Scroll To Top

Top 10 Password Cracking Tools for Windows, Linux and Web Applications

Posted in Download, Security, Technology2 years ago • Written by Shais12 Comments

A simple details about password cracking tools from wiki. In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password. Generally Password cracker not hacking a password ,these software is only recover your password. Got it? So don’t use against someone’s system or illegally.

The other purposes of password cracking tools might be to help a user recover a forgotten password of a system or any software. But in the world of hacking, hackers are using such a tools to break or crack the stolen password hashes of a database. Or using them to hack wireless network and crack the passwords. So hope you completely understand the main purpose of password cracking tools.

List of Top 10 Password Cracking Tools

 

OphCrack

OphCrack

#1. OphCrack

It is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. See some features of Ophcrack password cracking tools. The uploaded version of Ophcrack compiled for Windows 64-bit platforms. This version can preload tables using the whole RAM available instead of only 2GB on 32-bit platforms.

Features:

  • Runs on Windows, Linux/Unix, Mac OS X, …
  • Cracks LM and NTLM hashes.
  • Free tables available for Windows XP and Vista/7/8.1.
  • Brute-force module for simple passwords.
  • Audit mode and CSV export.
  • Real-time graphs to analyze the passwords.
  • Live CD available to simplify the cracking.
  • Dumps and loads hashes from encrypted SAM recovered from a Windows partition.
  • Free and open source software (GPL).

Download the latest Ophcrack version from sourceforge, the open source software storage.

RainbowCrack

RainbowCrack

2. RainbowCrack

The RainbowCrack password cracking tolls is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.

A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, then compare the hashes with the hash to be cracked. Once a match is found, the plaintext is found. If all possible plaintexts are tested and no match is found, the plaintext is not found. With this type of hash cracking, all intermediate computation results are discarded.

Features:

  • Full time-memory tradeoff tool suites, including rainbow table generation, sort, conversion and lookup
  • Support rainbow table of any hash algorithm
  • Support rainbow table of any charset
  • Support rainbow table in raw file format (.rt) and compact file format (.rtc)
  • Computation on multi-core processor support
  • GPU acceleration with NVIDIA GPUs (CUDA technology)
  • GPU acceleration with AMD GPUs (OpenCL technology)
  • GPU acceleration with multiple GPUs
  • Runs on Windows operating systems
  • Windows XP 32-bit / 64-bit
  • Windows Vista 32-bit / 64-bit
  • Windows 7 32-bit / 64-bit
  • Windows 8 32-bit / 64-bit
  • Runs on Linux operating systems (x86 and x86_64)
  • Unified rainbow table file format on all supported operating systems
  • Command line user interface
  • Graphics user interface

Download the latest version of RainbowCrack password cracking tools from project-rainbowcrack website.

HashCat Advanced Password Recovery

HashCat Advanced Password Recovery

3. HashCat

Hashcat is the world’s fastest CPU-based password recovery tool. While it’s not as fast as its GPU counterpart oclHashcat, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write Hashcat: To make use of the multiple cores of modern CPUs.

Features: 

  • Worlds fastest password cracker
  • Worlds first and only GPGPU based rule engine
  • Free
  • Multi-GPU (up to 128 gpus)
  • Multi-Hash (up to 100 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Platform (OpenCL & CUDA support)
  • Multi-Algo (see below)
  • Low resource utilization, you can still watch movies or play games while cracking
  • Focuses highly iterated modern hashes
  • Focuses dictionary based attacks
  • Supports distributed cracking
  • Supports pause / resume while cracking
  • Supports sessions
  • Supports restore
  • Supports reading words from file
  • Supports reading words from stdin
  • Supports hex-salt
  • Supports hex-charset
  • Built-in benchmarking system
  • Integrated thermal watchdog
  • 150+ Algorithms implemented with performance in mind
  • … and much more

Download the latest version HashCat from oclhashcat website.

 

Cain & Abel

Cain & Abel

4. Cain & Abel

Is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords.

It also help you for recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

Download the latest version of Cain and Abel from oxit website which crate and support this software.

wfuzz

wfuzz

 5. Wfuzz Password Cracking Tools 

Time for special password cracking tools for web applications. The Wfuzz password cracking tools is a software designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. See some features below and read full details at edge-security website.

Some Features:

  • Multiple Injection points capability with multiple dictionaries
  • Recursion (When doing directory bruteforce)
  • Post, headers and authentication data brute forcing
  • Output to HTML
  • Colored output
  • Hide results by return code, word numbers, line numbers, regex.
  • Cookies fuzzing
  • Multi threading
  • Proxy support
  • SOCK support
  • Time delays between requests
  • Authentication support (NTLM, Basic)
  • All parameters bruteforcing (POST and GET)
  • Multiple encoders per payload
  • Payload combinations with iterators
  • Baseline request (to filter results against)
  • Brute force HTTP methods
  • Multiple proxy support (each request through a different proxy)
  • HEAD scan (faster for resource discovery)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i,
    Vignette, Coldfusion and many more.i
    (Many dictionaries are from Darkraver’s Dirb, www.open-labs.org)s

Download the latest version from edge-security website.

Brutus Password Cracking Tools

Brutus Password Cracking Tools

6. Brutus Password Cracking Tools

The Brutus is also a good password cracking tools for web application but it is not updated for many years. You might still need as web application password cracker. Brutus was one of the most popular remote online password cracking tools. It claims to be the fastest and most flexible password cracking tool. This tool is free and is only available for Windows systems. It was released back in October 2000.

Features:

Brutus version AET2 is the current release and includes the following authentication types :

  • HTTP (Basic Authentication)
  • HTTP (HTML Form/CGI)
  • POP3
  • FTP
  • SMB
  • Telnet
  • Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.

The current release includes the following functionality :

  • Multi-stage authentication engine
  • 60 simultaneous target connections
  • No username, single username and multiple username modes
  • Password list, combo (user/password) list and configurable brute force modes
  • Highly customisable authentication sequences
  • Load and resume position
  • Import and Export custom authentication types as BAD files seamlessly
  • SOCKS proxy support for all authentication types
  • User and password list generation and manipulation functionality
  • HTML Form interpretation for HTML Form/CGI authentication types
  • Error handling and recovery capability inc. resume after crash/failure.

If you would like to use this old and out of date tools, download from hoobie website.

John the Ripper

John the Ripper

7. John the Ripper

The John the Ripper is a fast opensource password cracking tools, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Download John the Ripper from openwall website, the place to bringing security into open environment.

THC Hydra

THC Hydra

 8. THC Hydra

The THC-Hydra is a very fast network logon cracker which support many different services. When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more.

Download the THC Hydra from THC website and see feature sets and services coverage also.

L0phtCrack

L0phtCrack

9. L0phtCrack

The L0phtCrack Password Cracking Tools is an alternative to OphCrack. It attempts to crack Windows password from hashes. For cracking passwords, it uses Windows workstations, network servers, primary domain controllers, and Active Directory. It also uses dictionary and brute force attacking for generating and guessing passwords.

Features: 

  • L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.
  • Range of Target Systems Software runs On Windows XP and higher. Operates on networks with Windows NT, 2000, XP, Server 2003 R1/R2, Server 2008 R1/R2, on 32- and 64-bit environments, as well as most BSD and Linux variants with an SSH daemon.
  • Password Scoring
  • Pre-computed Dictionary Support
  • Windows & Unix Password Support
  • Remote password retrieval
  • Scheduled Scans
  • Remediation
  • Updated Vista/Windows 7 Style UI
  • Executive Level Reporting
  • Password Risk Status
  • Password Audit Method
  • Password Character Sets
  • Password Length Distribution
  • Summary Report

Download the latest version from l0phtcrack website.

aircrack-ng

aircrack-ng

10. Aircrack-NG

The aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks. To secure a Wireless network against Wireless hacking read the article “5 Steps to Secure your home Wireless Network“.

Download the Aircrack-ng from aircrack-ng website, where you can find more information about this Wireless Password Cracking Tools. You might need to read “5 ways to Hack Wireless Network” article that is a good way to secure your Wireless Network.

Footus Password Cracking Tools

Footus Password Cracking Tools

11. Medusa

The Medusa password Cracking tool is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:

Features:

  • Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
  • Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
  • Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.
  • Multiple protocols supported. Many services are currently supported (e.g. SMB, HTTP, POP3, MS-SQL, SSHv2, among others).

Download the latest Medusa tools from foofus website which support the fgdump tool for mass password Auditing of Windows Systems. It is also a best cracking tools.

Conclusion For Cracking Tools

These are the most popular tools that hackers are using for cracking password hashes and codes of web applications and operating systems. I’m sure that there are many powerful password cracking tools that I miss to bring the list, so tell us the name please in order to complete this list.

If you need more information about such a tools, read the password cracking section of Certified Ethical Hacking (CEH) from ec-council academy. And the post “Certification Road-map for Information Security” for security lovers.


TAGS: , , , ,
About this Author
Shais

I'm a network and Information Security instructor. Here is my online pictorial notebook. I would like to write and share my experience through this website for computer enthusiasts and technology geeks.

Like us on Facebook
on Facebook
Shais

Follow me on Twitter
Follow @technigs on Twitter
Shais
Add me on Google+
on Google+
Shais

12 Comments so far. Feel free to join this conversation.

  1. kararApril 19, 2015 at 7:39 am - Reply

    Great sir !
    Thats Amazing tools 😉

  2. noslaMay 26, 2015 at 12:30 am - Reply
    • Shais
      ShaisMay 26, 2015 at 10:33 pm - Reply

      HashCat is on the list now.
      Thanks

  3. DavidMay 26, 2015 at 2:44 pm - Reply

    Nice toolkit! I would recommend PCUnlocker which can not only reset lost Windows password, but also bypass Windows password authentication through changing Windows kernel during startup.

    • Shais
      ShaisMay 26, 2015 at 10:42 pm - Reply

      Thanks David
      PCUnlocker is not a cracking tool. It is just reset the Windows password which you can do simply as this post “http://www.technig.com/reset-forgotten-windows-10-password/” without paying.

  4. honey kingJuly 21, 2015 at 1:12 am - Reply

    i trust this word

    thankssssssssssssss

  5. PoonamOctober 5, 2015 at 10:45 am - Reply

    You will get number of important Windows password recovery tools in the SysInfoTools. The all tools have unique and advanced features through which you can easily recover the passwords.

    • Shais
      ShaisOctober 5, 2015 at 11:58 am - Reply

      Yes, the good tools, but they are commercial…

  6. seoDecember 15, 2015 at 2:33 am - Reply

    Hello Web Admin, I noticed that your On-Page SEO is is missing a few factors, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, You now NEED On-Page SEO. So what is good On-Page SEO?First your keyword must appear in the title.Then it must appear in the URL.You have to optimize your keyword and make sure that it has a nice keyword density of 3-5% in your article with relevant LSI (Latent Semantic Indexing). Then you should spread all H1,H2,H3 tags in your article.Your Keyword should appear in your first paragraph and in the last sentence of the page. You should have relevant usage of Bold and italics of your keyword.There should be one internal link to a page on your blog and you should have one image with an alt tag that has your keyword….wait there’s even more Now what if i told you there was a simple WordPress plugin that does all the On-Page SEO, and automatically for you?

  7. DainlenJune 14, 2016 at 7:37 am - Reply

    I used ophcrack but not succeed, it runs fine until it says “no tables found”.

    and I found another password recovery tool: iSeePassword. it works fine, safe and easy, but it’s not free. Cost $17.

  8. MacanJune 17, 2016 at 7:45 am - Reply

    Which one is the fastest? From my own opinion, resetting password is much easier than cracking the password in regards to windows password. I can UUkeys Windows Password Recovery to set the password in a few minutes. but it takes much longer time to let ophcrack break the password.

    • Shais
      ShaisJune 17, 2016 at 1:40 pm - Reply

      Exactly, it takes too much time to crack with these password cracking tools.

Leave A Response