Wireless Security Auditing - Fern Wifi Cracker

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks

Fern Wifi Cracker Features:

ºWEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or ºWPS attack
ºWPA/WPA2 Cracking with Dictionary or WPS based attacks
ºAutomatic saving of key in database on successful crack
ºAutomatic Access Point Attack System
ºSession Hijacking (Passive and Ethernet Modes)
ºAccess Point MAC Address Geo Location Tracking
ºInternal MITM Engine
ºBruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
ºUpdate Support>

Operating System Supported

The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:

ºUbuntu KDE/GNOME
ºBackTrack Linux
ºBackBox Linux

Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using “apt-get install program” or otherwise downloaded and installed manually

ºAircrack-NG
ºPython-Scapy
ºPython Qt4
ºPython
ºSubversion
ºXterm
ºReaver (for WPS Attacks)
ºMacchanger

Downlaod Fern Wifi Cracker

Read More

GPU Password Auditing - Cryptohaze

Cryptohaze is the home of high performance, open source, network-enabled, US-based cross-platform GPU and OpenCL accelerated password auditing tools for security professionals. Currently, many security professionals are at a serious disadvantage in auditing as they cannot submit hashes to online hash databases due to the terms of their auditing agreement. Cryptohaze tools are aimed at providing high quality tools that run on any platform – Windows, Linux, or OS X. The tools run on all platforms that support CUDA or OpenCL (currently Windows, Linux, OS X). If you don’t have a GPU – the OpenCL code will run just fine on your host CPU!

GPU Password Auditing


The Cryptohaze tools are designed for both nVidia based graphics cards, and OpenCL devices (nVidia and ATI/AMD graphics cards, and Intel/AMD CPUs). Right now, the old Multiforcer requires CUDA support (so nVidia cards only), but the rainbow table tools and the new Multiforcer work on anything with a CPU, including Atom based devices. For best performance, a top of the line ATI card is recommended. nVidia cards simply do not have the hash performance of ATI right now. The tools do support BFI_INT and other ATI-specific operations to improve performance rather significantly over nVidia cards. That said, if you value your sanity, nVidia may be a better option for these tools. ATI’s driver support, especially under Linux, leaves much to be desired and they do not seem to care to fix it. nVidia support is reliable, tested, and is less likely to leave you balding. And the uptime of an nVidia server may compensate for the reduced performance.

Cryptohaze Multiforcer

The Cryptohaze Multiforcer is a high performance CUDA password cracker that is designed to target large lists of hashes. Performance holds very solid with large lists, such that on a suitable server, cracking a list of 1 000 000 passwords is not significantly slower than cracking a list of 10. For anyone who deals with large lists of passwords, this is a very useful tool! Algorithm support includes MD5, NTLM, LM, SHA1, and many others.

Multiforcer New (MFN)

The Multiforcer New is a total ground up rewrite of the Cryptohaze Multiforcer with CUDA, OpenCL, and CPU (SSE/AVX/etc) support. It remains focused on brute forcing large hash lists, and scales very well. It also is designed for network clustering of machines – no longer are you limited to running your hashes with a single machine! Other tools have varying levels of network support, but Cryptohaze is the only open source tool with easy to use built in networking.

Cryptohaze GPU Rainbow Tables

There has been very little development in the promising Rainbow Table technology over the past several years. Cryptohaze GPU Rainbow table are a totally fresh implementation of rainbow tables, leveraging the strengths of the nVidia GPUs and OpenCL devices to allow for much larger table spaces and coverage. While the stock RainbowCrack tables use chain lengths of 10 000, the Cryptohaze tables use a chain length of 200 000. This allows much larger attack spaces – NTLM tables for full US charset (95 characters) length 8 are available, and other tables will become available as they are created. While doing this, cracking times on a high performance server remain very reasonable – in some cases, under 2 minutes per password!


OpenCL support is present for the rainbow table tools, and is present in the new alpha Multiforcer. If you are interested in helping to port the tools to OpenCL, drop author a line!

Download Cryptohaze

Read More

TrueCrypt brute-force password cracker - TrueCrack

TrueCrack is a brute-force password cracker for TrueCrypt volume files. It works on Linux and it is optimized for Nvidia Cuda technology

Algorithms:

ºPBKDF2 (defined in PKCS5 v2.0) is based on RIPEMD160 Key derivation function.
ºXTS block cipher mode for hard disk encryption based on AES.


TrueCrypt brute-force password cracker:

ºDictionary attack: reads the passwords from a file of only words (one password for line).
ºCharset attack: generates the passwords from a set of symbols defined from the user (for example: all possible strings of n characters from the charset “abc” ).


Performance

The execution time of TrueCrack for a dictionary attack is (average word length 10 characters):

        CPU  3.00GHz   GTX650    GTX680
1000     0m  12.031s 0m  3.771s 0m 2.693s
10000    2m   0.421s 0m 15.893s 0m 5.628s
100000  20m   3.811s 2m 20.379s 0m 37.610s


Dictionary attack:

truecrack -t truecrypt_file -w passwords_file [-k ripemd160 | -k sha512 | -k whirlpool] [-e aes | -e serpent | -e twofish] [-a blocks] [-b] [-H] [-r number]


Alphabet attack:

truecrack -t truecrypt_file -c alphabet [-s minlength] -m maxlength [-k ripemd160 | -k sha512 | -k whirlpool] [-e aes | -e serpent | -e twofish] [-a blocks] [-b] [-H] [-r number]


Usage

-h --help Display this information.
-t --truecrypt <truecrypt_file> Truecrypt volume file.
-k --key <ripemd160 | sha512 | whirlpool> Key derivation function (default ripemd160).
-e --encryption <aes | serpent | twofish> Encryption algorithm (default aes).
-a --aggressive <blocks> Number of parallel computations (board dependent).
-w --wordlist <wordlist_file> File of words, for Dictionary attack.
-c --charset <alphabet> Alphabet generator, for Alphabet attack.
-m --maxlength <maxlength> Maximum length of passwords, for Alphabet attack.
-s --startlength <minlength> Starting length of passwords, for Alphabet attack (default 1).
-r --restore <number> Restore the computation.
-b --backup Backup header instead of volume header.
-H --hidden Hidden Truecrypt volume.
-v --verbose Show verbose messages.


How To Install

cd truecrack
./configure
make
sudo make install


How To Configure ?

./configure
--enable-debug : enable nVidia CUDA debug mode [default=no]
--enable-cpu : disable cuda nvidia GPU and use CPU [default=no]
--with-cuda=PATH : prefix where cuda is installed [default=auto]

Download TrueCrack

Read More

Extreme GPU - Bruteforcer

Extreme GPU Bruteforcer is a professional solution for the recovery of passwords from hashes using GPU. The software supports hashes of the following types: MySQL, MySQL5, DES(Unix), MD4, MD5, MD5(Unix), MD5(APR), MD5(phpBB3), MD5(WordPress), LM, NTLM, SHA-1 and many others.

On modern graphics cards from NVIDIA that support the CUDA technology, the software demonstrates outstanding operation speed. For example, an average attack speed on NVIDIA GTS250 is 420 million passwords per second for MD5 hashes, 700 million passwords per second for MySQL hashes and 550 million passwords per second for NTLM hashes.

Extreme GPU Bruteforcer Features: 

ºSupports over 300 hashing algorithms.
ºContains over 50 additional utilities for handling hashes, passwords, and dictionaries.
ºUnlimited loadable hashes, dictionaries, rules, and masks.
ºMultithreading.
º64 bits.
ºMaximum optimization for working with large hash lists.
ºMaximum optimization for working with dictionaries.
ºOptimization for newest CPU.
ºHashing modules as stand-alone DLL files.
ºConvenient control over operation using command files.
ºHEX user names and salts.
ºRecovery of Unicode passwords.
ºAnd much more.


The solution implements several unique attacks, including mask and dictionary attacks, which allow recovering even the strongest passwords incredibly fast. Utilizing the power of multiple graphics cards running simultaneously (supports up to 32 GPU), the software allows reaching incredible search speeds of billions of passwords per second!


The number of salted hashes the software can handle simultaneously: 800; the number of unsalted hashes: unlimited

Download HM

Read More

Rainbow Tables Hash Cracker - RainbowCrack

RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from the hash crackers that use brute force algorithm. A brute force hash cracker generate all possible plain-texts and compute the corresponding hashes on the fly, then compare the hashes with the hash to be cracked. Once a match is found, the plain-text is found.

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory trade-off algorithm to crack hashes. It differs from brute force hash crackers.

A brute force hash cracker generate all possible plain-texts and compute the corresponding hashes on the fly, then compare the hashes with the hash to be cracked. Once a match is found, the plain-text is found. If all possible plain-texts are tested and no match is found, the plaintext is not found. With this type of hash cracking, all intermediate computation results are discarded.

A time-memory trade-off hash cracker need a pre-computation stage, at the time all plaintext/hash pairs within the selected hash algorithm, charset, plain-text length are computed and results are stored in files called rainbow table. It is time consuming to do this kind of computation. But once the one time pre-computation is finished, hashes stored in the table can be cracked with much better performance than a brute force cracker.

In this project, we focus on the development of optimized time-memory trade-off implementation. GPU acceleration is another key feature of RainbowCrack software. By offloading most runtime computation to NVIDIA GPU, overall hash cracking performance can be improved further.

Several TB of generated rainbow tables for LM, NTLM, MD5 and SHA1 hash algorithms are listed in this page


Features:

ºFull time-memory tradeoff tool suites, including rainbow table generation, sort, conversion ºand lookup
ºSupport rainbow table of any hash algorithm
ºSupport rainbow table of any charset
ºSupport rainbow table in raw file format (.rt) and compact file format (.rtc)
ºComputation on multi-core processor support
ºComputation on GPU (via NVIDIA CUDA technology) support
ºComputation on multi-GPU (via NVIDIA CUDA technology) support
ºRuns on Windows operating systems
ºWindows XP 32-bit / 64-bit
ºWindows Vista 32-bit / 64-bit
ºWindows 7 32-bit / 64-bit
ºWindows 8 32-bit / 64-bit
ºRuns on Linux operating systems (x86 and x86_64)
ºUnified rainbow table file format on all supported operating systems
ºCommand line user interface
ºGraphics user interface (Windows only)

Download RainbowCrack

Read More

Wordlist Generator - Crunch

Wordlist Generator: Crunch

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.


Features

ºcrunch1crunch generates wordlists in both combination and permutation ways
ºit can breakup output by number of lines or file size
ºnow has resume support
ºpattern now supports number and symbols
ºpattern now supports upper and lower case characters separately
ºadds a status report when generating multiple files
ºnew -l option for literal support of @,%^
ºnew -d option to limit duplicate characters see man file for details
ºnow has unicode support

Download Crunch

Read More

MD5 Online Password Cracking - md5cracker

MD5 Online Password Cracking: md5cracker

md5cracker.sh is a shell script that connects to various online resources to gather hash corresponding to a provided MD5 string


Installation

$ cd /usr/local/bin/
$ sudo wget http://packetstormsecurity.org/Crackers/md5cracker.sh.txt
$ sudo mv md5cracker.sh.txt md5cracker
$ sudo chmod +x md5cracker


Usage

$ md5cracker 8d3533d75ae2c3966d7e0d4fcc69216b


=> Md5 Online Cracker
=> FuRt3X ~> blkhtc0rp@yahoo.com.br


[*] www.md5crack.com: charley
[*] md5.hashcracking:   charley
[*] md5hood.com: charley
[*] md5.gromweb.com:   charley
[*] md5-db.de:  charley
[*] md5.thekaine.de:  OCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">404 Not FoundNot FoundThe requested URL /decode_multi.php was not found on this server.
[*] passcracking.com:  charley
[*] md5-decrypter.com:   charley
[*] www.bigtrapeze.com:  charley

Download md5cracker

Read More

Final Released - Bruter v1.0

Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal  is to support a variety of services that allow remote authentication.


It currently supports following services:

º FTP
º HTTP (Basic)
º HTTP (Form)
º IMAP
º MSSQL
º MySQL
º POP3
º SMB-NT
º SMTP
º SNMP
º SSH2
º Telnet
º VNC

Bruter Recent Changes

º Re-licensed to new-BSD license
º Added proxy support (CONNECT, SOCKS4, SOCKS5)
º Allowed more delimiter in combo file
º Added password length filtered in combo and dictionary mode
º Fixed miscellaneous bugs
º Updated openssl library to 0.9.8n

Download Bruter

Read More

Waldo - Multithreaded Directory and Subdomain Bruteforcer

Waldo is a lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. It can be used to locate hidden web resources and undiscovered subdomains of the specified target.

Key Features

• Quickly and easily generate a list of all subdomains of target domain
• Discover hidden web resources that can be potentially leveraged as part of an attack
• Written in Python and very portable
• Fast, multithreaded design

Setup
Dependencies can be installed by running:

$ pip install -r pip.req

To run the waldo:

$ python waldo.py

Usage To enumerate subdomains at some-fake-site.example, execute the following:

$ python waldo.py -m s -d some-fake-site.example

To enumerate directories at some-fake-site.example, execute the following:

$ python waldo.py -m d -d some-fake-site.example

By default, output will be logged to waldo-output.txt. To specify a custom output file, use the -l flag:

$ python waldo.py -m s -l my-log-file.txt -d some-fake-site.example

Waldo uses 4 threads by default. To specify a custom threadpool size, use the -t flag:

$ python waldo.py -m s -d some-fake-site.example -t 15

Download Waldo

Read More

oclHashcat v2.01 - Worlds Fastest Password Cracker

oclHashcat is the world's fastest and most advanced GPGPU-based password recovery utility, supporting five unique modes of attack for over 170 highly-optimized hashing algorithms. oclHashcat currently supports AMD (OpenCL) and Nvidia (CUDA) graphics processors on GNU/Linux and Windows 7/8/10, and has facilities to help enable distributed password cracking.

Features

• Worlds fastest password cracker
• Worlds first and only GPGPU based rule engine
• Free
• Open-Source
• Multi-GPU (up to 128 gpus)
• Multi-Hash (up to 100 million hashes)
• Multi-OS (Linux & Windows native binaries)
• Multi-Platform (OpenCL & CUDA support)
• Multi-Algo (see below)
• Low resource utilization, you can still watch movies or play games while cracking
• Focuses highly iterated modern hashes
• Focuses dictionary based attacks
• Supports distributed cracking
• Supports pause / resume while cracking
• Supports sessions
• Supports restore
• Supports reading words from file
• Supports reading words from stdin
• Supports hex-salt
• Supports hex-charset
• Built-in benchmarking system
• Integrated thermal watchdog
• ... and much more

Attack-Modes

• Straight ^*
• Combination
• Brute-force
• Hybrid dict + mask
• Hybrid mask + dict

^* accept Rules

Algorithms

• MD4
• MD5
• Half MD5 (left, mid, right)
• SHA1
• SHA-256
• SHA-384
• SHA-512
• SHA-3 (Keccak)
• SipHash
• RipeMD160
• Whirlpool
• GOST R 34.11-94
• GOST R 34.11-2012 (Streebog) 256-bit
• GOST R 34.11-2012 (Streebog) 512-bit
• Double MD5
• Double SHA1
• md5($pass.$salt)
• md5($salt.$pass)
• md5(unicode($pass).$salt)
• md5($salt.unicode($pass))
• md5(sha1($pass))
• md5($salt.md5($pass))
• md5($salt.$pass.$salt)
• md5(strtoupper(md5($pass)))
• sha1($pass.$salt)
• sha1($salt.$pass)
• sha1(unicode($pass).$salt)
• sha1($salt.unicode($pass))
• sha1(md5($pass))
• sha1($salt.$pass.$salt)
• sha256($pass.$salt)
• sha256($salt.$pass)
• sha256(unicode($pass).$salt)
• sha256($salt.unicode($pass))
• sha512($pass.$salt)
• sha512($salt.$pass)
• sha512(unicode($pass).$salt)
• sha512($salt.unicode($pass))
• HMAC-MD5 (key = $pass)
• HMAC-MD5 (key = $salt)
• HMAC-SHA1 (key = $pass)
• HMAC-SHA1 (key = $salt)
• HMAC-SHA256 (key = $pass)
• HMAC-SHA256 (key = $salt)
• HMAC-SHA512 (key = $pass)
• HMAC-SHA512 (key = $salt)
• PBKDF2-HMAC-MD5
• PBKDF2-HMAC-SHA1
• PBKDF2-HMAC-SHA256
• PBKDF2-HMAC-SHA512
• MyBB
• phpBB3
• SMF
• vBulletin
• IPB
• Woltlab Burning Board
• osCommerce
• xt:Commerce
• PrestaShop
• Mediawiki B type
• Wordpress
• Drupal
• Joomla
• PHPS
• Django (SHA-1)
• Django (PBKDF2-SHA256)
• EPiServer
• ColdFusion 10+
• Apache MD5-APR
• MySQL
• PostgreSQL
• MSSQL
• Oracle H: Type (Oracle 7+)
• Oracle S: Type (Oracle 11+)
• Oracle T: Type (Oracle 12+)
• Sybase
• hMailServer
• DNSSEC (NSEC3)
• IKE-PSK
• IPMI2 RAKP
• iSCSI CHAP
• Cram MD5
• MySQL Challenge-Response Authentication (SHA1)
• PostgreSQL Challenge-Response Authentication (MD5)
• SIP Digest Authentication (MD5)
• WPA
• WPA2
• NetNTLMv1
• NetNTLMv1 + ESS
• NetNTLMv2
• Kerberos 5 AS-REQ Pre-Auth etype 23
• Netscape LDAP SHA/SSHA
• LM
• NTLM
• Domain Cached Credentials (DCC), MS Cache
• Domain Cached Credentials 2 (DCC2), MS Cache 2
• MS-AzureSync PBKDF2-HMAC-SHA256
• descrypt
• bsdicrypt
• md5crypt
• sha256crypt
• sha512crypt
• bcrypt
• scrypt
• OSX v10.4
• OSX v10.5
• OSX v10.6
• OSX v10.7
• OSX v10.8
• OSX v10.9
• OSX v10.10
• AIX {smd5}
• AIX {ssha1}
• AIX {ssha256}
• AIX {ssha512}
• Cisco-ASA
• Cisco-PIX
• Cisco-IOS
• Cisco $8$
• Cisco $9$
• Juniper IVE
• Juniper Netscreen/SSG (ScreenOS)
• Android PIN
• GRUB 2
• CRC32
• RACF
• Radmin2
• Redmine
• Citrix Netscaler
• SAP CODVN B (BCODE)
• SAP CODVN F/G (PASSCODE)
• SAP CODVN H (PWDSALTEDHASH) iSSHA-1
• PeopleSoft
• Skype
• 7-Zip
• RAR3-hp
• PDF 1.1 - 1.3 (Acrobat 2 - 4)
• PDF 1.4 - 1.6 (Acrobat 5 - 8)
• PDF 1.7 Level 3 (Acrobat 9)
• PDF 1.7 Level 8 (Acrobat 10 - 11)
• MS Office <= 2003 MD5
• MS Office <= 2003 SHA1
• MS Office 2007
• MS Office 2010
• MS Office 2013
• Lotus Notes/Domino 5
• Lotus Notes/Domino 6
• Lotus Notes/Domino 8
• Bitcoin/Litecoin wallet.dat
• Blockchain, My Wallet
• 1Password, agilekeychain
• 1Password, cloudkeychain
• Lastpass
• Password Safe v2
• Password Safe v3
• eCryptfs
• Android FDE <= 4.3
• TrueCrypt 5.0+

Download oclHashcat v2.01

Read More