#passwords

psudohash on offsec.tools
Sponsor
psudohash

Password list generator for orchestrating brute force attacks.

brutespray on offsec.tools
Featured
brutespray

Automatically attempts default creds on found services based on Nmap output.

wifi-bruteforcer-fsecurify on offsec.tools
wifi-bruteforcer-fsecurify

Android application to brute force WiFi passwords without requiring a rooted device.

DeHashed on offsec.tools
DeHashed

DeHashed provides free deep-web scans and protection against credential leaks.

spraykatz on offsec.tools
spraykatz

Credentials gathering tool automating remote procdump and parse of lsass process.

HackBrowserData on offsec.tools
HackBrowserData

Decrypt passwords/cookies/history/bookmarks from the browser.

LaZagne on offsec.tools
LaZagne

Credentials recovery project.

Klyda on offsec.tools
Klyda

Highly configurable script for dictionary/spray attacks against online web applications.

MSOLSpray on offsec.tools
MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365).

Go365 on offsec.tools
Go365

Go365 performs user enumeration and password guessing attacks on organizations that use Office365.

KeePwn on offsec.tools
KeePwn

A python script to help red teamers discover KeePass instances and extract secrets.

gorgo on offsec.tools
gorgo

The vertasile multi-threaded password sprayer built on the shoulders of giants.

SocialPwned on offsec.tools
SocialPwned

Allows to get the emails from a target published in social networks to find possible credentials.

sshLooterC on offsec.tools
sshLooterC

It's the C version of sshLooter.

sshLooter on offsec.tools
sshLooter

Script to steal passwords from ssh.

t14m4t on offsec.tools
t14m4t

Automated brute-forcing attack tool.

ssh-auditor on offsec.tools
ssh-auditor

The best way to scan for weak ssh passwords on your network.

LDAP Password Hunter on offsec.tools
LDAP Password Hunter

Password Hunter in active directory.

h8mail on offsec.tools
h8mail

Powerful and user-friendly password hunting tool.

Invoke-WCMDump on offsec.tools
Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

Ciphey on offsec.tools
Ciphey

Automates decryptions & decodings with encodings, classical ciphers, hashes, or more.

NetworkMiner on offsec.tools
NetworkMiner

Network forensic analysis tool for Windows.

pypykatz on offsec.tools
pypykatz

Mimikatz implementation in pure Python.

Responder on offsec.tools
Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

jackdaw on offsec.tools
jackdaw

Gather gather gather.

Vajra on offsec.tools
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

ShadowSpray on offsec.tools
ShadowSpray

Spray shadow credentials across an entire domain.

afrog on offsec.tools
afrog

A vulnerability scanning tools for penetration testing.

ggshield on offsec.tools
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

l0phtcrack on offsec.tools
l0phtcrack

Crack Windows passwords from hashes.

mimikatz on offsec.tools
mimikatz

A little tool to play with Windows security.

Ophcrack on offsec.tools
Ophcrack

Windows password cracker based on rainbow tables.

dsniff on offsec.tools
dsniff

Collection of tools for network auditing and penetration testing.

Cain and Abel on offsec.tools
Cain and Abel

Password recovery tool for Microsoft Operating Systems.

OrbitalDump on offsec.tools
OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool.

Medusa on offsec.tools
Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer.

crackerjack on offsec.tools
crackerjack

Hashcat Web Interface.

ADRT on offsec.tools
ADRT

Active Directory Report Tool.

padding-oracle-attacker on offsec.tools
padding-oracle-attacker

Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

default-http-login-hunter on offsec.tools
default-http-login-hunter

Login hunter of default credentials for administrative web interfaces.

SharpHose on offsec.tools
SharpHose

Asynchronous password spraying tool for Windows environments.

Words Scraper on offsec.tools
Words Scraper

Selenium based web scraper to generate passwords list.

cstc on offsec.tools
cstc

Burp Suite extension that allows request/response modification using a GUI.

JWTweak on offsec.tools
JWTweak

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

Cr3dOv3r on offsec.tools
Cr3dOv3r

Know the dangers of credential reuse attacks.

airbash on offsec.tools
airbash

Fully automated WPA PSK PMKID and handshake capture script.

evil SSDP on offsec.tools
evil SSDP

Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.

RouterSploit on offsec.tools
RouterSploit

Exploitation framework for embedded devices.

leakScraper on offsec.tools
leakScraper

Set of tools to process and visualize huge text files containing credentials.

Hash Buster on offsec.tools
Hash Buster

Crack hashes in seconds.

SSH PuTTY login bruteforcer on offsec.tools
SSH PuTTY login bruteforcer

A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.

AttackSurfaceMapper on offsec.tools
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

Have i been pwned? on offsec.tools
Have i been pwned?

Check if your email or phone is in a data breach.

DefaultPassword on offsec.tools
DefaultPassword

Default passwords database sorted by manufacturers.

SprayCannon on offsec.tools
SprayCannon

Fast multithreaded password spraying tool with backend database.

JWT4B on offsec.tools
JWT4B

JWT Support for Burp Suite.

JOSEPH on offsec.tools
JOSEPH

JavaScript Object Signing and Encryption Pentesting Helper.

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

cariddi on offsec.tools
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

JWT cracker on offsec.tools
JWT cracker

JWT brute force cracker written in C.

jwt-heartbreaker on offsec.tools
jwt-heartbreaker

Burp Suite extension to check JWT for using keys from known from public sources.

jwtear on offsec.tools
jwtear

Modular command-line tool to parse, create and manipulate JWT tokens.

JWT Key ID Injector on offsec.tools
JWT Key ID Injector

Simple python script to check against hypothetical JWT vulnerability.

jwt-hack on offsec.tools
jwt-hack

JWT encoding/decoding, generates payloads for JWT attack and very fast cracking.

Default Credentials Cheat Sheet on offsec.tools
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

changeme on offsec.tools
changeme

A default credential scanner.

BruteX on offsec.tools
BruteX

Automatically brute force all services running on a target.

lnkbomb on offsec.tools
lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

Oh365UserFinder on offsec.tools
Oh365UserFinder

O365 user enumeration and password spraying tool.

Depix on offsec.tools
Depix

Recovers passwords from pixelized screenshots.

RainbowCrack on offsec.tools
RainbowCrack

It crack hashes with rainbow tables.

CeWL on offsec.tools
CeWL

Custom Word List Generator.

aircrack-ng on offsec.tools
aircrack-ng

Complete suite of tools to assess WiFi network security.

wifite on offsec.tools
wifite

Runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!

crunch on offsec.tools
crunch

Wordlist generator where you can specify a character set or any set of characters to be used.

fcrackzip on offsec.tools
fcrackzip

Zip password cracker.

Reaver on offsec.tools
Reaver

Implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs.

cook on offsec.tools
cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

John The Ripper on offsec.tools
John The Ripper

Password cracker tool.

Hydra on offsec.tools
Hydra

Very fast password cracking tool.

Patator on offsec.tools
Patator

Multi-purpose brute-forcer, with a modular design and a flexible usage.

Hashcat on offsec.tools
Hashcat

World's fastest and most advanced password recovery utility

JWT Tool on offsec.tools
JWT Tool

A toolkit for testing, tweaking and cracking JSON Web Tokens.

EyeWitness on offsec.tools
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

DumpsterDiver on offsec.tools
DumpsterDiver

Tool to search secrets in various filetypes.