Main Page‎ > ‎

Password Cracking Tools

The tools page is divided into two parts
Cracking Tools: Tools that would be used in a password cracking session. This included the acual password crackers, input dictionary creation programs, and password guess generators
  • John the Ripper Config generator - Note, currently making a new version from scratch. Probably won't be done by defcon, but it should be out by mid-August. Unitil then you can get the old version here, but I'd recommend waiting since it's fairly user unfriendly.
  • LFcracker - (L)arge (F)ile Cracker - Originally written to audit large (200k+) lists of passwords. Multi-threaded, and supports most hash types including NTLM, MD5, SHA1, ORACLE, and vBulletin.
  • PCFG Generator - Needs a better name, (if you have one please let me know). Uses probability models to create password guesses. Think of it as the next generation of word mangling rules. It really helps, specifically when attacking "strong" passwords.
  • Wikipedia Wordist Generator - Creates custom wordlists based on Wikipedia articles
  • NSFW ASCII Art Generator - The name says it all...
  • Middle Child - Applies mangling rules to a streaming input via stdin, and then outputs the results via stdout to another password cracking program like JtR
Parsing Tools: Tools for evaluating cracked passwords. Can be used to create input dictionaries or design new attack types
  • Edit Distance Parser - Compares the edit distance of passwords to an input dictionary. Very useful for creating a "Best of Breed" wordlist, evaluating the strength of passwords, and discovering new word mangling rules. Currently included in the PFG Generator page above since I was too lazy to create it's own page.
  • Password Statistics - Automatically parses password lists for letter frequency analysis, average length, complexity, % of passwords that use numbers, etc.
  • JtR + Cain&Able Play Nice - Parses John the Ripper and Cain&Able .pot files to extract a list of cracked passwords. Useful when transfering password lists from one password cracker to another. Also may be used to create a wordlist of cracked passwords to use in other password cracking attacks, (aka use the words from cracked MD5 passwords to attack Sha1 passwords).