Best programs to crack passwords
Best programs to crack passwords – An important issue is that these tools should only be used in our own infrastructures or in which we have the permission of the administrator. Otherwise, it should be noted that it would be illegal.
Brutus
One of the oldest and still supported password cracking tools is Brutus. In addition, it is free, its first version dates back to 1998 and it is available for computers with a Windows operating system.
The current version of Brutus includes the following types of authentication: HTTP, HTTPS, POP3, FTP, SMB, Telnet and IMAP, NNTP and NetBus could be added.
Among its features we have a multi-stage authentication engine and it allows 60 simultaneous destination connections. It also has a list of passwords, configurable brute force modes and also allows you to pause and resume attacks at the same point where you left off.
Cain and Abel
The developer of Cain and Abel is Massimiliano Montoro, it is a proprietary program that was distributed free of charge. It should be noted that its latest version is from 2014 and that it is a product that will not have any more updates, although for some tasks it may still be interesting.
Cain & Abel is a password recovery tool for Microsoft operating systems. Thanks to it we can easily recover various types of passwords by tracing the network, cracking encrypted passwords using dictionary attacks, brute force and cryptanalysis. In addition, we can also record VoIP conversations, decrypt scrambled passwords, recover wireless network keys, reveal password boxes, discover cached passwords, and analyze routing protocols. This program does not exploit any vulnerability, but seeks to obtain passwords using conventional techniques.
Some of the benefits of this application are:
- It is free, and they do not have any kind of charge.
- It includes several methods to crack passwords.
- Password recovery is fast when it comes to simple passwords
- It performs best when used with Windows XP, 2000 and NT.
On the other hand, it also has some cons that we must take into account:
- We must download the correct “Rainbow Tables”. These can be easily found on the internet.
- It is an installation software. Although it is not bad, it is a drawback compared to others that are portable.
- The procedure is quite long.
- It does not receive updates.
- Does not support UEFI-based computers.
Rainbowcrack
Another of the tools to crack passwords is RainbowCrack, which uses previously processed tables, called Rainbow, which considerably reduce the time it takes to crack the keys. This program is up to date and can be used on both Windows 7 / 10 and Linux with Ubuntu. Thus we have Rainbow tables of LM, NTLM, MD5, SHA1, SHA256 and customizable hash algorithms.
It should also be noted that generating these tables takes a lot of time and effort, both human and processor. For this reason there are tables created both free and paid. Thanks to them, it is possible to avoid having to process them personally and thus from the beginning we would already have RainbowCrack ready to work.
John the Ripper
John the Ripper can be defined as an open source password security auditing and recovery tool. It should be noted that it is available for various operating systems such as Windows, MacOS and Windows. This software supports hundreds of encryption and hashing types, including for Unix, macOS, and Windows version user passwords. Also comment that it is a current and supported software. In addition, we can say that it is reliable as the open source code is available to everyone.
If you want to test your passwords and see if they are really protected, John the Ripper is a good alternative. In this way you will be able to generate stronger keys, use more current encryption and, in short, solve problems that may affect your privacy and security.
Wfuzz
Wfuzz is another of the password cracking tools that we can use. In that sense, this software is designed to carry out brute force attacks against web applications. Thus, it could be used to search for hidden resources on servers and also to use brute force against login forms and carry out different injection attacks (SQL, XSS, LDAP, etc.) in order to gain access to the server.
Another positive thing is that it is updated software. Also Wfuzz is more than just a web content scanner and could be used for:
- Protecting our web applications by finding and exploiting vulnerabilities in those web applications.
- It offers a completely modular framework and makes it easy for even the newest Python developers to contribute.