagne

Credentials recovery project.

Klyda
Klyda

Highly configurable script for dictionary/spray attacks against online web applications.

MSOLSpray
MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365).

Go365
Go365

Go365 performs user enumeration and password guessing attacks on organizations that use Office365.

KeePwn
KeePwn

A python script to help red teamers discover KeePass instances and extract secrets.

gorgo
gorgo

The vertasile multi-threaded password sprayer built on the shoulders of giants.

SocialPwned
SocialPwned

Allows to get the emails from a target published in social networks to find possible credentials.

sshLooterC
sshLooterC

It's the C version of sshLooter.

sshLooter
sshLooter

Script to steal passwords from ssh.

t14m4t
t14m4t

Automated brute-forcing attack tool.

ssh-auditor
ssh-auditor

The best way to scan for weak ssh passwords on your network.

LDAP Password Hunter
LDAP Password Hunter

Password Hunter in active directory.

h8mail
h8mail

Powerful and user-friendly password hunting tool.

Invoke-WCMDump
Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

Ciphey
Ciphey

Automates decryptions & decodings with encodings, classical ciphers, hashes, or more.

NetworkMiner
NetworkMiner

Network forensic analysis tool for Windows.

pypykatz
pypykatz

Mimikatz implementation in pure Python.

Responder
Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

jackdaw
jackdaw

Gather gather gather.

Vajra
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

ShadowSpray
ShadowSpray

Spray shadow credentials across an entire domain.

afrog
afrog

A vulnerability scanning tools for penetration testing.

brutespray
brutespray

Automatically attempts default creds on found services based on Nmap output.

ggshield
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

l0phtcrack
l0phtcrack

Crack Windows passwords from hashes.

mimikatz
mimikatz

A little tool to play with Windows security.

Ophcrack
Ophcrack

Windows password cracker based on rainbow tables.

dsniff
dsniff

Collection of tools for network auditing and penetration testing.

Cain and Abel
Cain and Abel

Password recovery tool for Microsoft Operating Systems.

OrbitalDump
OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool.

Medusa
Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer.

crackerjack
crackerjack

Hashcat Web Interface.

ADRT
ADRT

Active Directory Report Tool.

padding-oracle-attacker
padding-oracle-attacker

Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

default-http-login-hunter
default-http-login-hunter

Login hunter of default credentials for administrative web interfaces.

SharpHose
SharpHose

Asynchronous password spraying tool for Windows environments.

Words Scraper
Words Scraper

Selenium based web scraper to generate passwords list.

cstc
cstc

Burp Suite extension that allows request/response modification using a GUI.

JWTweak
JWTweak

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

Cr3dOv3r
Cr3dOv3r

Know the dangers of credential reuse attacks.

airbash
airbash

Fully automated WPA PSK PMKID and handshake capture script.

evil SSDP
evil SSDP

Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.

RouterSploit
RouterSploit

Exploitation framework for embedded devices.

leakScraper
leakScraper

Set of tools to process and visualize huge text files containing credentials.

Hash Buster
Hash Buster

Crack hashes in seconds.

SSH PuTTY login bruteforcer
SSH PuTTY login bruteforcer

A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.

AttackSurfaceMapper
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

Have i been pwned?
Have i been pwned?

Check if your email or phone is in a data breach.

DefaultPassword
DefaultPassword

Default passwords database sorted by manufacturers.

SprayCannon
SprayCannon

Fast multithreaded password spraying tool with backend database.

JWT4B
JWT4B

JWT Support for Burp Suite.

JOSEPH
JOSEPH

JavaScript Object Signing and Encryption Pentesting Helper.

SecLists
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

cariddi
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

JWT cracker
JWT cracker

JWT brute force cracker written in C.

jwt-heartbreaker
jwt-heartbreaker

Burp Suite extension to check JWT for using keys from known from public sources.

jwtear
jwtear

Modular command-line tool to parse, create and manipulate JWT tokens.

JWT Key ID Injector
JWT Key ID Injector

Simple python script to check against hypothetical JWT vulnerability.

jwt-hack
jwt-hack

JWT encoding/decoding, generates payloads for JWT attack and very fast cracking.

Default Credentials Cheat Sheet
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

changeme
changeme

A default credential scanner.

BruteX
BruteX

Automatically brute force all services running on a target.

lnkbomb
lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

Oh365UserFinder
Oh365UserFinder

O365 user enumeration and password spraying tool.

Depix
Depix

Recovers passwords from pixelized screenshots.

RainbowCrack
RainbowCrack

It crack hashes with rainbow tables.

CeWL
CeWL

Custom Word List Generator.

aircrack-ng
aircrack-ng

Complete suite of tools to assess WiFi network security.

wifite
wifite

Runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!

crunch
crunch

Wordlist generator where you can specify a character set or any set of characters to be used.

fcrackzip
fcrackzip

Zip password cracker.

Reaver
Reaver

Implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs.

cook
cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

John The Ripper
John The Ripper

Password cracker tool.

Hydra
Hydra

Very fast password cracking tool.

Patator
Patator

Multi-purpose brute-forcer, with a modular design and a flexible usage.

Hashcat
Hashcat

World's fastest and most advanced password recovery utility

JWT Tool
JWT Tool

A toolkit for testing, tweaking and cracking JSON Web Tokens.

EyeWitness
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

DumpsterDiver
DumpsterDiver

Tool to search secrets in various filetypes.