Password Cracker

Takes passwords to plaintext, via various means (usually bruteforce)

wifite

wifite is a tool to attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the "set it and forget it" wireless auditing tool.

Features
sorts targets by signal strength (in dB); cracks closest access points first
automatically de-authenticates clients of hidden networks to reveal SSIDs
numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
customizable settings (timeouts, packets/sec, etc)
"anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
all captured WPA handshakes are backed up to wifite.py's current directory
smart WPA de-authentication; cycles between all clients and broadcast deauths
stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
displays session summary at exit; shows any cracked keys
all passwords saved to cracked.txt
built-in updater: ./wifite.py -upgrade

Requirements
linux operating system (confirmed working on Backtrack 5, BackBox, BlackBuntu, Pentoo, Ubuntu 8.10 (BT4R1), Ubuntu 10.04, Debian 6, Fedora 16)
tested working with python 2.6.x, and python 2.7.x,
wireless drivers patched for monitor mode and injection. Most security distributions (Backtrack, BlackBuntu, etc) come with wireless drivers pre-patched,
aircrack-ng (v1.1) suite

Execution
download the latest version:
wget -O wifite.py http://wifite.googlecode.com/svn/trunk/wifite.py

change permissions to executable:
chmod +x wifite.py

execute:
python wifite.py

or, to see a list of commands with info:
./wifite.py -help

Wi-fEye

Wi-fEye is an automated wirelress penetration testing tool written in python , its designed to simplify common attacks that can be performed on wifi networks so that they can be executed quickly and easily.

Wifi has three main menus :
Cracking menu: contains attacks that could allow us to crack wifi passwords weather is WEP , WPA or WPA2:
Enable monitor mode
View avalale Wireless Networks
Launch Airodump-ng on a specific AP
WEP cracking: here you can perform a number of attacks to crack WEP passwords :
Interactive packet replay.
Fake Authentication Attack.
Korek Chopchop Attack.
Fragmentation Attack.
Hirte Attack (cfrag attack).
Wesside-ng.

WPA Cracking: here you can perform a number of attacks to crack WPA passwords , this menu is devided into two sections:
launch a brute force attack against a WPS-enabled network to crack WPA/WPA2 without a dictionary.
Obtain handshake: This will automatically attempt to obtain the handshake
Cracking: After obtaining the handshake or if you have the handshake ready then you can attempt to crack it in this section , you can choose to use you wordlist straight away with aircrack-ng or you can add to a table and then crack the password.

MITM: this menu will allow you to do the following Automatically:
Enable IP forwarding.
ARP Spoof.
Launch ettercap (Text mode).
Sniff SSL/HTTPS traffic.
Sniff URLs and send them to browser.
Sniff images.
DNS Spoof.
HTTP Session Hijacking (using Hamster).

Others: this menu will allow you to o the following automatically:
Change MAC Address.
Create a fake access point.
Hijack software updates (using Evilgrade).

JBrute

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios.
Java Runtime version 1.7 or higher is required for running JBrute.

Muli-platform support (by Java VM)
Several hashing algorithms supported
Flexible chained hashes decryption (like MD5(SHA1(MD5())))
Both brute force and dictionary decryption methods supported
Build-In rule pre-processor for dictionary decryption
Multi-threading support for both brute force decryption and dictionary decryption

Supported algorithms:
MD5
MD4
SHA-256
SHA-512
MD5CRYPT
SHA1
ORACLE-10G
ORACLE-11G
NTLM
LM
MSSQL-2000
MSSQL-2005
MSSQL-2012
MYSQL-322
MYSQL-411
POSTGRESQL
SYBASE-ASE1502
INFORMIX-1170

Author: Gonzalo L. Camino
Icon Art: Ivan Zubillaga
Made in: Argentina

MorxCrack

MorxCrack is a cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords.

As of version 1.2 MorXCrack supports the following algorithms:
MD5
MD5 (Twice)
MD5 (PasswordSalt)
MD5 (SaltPassword)
SHA1
SHA1 (Twice)
SHA1 (PasswordSalt)
SHA1 (SaltPassword)
SHA2 (256 Bits)
SHA2 (512 Bits)
MySQL (4.1+)
Crypt UNIX (Shadow)

And the following CMS:
Joomla
Wordpress (PHPass)
vBulletin
InvisionPowerBoard

Author:
Simo Ben youssef

Requirements:
Tested on Perl 5 (Might work on older versions).

Required modules:
Digest::MD5
Digest::SHA

Install if missing:
perl -MCPAN -e ‘install Digest::SHA’
perl -MCPAN -e ‘install Digest::MD5?

Usage:
Usage for non-salted passwords:
perl morxcrack.pl <’hash’>
perl morxploit md5 ’83583d2b5ea4078b9b83f82254e5d564? wordlist.txt

Usage for salted passwords:
perl morxcrack.pl <’hash’>
perl morxploit.pl joomla ‘a87248e5fc69972804f5bb93c873ee9d’ wordlist.txt 9W11uZafPxbe9xpL

Example:
Test on a Pentium(R) Dual-Core CPU T4500 @ 2.30GHz * 2 processor using md5 and a 3917096 wordlist (43.4 MB):

perl morxcrack.pl md5 ’83583d2b5ea4078b9b83f82254e5d564? all.txt
[*] Hashed password set to 83583d2b5ea4078b9b83f82254e5d564
[*] Algorithm/CMS set to md5
[*] Wordlist set to all.txt
[+] Cracking …
############################################################
# [+] Your password is morxploit
# [+] found at line 3917096
# [+] Job took 16 seconds
############################################################

TODO:
Add support for more algorithms and CMS

Beleth

Beleth is a fast multi-threaded SSH password auditing tool. Per some internet websites, it out performs Ncrack and THC-Hydra in speed.

Source:
$ git clone https://github.com/chokepoint/Beleth.git
$ cd beleth
$ make

Usage: ./beleth [OPTIONS]
-c [payload] Execute payload on remote server once logged in
-h Display this help
-l [threads] Limit threads to given number. Default: 4
-p [port] Specify remote port
-t [target] Attempt connections to this server
-u [user] Attempt connection using this username
-v -v (Show attempts) -vv (Show debugging)
-w [wordlist] Use this wordlist. Defaults to wordlist.txt

Example:
$ ./beleth -l 15 -t 127.0.0.1 -u stderr -w wordlist.txt
+-----------------------------------------+
| Beleth |
| www.chokepoint.net |
+-----------------------------------------+
[*] Read 25 passwords from file.
[*] Starting task manager
[*] Spawning 15 threads
[*] Starting attack on root@127.0.0.1:22
[*] Authentication succeeded (root:jesus@127.0.0.1:22)
[*] Executing: uname -a
[*] Linux eclipse 3.2.0-4-686-pae #1 SMP Debian 3.2.46-1+deb7u1 i686 GNU/Linux
[*] Cleaning up child processes.

Multi-threaded design
There are a couple of different options available for developers when coming up with multi-threaded design on Linux based systems using C. Two of the most popular are fork() and pthread_create(). Fork() differs from pthread_create() in that address space is not shared between the parent and child threads. Instead, a complete copy of the parent's address, code, and stack spaces are created for the child process. In order to keep dependencies to a minimum, I decided to go with a standard fork design.

Inter-process Communication (IPC)
Again, there are many options for developers when it comes to IPC as well. Below is a list of only some of the available options.

SkyJack

SkyJack (available from github) is primarily a perl application which runs off of a Linux machine, runs aircrack-ng in order to get its wifi card into monitor mode, detects all wireless networks and clients around, deactivates any clients connected to Parrot AR.drones, connects to the now free Parrot AR.Drone as its owner, then uses node.js with node-ar-drone to control zombie drones.

I (the author, Samy Kamkar) detect drones by seeking out any wireless connections from MAC addresses owned by the Parrot company, which you can find defined in the Registration Authority OUI.

aircrack-ng
I use aircrack-ng to put our wireless device into monitor mode to find our drones and drone owners. I then use aireplay-ng to deauthenticate the true owner of the drone I'm targeting. Once deauthenticated, I can connect as the drone is waiting for its owner to reconnect.

node-ar-drone
I use node-ar-drone to control the newly enslaved drone via Javascript and node.js.

Hardware
Parrot AR.Drone 2
The Parrot AR.Drone 2 is the drone that flies around seeking other drones, controlled from an iPhone, iPad or Android, and is also the type of drone SkyJack seeks out in order to control. SkyJack is also capable of seeking out Parrot AR.Drone version 1.

The Parrots actually launch their own wireless network which is how the owner of the drone connects. We take over by deauthenticating the owner, then connecting now that the drone is waiting for its owner to connect back in, exploiting the fact that we destroyed their wireless connection temporarily.

Raspberry Pi
I use a Raspberry Pi to drive the project as it's inexpensive, reasonably light, has USB, and runs Linux.

Alfa AWUS036H wireless adapter
I use the Alfa AWUS036H wireless card which supports raw packet injection and monitor mode which allow me to deauthenticate users who are legitimately connected to their drones.

Edimax EW-7811Un wireless adapter

against.py

Against is a very fast ssh attack script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks in parallel (multiprocessing) all discovered hosts or given ip addresses from a list.

Authored by pigtail23 | Site nullsecurity.net
Updated: Feb 28, 2014
Changes: Honeypot detection, optimizations, detection for key authentication, and much more.

#!/usr/bin/env python
# -*- coding: latin-1 -*- ######################################################
#                ____                     _ __                                 #
#     ___  __ __/ / /__ ___ ______ ______(_) /___ __                           #
#    / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // /                           #
#   /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, /                            #
#                                            /___/ team                        #
#                                                                              #
# against.py - mass scanning and brute-forcing script for ssh                  #
#                                                                              #
# FILE                                                                         #
# against.py                                                                   #
#                                                                              #
# DATE                                                                         #
# 2014-02-27                                                                   #
#                                                                              #
# DESCRIPTION                                                                  #
# 'against.py' is a very fast ssh attacking script which includes a            #
# multithreaded port scanning module (tcp connect) for discovering possible    #

sshtrix

sshtrix is a very fast multithreaded SSH login cracker. It supports SSHv1 and SSHv2. sshtrix was designed to automate rapid bruteforce attacks against SSH authentification screens. Unlike other public tools, the aim is to keep it simple, stable, fast and modular. With its clean code design, it is easy to extend the code to a framework or to fork it against protocols of your choice.
Created by Justin Grevich at UC San Diego

/* help and usage */
void usage()
{
printf("usage:\n\n\
sshtrix -h/-I/-R -m [options]\n\
sshtrix -h/-I/-R -l/-L -k/-K [options]\n\
\noptions:\n\n\
-h - target host to attack (default nsa.gov)\n\
-I - define target ip address range\n\
(e.g.: 192.168.0.1-192.168.0.254)\n\
-R - target list filename (one host per line). can also contain\n\
port numbers seperated with colon (e.g. noptrix.net:1337)\n\
-p - SSH server port (default 22)\n\
-m - colon separated login file (e.g. user:pass)\n\
-l - user list (one username per line)\n\
-k - pass list (one password per line)\n\
-L - username string\n\
-K - password string\n\
-D - use sshtrix's default wordlist for usernames and passwords\n\
-O - print out sshtrix's default wordlist and number of entries\n\
-c - connect timeout (default 3s)\n\
-w - delay before next try (default 0s)\n\
-t - num threads of parallel connects (default 4)\n\
-f - write found login pairs to file (default stdout)\n\
-e - exit after first valid login (default off)\n\
-s - print found logins immediatelly (default off)\n\
-v - verbose mode (default quiet)\n\
-V - show sshtrix version\n\
-H - show help and usage\n\n");
printf("examples:\n\n\

ssl-crack

#!/bin/bash
################################################################################
#                ____                     _ __                                 #
#     ___  __ __/ / /__ ___ ______ ______(_) /___ __                           #
#    / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // /                           #
#   /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, /                            #
#                                            /___/ team                        #
#                                                                              #
# ssl-crack.sh - wordlist-based encrypted SSL and SSH Private Key Passphase    #
# Cracker                                                                      #
#                                                                              #
# FILE                                                                         #
# ssl-crack.sh                                                                 #
#                                                                              #
# DATE                                                                         #
# 2013-08-31                                                                   #
#                                                                              #
# DESCRIPTION                                                                  #
# Loads a wordlist file into memory and reveals the password for the RSA       #
# encrypted private SSL / SSH key                                              #
#                                                                              #
# AUTHOR                                                                       #
# TheXero                                                                      #
#                                                                              #
################################################################################

hwk

hwk is an easy-to-use wireless authentication and deauthentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes. Information gathering is selected by default and shows the incoming traffic indicating the packet types.

/*******************************************************************************
 *                ____                     _ __                                *
 *     ___  __ __/ / /__ ___ ______ ______(_) /___ __                          *
 *    / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // /                          *
 *   /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, /                           *
 *                                            /___/ team                       *
 *                                                                             *
 * README                                                                      *
 *                                                                             *
 * DATE                                                                        *
 * 8/03/2013                                                                   *
 *                                                                             *
 * AUTHOR                                                                      *
 * atzeton - <a href="http://www.nullsecurity.net/" title="http://www.nullsecurity.net/">http://www.nullsecurity.net/</a>                                      *
 *                                                                             *
 * LICENSE                                                                     *
 * GNU GPLv2, see COPYING                                                      *
 *                                                                             *
 ******************************************************************************/

What is hwk?
===============
hwk is a collection of packet crafting/network flooding tools:

Syndicate content