GoCrack is a management frontend for password cracking tools written in Go.

GoCrack provides APIs to manage password cracking tasks across supported cracking engines.

This tool can lead to password exposure.

Non-interactive ssh password auth download.

Sshpass is a tool for non-interactivly performing password authentication with SSH's so called "interactive keyboard password authentication". Most user should use SSH's more secure public key authentiaction instead.

• SSH password automation in Linux with sshpass @ RedHat Enable Sysadmin.
• sshpass : Se connecter en SSH sans saisir le mot de passe @ Adrien Linuxtricks' YouTube :fr:.

Identify the accounts most vulnerable to dictionary attacks.

PassTester is a tool for finding user passwords that are most vulnerable to dictionary attacks. The aim is to prompt the users concerned to choose a more secure password.

• Comment peut-on évaluer la résistance des mots de passe utilisateurs aux attaques par dictionnaire lors d'un audit de sécurité ? @ Aurélien BOURDOIS's LinkedIn :fr:.

Each entry has about 42 bits of randomness. Queries are not recorded. Randomness is probably as good as the random resource in the operating system.

get things from one computer to another, safely.

This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.

• Magic Wormhole @ Read the Docs.
• Wormhole: Transférer des Secrets @ Culture et Outils DevSecOps :fr:.

Securely Send a Password.

🔐 An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.

• Password Pusher @ GitHub.
• 6 outils de FOU pour les DEVS 🤯 @ YoanDev's YouTube.

A default credential scanner.

changeme picks up where commercial scanners leave off. It focuses on detecting default and backdoor credentials and not necessarily common credentials. It's default mode is to scan HTTP default credentials, but has support for other credentials.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

• Sauvez vos vieux routeurs en retrouvant leurs mots de passe par défaut ! @ Korben :fr:.

World's fastest and most advanced password recovery utility.

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.

• Cybersécurité : les erreurs courantes de configuration réseau @ Silicon (fr).

Free and Open Source password manager for Android, iOS, MacOS, Linux and Windows. Compatible with KeePass.

the open source solution for two factor authentication.
LinOTP accommodates many different OTP algorithms using a modular approach. This includes the OATH standards such as HMAC (RFC 4226) and time-based HMAC. But LinOTP's design makes it easy to create your own tokens with different algorithms, including challenge-response tokens, tokens based on QR codes, and tokens based on push-type messages.

Manage Secrets & Protect Sensitive Data

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

Online WPA WPA2 NTLM MD5 DESCRYPT MD5CRYPT Password Cracker.
Crackq is an online distributed GPU-accelerated password cracker designed to help penetration testers and network auditors identify weak passwords. It supports a number of hash types and we are actively adding new algorithms. There are no delays associated with manual submissions and payment processing. The results are emailed automatically as soon as the hash is processed.

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software. At this moment, it supports 22 Programs on Microsoft Windows and 12 on a Linux/Unix-Like OS.

Retrouvez les informations sensibles qui se cachent dans vos emails avant qu'elles ne tombent entre les mains d'un pirate informatique

A JQuery plugin that converts a password input into an advanced widget with strength validation meter and toggle mask to show/hide the password. The password strength is validated as you type.

Johnny is a GUI for John the Ripper. It was proposed by Shinnok. You could look onto original version on John the Ripper GUI sketches page.

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.