Home 0P3N Blog Brute Force Password Tools List
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Brute Force Password Tools List

January 1, 2016
authors profile image
January 1, 2016
Brute Force Password Testing THC Hydra - https://github.com/vanhauser-thc/thc-hydra A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa. Brutus - https://technosnoop.com/2016/03/download-password-cracker-brutus/ Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN\*X version available although it is a possibility at some point in the future. No update since 2002 fgdump - https://www.aldeid.com/wiki/FGDump A Tool For Mass Password Auditing of Windows Systems. Not updated since 2008 HashCat - https://hashcat.net/hashcat/ Advanced Password Recovery – Multi-Hash, Muliti-OS – Multi-Algo – All attack modes – SSE2 and XOP accelerated. Very fast rules engine John the Ripper - http://www.openwall.com/john/ John the Ripper is a fast password cracker, currently available for many sflavors of Unix, Windows, DOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are WindowsLM hashes, plus lots of other hashes and ciphers in the community-enhanced version. Medusa - http://www.darknet.org.uk/2006/05/medusa-password-cracker-version-11-now-available-for-download/ Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing. Modular design.Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing. Ncat - https://nmap.org/ncat/ Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. Password Dictionary - https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm CrackStation's main password cracking dictionary (1,493,677,782 words, 15GB). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago. hgfhgfukgljhgjhgfhcdhgfjhgkjlkjk [facebook.com](https://www.cybrary.it/forums/topic/the-skills-section-of-the-profile/) good info Not sure what the top 2 replies are but mr smith thanks Again, very interesting try [Kali Linux](https://www.kali.org/) is best a tool! Hi i love kali linux hydra is best Code Comparison This table just lists latest available versions and platforms compatibility. Code Hydra Medusa Ncrack Version 8.4 2.1 0.4 alpha Last Update January 2017 April 2012 April 2011 Supported Platforms Linux, \*BSD, Solaris, Mac OS X, any Unix, Windows (Cygwin) Linux, \*BSD, Solaris and Mac OS X Linux, \*BSD, Mac OS X, Windows Features Table This table lists the feature sets of each tools. Feature Hydra Medusa Ncrack License AGPLv3 GPLv2 GPLv2 + Nmap terms IPv6 Support Yes No Yes Graphic User Interface Yes Yes No Internationalized support (RFC 4013) Yes No No HTTP proxy support Yes Yes No SOCKS proxy support Yes No No # of supported protocols 51 22 7 Services Coverage This table lists the services coverage of each tools. For each services, many authentication methods are possible. If you require other ways or find issues in Hydra, please contact us as the service depends on RFC implementations, some adjustements may be needed. Service Details Hydra Medusa Ncrack ADAM-6500 Yes No No AFP Yes Yes No Asterisk Yes No No Cisco Password Yes No No Cisco Enable Yes No No CVS Yes Yes No Firebird Yes No No FTP Yes Yes Yes SSL support AUTH TLS & FTP over SSL AUTH TLS & FTP over SSL No HTTP Method(s) GET, HEAD, POST GET GET Basic Auth Yes Yes Yes DIGEST-MD5 Auth Yes Yes No NTLM Auth Yes Yes No SSL support HTTPS HTTPS HTTPS HTTP Form Method(s) GET, POST GET, POST No SSL support HTTPS HTTPS No HTTP Proxy Basic Auth Yes No No DIGEST-MD5 Auth Yes No No NTLM Auth Yes No No SSL support HTTPS No No HTTP PROXY URL Enumeration Yes No No ICQ v5 Yes 1 No No IMAP LOGIN support Yes Yes No AUTH LOGIN support Yes No No AUTH PLAIN support Yes Yes No AUTH CRAM-MD5 support Yes No No AUTH CRAM-SHA1 support Yes No No AUTH CRAM-SHA256 support Yes No No AUTH DIGEST-MD5 support Yes No No AUTH NTLM support Yes Yes No AUTH SCRAM-SHA1 support Yes No No SSL support IMAPS & STARTTLS IMAPS & STARTTLS No IRC General server password Yes No No OPER mode password Yes No No LDAP v2, Simple support Yes No No v3, Simple support Yes No No v3, AUTH CRAM-MD5 support Yes No No v3, AUTH DIGEST-MD5 support Yes No No MS-SQL Yes Yes No MySQL v3.x Yes Yes No v4.x Yes Yes No v5.x Yes Yes No NCP Yes Yes No NNTP USER support Yes Yes No AUTH LOGIN support Yes No No AUTH PLAIN support Yes No No AUTH CRAM-MD5 support Yes No No AUTH DIGEST-MD5 support Yes No No AUTH NTLM support Yes No No SSL support STARTTLS & NNTP over SSL No No Oracle Database Yes Yes 2 No TNS Listener Yes No No SID Enumeration Yes No No PC-NFS Yes No No pcAnywhere Native Authentication Yes 1 Yes No OS Based Authentication (MS) No Yes No POP3 USER support Yes Yes Yes APOP support Yes No No AUTH LOGIN support Yes Yes No AUTH PLAIN support Yes Yes No AUTH CRAM-MD5 support Yes No No AUTH CRAM-SHA1 support Yes No No AUTH CRAM-SHA256 support Yes No No AUTH DIGEST-MD5 support Yes No No AUTH NTLM support Yes Yes No SSL Support POP3S & STARTTLS POP3S & STARTTLS POP3S PostgreSQL Yes Yes No RDP Windows Workstation Yes Yes 2 Yes Windows Server Yes Yes 2 Partial Domain Auth Yes Yes 2 No REDIS Yes No No REXEC Yes Yes No RLOGIN Yes Yes No RPCAP Yes No No RSH Yes Yes No RTSP Yes No No SAP R/3 Yes 1 No No Siemens S7-300 Yes No No SIP Yes 1 No No SSL support SIP over SSL No No SMB NetBIOS Mode Yes Yes No W2K Native Mode Yes Yes Yes Hash mode Yes Yes No Clear Text Auth Yes Yes No LMv1 Auth Yes Yes Yes LMv2 Auth Yes Yes Yes NTLMv1 Auth Yes Yes Yes NTLMv2 Auth Yes Yes Yes SMTP AUTH LOGIN support Yes Yes No AUTH PLAIN support Yes Yes No AUTH CRAM-MD5 support Yes No No AUTH DIGEST-MD5 support Yes No No AUTH NTLM support Yes Yes No SSL support SMTPS & STARTTLS SMTPS & STARTTLS No SMTP User Enum VRFY cmd Yes Yes No EXPN cmd Yes No No RCPT TO cmd Yes No No SNMP v1 Yes Yes No v2c Yes Yes No v3 Partial (MD5/SHA1 auth only)(MD5/SHA1 auth only) No No SOCKS v5, Password Auth Yes No No SSH v1 Yes No No v2 Yes Yes Yes SSH Keys v1, v2 Yes No No Subversion (SVN) Yes Yes No TeamSpeak TS2 Yes 1 No No Telnet Yes Yes Yes XMPP AUTH LOGIN support Yes No No AUTH PLAIN support Yes No No AUTH CRAM-MD5 support Yes No No AUTH DIGEST-MD5 support Yes No No AUTH SCRAM-SHA1 support Yes No No VMware Auth Daemon v1.00 / v1.10 Yes Yes No SSL support Yes Yes No VNC RFB 3.x password support Yes Yes No RFB 3.x user+password support No Partial(UltraVNC only) No RFB 4.x password support Yes Yes No RFB 4.x user+password support No Partial(UltraVNC only) No Speed Comparison This table gives some speed data (in second) for 2 popular services supported by each cracking tool (as of September 2011). The value displayed is the min value of 3 consecutive runs. Each tool was configured to run 1, 4 and 16 task(s)/job(s) at a time. A login and password lists corresponding to 20 attempts was used. The smaller the value the better. Speed (in s) Hydra Medusa Ncrack 1 Task / FTP module 11.93 12.97 18.01 4 Tasks / FTP module 4.20 5.24 9.01 16 Tasks / FTP module 2.44 2.71 12.01 1 Task / SSH v2 module 32.56 33.84 45.02 4 Tasks / SSH v2 module 10.95 Broken Missed 16 Tasks / SSH v2 module 5.14 Broken Missed kali love Good thread `hydra is powerful tool for password cracking hydra and john th ripper in tool for brute force nice Excellent ! Thanks Awesome thank you for all the input - sorry for the delay been buried all the way to chine doing my college fast track and getting all my cert along with a contract averaging 80 hourweeks lol it will be good if you use kali kali is awesome Thanks Thanks Interesting information, I have by chance stumbled upon a tool that tells you how long it takes to crack a password using brute force, and I'm not sure how accurate this is but its still fun: http://random-ize.com/how-long-to-hack-pass/
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry