Password audit

Cyber hacking is on the rise, with an attack occurring every 39 seconds, according to a University of Maryland study. Nowadays, it is all too common to hear stories on the news about both large and small companies falling victim to IT security breaches. One of the most common vulnerabilities within any organization’s cybersecurity is weak passwords. Hackers are resourceful, and they have plenty of ways to steal passwords to gain access to your private information or data.

JTR

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product, please consider John the Ripper Pro, which is distributed primarily in the form of “native” packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. Check for more information here.

Cain & Abel

Cain and Abel ( often abbreviated to Cain ) is a password recovery tool for Microsoft Windows. It can recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. Cryptanalysis attacks are done via rainbow tables which can be generated with the winrtgen.exe program provided with Cain and Abel. Check for more information here.

Aircrack

Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:

Monitoring, Attacking, Testing and
Cracking WEP and WPA PSK (WPA 1 and 2) are some of its attributes
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. Check for more information here.

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. Check for more information here.

Rainbowcrack

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables.

RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers. Check for more information here.

Wifite

To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool. Check for more information here.

Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Check for more information here.


%d bloggers like this: