Password Cracker

Takes passwords to plaintext, via various means (usually bruteforce)


JMSDigger is a new tool that can be leveraged to engage and assess enterprise messaging applications with the current release focuses on ActiveMQ. JMSDigger has following features:

Validate credentials and perform credential bruteforce
Dump destinations (topics, queues and queue browsers)
Create, dump and delete durable subscribers
Perform anonymous authentication
Password Decryption
Retrieve Statistics for Broker, Topic and Queues
Create dynamic queues and topics


Voice over IP penetration testing tookit providing SIP and NGN Services Testing Modules for Metasploit Framework

Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.


A tool for parsing MS-CHAPv2 handshakes, which can then be submitted to CloudCracker for cracking.


SIPcrack is a toolsuite for sniffing and bruteforcing the digest authenticiation password that is sent by SIP clients registering at a SIP server. SIPcrack contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input.


Password cracking utility for zip files


Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases


Scully is a client interface to MSSQL and MySQL database servers. No more need for MSSQL/MySQL client libraries to be installed and no more need to setup an ODBC connection either. Simply add IP/Hostname, username, password, port and database name and SQL away.

Scully also performs password brute forcing for MySQL and MSSQL, by clicking "Brute Force" a little window pops out and you simply provide a server,username, port and specify MySQL/MSSQL, then you also provide a txt file list of passwords and click "Start". Scully will quickly attempt to brute force the correct password, one also has the option to set "debug" to view the progress of the brute force.


A simple sshd password bruteforcer using a wordlist, it's very fast for internal networks & multithreaded.


WebSlayer is a tool designed for brute forcing Web Applications, it can be used to discover not linked resources (directories, servlets, scripts, etc), brute force GET and POST parameters, brute force Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and a easy and powerful results analyzer to aid the tester in all the brute force tests.

MSSQL Scanner Pentesting Tool

MSSQLScanner is a multithreaded java based dictionary attack tool with the capability of spawning an SQL Query Shell and xp_cmdshell for pentesting your MS SQL Database server.

Syndicate content