Brute Force Password Tools ListApplication Security

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Application Security Brute Force Password Tools List

This topic contains 16 replies, has 13 voices, and was last updated by  JockBGood 1 year, 7 months ago.

Viewing 17 posts - 1 through 17 (of 17 total)
  • Author
    Posts
  • #74137

    jadenturner
    Participant

    Brute Force Password Testing

    THC Hydra – https://github.com/vanhauser-thc/thc-hydra A very fast network logon cracker which support many different services. See feature sets and services coverage page – incl. a speed comparison against ncrack and medusa.

    Brutus – http://technosnoop.com/2016/03/download-password-cracker-brutus/ Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. No update since 2002

    fgdump – https://www.aldeid.com/wiki/FGDump A Tool For Mass Password Auditing of Windows Systems. Not updated since 2008

    HashCat – https://hashcat.net/hashcat/ Advanced Password Recovery – Multi-Hash, Muliti-OS – Multi-Algo – All attack modes – SSE2 and XOP accelerated. Very fast rules engine

    John the Ripper – http://www.openwall.com/john/ John the Ripper is a fast password cracker, currently available for many sflavors of Unix, Windows, DOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are WindowsLM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

    Medusa – http://www.darknet.org.uk/2006/05/medusa-password-cracker-version-11-now-available-for-download/ Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing. Modular design.Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

    Ncat – https://nmap.org/ncat/ Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.

    Password Dictionary – https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm CrackStation’s main password cracking dictionary (1,493,677,782 words, 15GB). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago.

    #74430

    jadenturner
    Participant

    Not sure what the top 2 replies are but mr smith thanks

    #74472

    Bradwin Hudson
    Participant

    Again, very interesting

    #76424

    iulianbrinzoi
    Participant

    try Kali Linux is best a tool!

    #77375

    asimegbe3
    Participant

    i love kali linux

    #86248

    Anonymous

    hydra is best
    Code Comparison
    This table just lists latest available versions and platforms compatibility.
    Code Hydra Medusa Ncrack
    Version 8.4 2.1 0.4 alpha
    Last Update January 2017 April 2012 April 2011
    Supported Platforms Linux, *BSD, Solaris, Mac OS X, any Unix, Windows (Cygwin) Linux, *BSD, Solaris and Mac OS X Linux, *BSD, Mac OS X, Windows

    Features Table
    This table lists the feature sets of each tools.
    Feature Hydra Medusa Ncrack
    License AGPLv3 GPLv2 GPLv2 + Nmap terms
    IPv6 Support Yes No Yes
    Graphic User Interface Yes Yes No
    Internationalized support (RFC 4013) Yes No No
    HTTP proxy support Yes Yes No
    SOCKS proxy support Yes No No
    # of supported protocols 51 22 7

    Services Coverage
    This table lists the services coverage of each tools. For each services, many authentication methods are possible. If you require other ways or find issues in Hydra, please contact us as the service depends on RFC implementations, some adjustements may be needed.
    Service Details Hydra Medusa Ncrack
    ADAM-6500 Yes No No
    AFP Yes Yes No
    Asterisk Yes No No
    Cisco Password Yes No No
    Cisco Enable Yes No No
    CVS Yes Yes No
    Firebird Yes No No
    FTP Yes Yes Yes
    SSL support AUTH TLS & FTP over SSL AUTH TLS & FTP over SSL No
    HTTP Method(s) GET, HEAD, POST GET GET
    Basic Auth Yes Yes Yes
    DIGEST-MD5 Auth Yes Yes No
    NTLM Auth Yes Yes No
    SSL support HTTPS HTTPS HTTPS
    HTTP Form Method(s) GET, POST GET, POST No
    SSL support HTTPS HTTPS No
    HTTP Proxy Basic Auth Yes No No
    DIGEST-MD5 Auth Yes No No
    NTLM Auth Yes No No
    SSL support HTTPS No No
    HTTP PROXY URL Enumeration Yes No No
    ICQ v5 Yes 1 No No
    IMAP LOGIN support Yes Yes No
    AUTH LOGIN support Yes No No
    AUTH PLAIN support Yes Yes No
    AUTH CRAM-MD5 support Yes No No
    AUTH CRAM-SHA1 support Yes No No
    AUTH CRAM-SHA256 support Yes No No
    AUTH DIGEST-MD5 support Yes No No
    AUTH NTLM support Yes Yes No
    AUTH SCRAM-SHA1 support Yes No No
    SSL support IMAPS & STARTTLS IMAPS & STARTTLS No
    IRC General server password Yes No No
    OPER mode password Yes No No
    LDAP v2, Simple support Yes No No
    v3, Simple support Yes No No
    v3, AUTH CRAM-MD5 support Yes No No
    v3, AUTH DIGEST-MD5 support Yes No No
    MS-SQL Yes Yes No
    MySQL v3.x Yes Yes No
    v4.x Yes Yes No
    v5.x Yes Yes No
    NCP Yes Yes No
    NNTP USER support Yes Yes No
    AUTH LOGIN support Yes No No
    AUTH PLAIN support Yes No No
    AUTH CRAM-MD5 support Yes No No
    AUTH DIGEST-MD5 support Yes No No
    AUTH NTLM support Yes No No
    SSL support STARTTLS & NNTP over SSL No No
    Oracle Database Yes Yes 2 No
    TNS Listener Yes No No
    SID Enumeration Yes No No
    PC-NFS Yes No No
    pcAnywhere Native Authentication Yes 1 Yes No
    OS Based Authentication (MS) No Yes No
    POP3 USER support Yes Yes Yes
    APOP support Yes No No
    AUTH LOGIN support Yes Yes No
    AUTH PLAIN support Yes Yes No
    AUTH CRAM-MD5 support Yes No No
    AUTH CRAM-SHA1 support Yes No No
    AUTH CRAM-SHA256 support Yes No No
    AUTH DIGEST-MD5 support Yes No No
    AUTH NTLM support Yes Yes No
    SSL Support POP3S & STARTTLS POP3S & STARTTLS POP3S
    PostgreSQL Yes Yes No
    RDP Windows Workstation Yes Yes 2 Yes
    Windows Server Yes Yes 2 Partial
    Domain Auth Yes Yes 2 No
    REDIS Yes No No
    REXEC Yes Yes No
    RLOGIN Yes Yes No
    RPCAP Yes No No
    RSH Yes Yes No
    RTSP Yes No No
    SAP R/3 Yes 1 No No
    Siemens S7-300 Yes No No
    SIP Yes 1 No No
    SSL support SIP over SSL No No
    SMB NetBIOS Mode Yes Yes No
    W2K Native Mode Yes Yes Yes
    Hash mode Yes Yes No
    Clear Text Auth Yes Yes No
    LMv1 Auth Yes Yes Yes
    LMv2 Auth Yes Yes Yes
    NTLMv1 Auth Yes Yes Yes
    NTLMv2 Auth Yes Yes Yes
    SMTP AUTH LOGIN support Yes Yes No
    AUTH PLAIN support Yes Yes No
    AUTH CRAM-MD5 support Yes No No
    AUTH DIGEST-MD5 support Yes No No
    AUTH NTLM support Yes Yes No
    SSL support SMTPS & STARTTLS SMTPS & STARTTLS No
    SMTP User Enum VRFY cmd Yes Yes No
    EXPN cmd Yes No No
    RCPT TO cmd Yes No No
    SNMP v1 Yes Yes No
    v2c Yes Yes No
    v3 Partial (MD5/SHA1 auth only)(MD5/SHA1 auth only) No No
    SOCKS v5, Password Auth Yes No No
    SSH v1 Yes No No
    v2 Yes Yes Yes
    SSH Keys v1, v2 Yes No No
    Subversion (SVN) Yes Yes No
    TeamSpeak TS2 Yes 1 No No
    Telnet Yes Yes Yes
    XMPP AUTH LOGIN support Yes No No
    AUTH PLAIN support Yes No No
    AUTH CRAM-MD5 support Yes No No
    AUTH DIGEST-MD5 support Yes No No
    AUTH SCRAM-SHA1 support Yes No No
    VMware Auth Daemon v1.00 / v1.10 Yes Yes No
    SSL support Yes Yes No
    VNC RFB 3.x password support Yes Yes No
    RFB 3.x user+password support No Partial(UltraVNC only) No
    RFB 4.x password support Yes Yes No
    RFB 4.x user+password support No Partial(UltraVNC only) No

    Speed Comparison
    This table gives some speed data (in second) for 2 popular services supported by each cracking tool (as of September 2011). The value displayed is the min value of 3 consecutive runs. Each tool was configured to run 1, 4 and 16 task(s)/job(s) at a time. A login and password lists corresponding to 20 attempts was used. The smaller the value the better.
    Speed (in s) Hydra Medusa Ncrack
    1 Task / FTP module 11.93 12.97 18.01
    4 Tasks / FTP module 4.20 5.24 9.01
    16 Tasks / FTP module 2.44 2.71 12.01
    1 Task / SSH v2 module 32.56 33.84 45.02
    4 Tasks / SSH v2 module 10.95 Broken Missed
    16 Tasks / SSH v2 module 5.14 Broken Missed

    #86610

    gowtham5
    Participant

    kali love

    #88081

    cybermo
    Participant

    Good thread

    #88332

    makwanaram
    Participant

    `hydra is powerful tool for password cracking

    • This reply was modified 2 years, 8 months ago by  makwanaram.
    #88334

    virusrimi
    Participant

    hydra and john th ripper in tool for brute force

    #88393

    gowtham5
    Participant

    nice

    #88423

    romualds
    Participant

    Excellent ! Thanks

    #93095

    jadenturner
    Participant

    Awesome thank you for all the input – sorry for the delay been buried all the way to chine doing my college fast track and getting all my cert along with a contract averaging 80 hourweeks lol

    #93894

    zarsoule
    Participant

    it will be good if you use kali

    #94288

    zarsoule
    Participant

    kali is awesome

    #106106

    tgtrasher
    Participant

    Thanks

    #115050

    JockBGood
    Participant

    Interesting information, I have by chance stumbled upon a tool that tells you how long it takes to crack a password using brute force, and I’m not sure how accurate this is but its still fun:
    http://random-ize.com/how-long-to-hack-pass/

Viewing 17 posts - 1 through 17 (of 17 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel