Awesome Password Cracking

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password.This is a curated list of awesome tools, research, papers and other projects related to password cracking and password security by @n0kovo@infosec.exchange.Read CONTRIBUTING.md before contributing! In short:

List is alphabetically sorted

If in doubt, use awesome-lint

If you think an item shouldn't be here open an issue

Contents

Generation/Manipulation

Wordlists

Laguage specific

Other

Specific file formats

PDF

JKS

ZIP

Artificial Intelligence

Research

Articles and Blog Posts

Papers

Talks

Books

Hash Crack: Password Cracking Manual (v3) - Password Cracking Manual v3 is an expanded reference guide for password recovery (cracking) methods, tools, and analysis techniques.

Cloud

Cloud_crack - Crack passwords using Terraform and AWS.

Cloudcat - A script to automate the creation of cloud infrastructure for hash cracking.

Cloudstomp - Automated deployment of instances on EC2 via plugin for high CPU/GPU applications at the lowest price.

Cloudtopolis - A tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended (and also, free!).

NPK - NPK is a distributed hash-cracking platform built entirely of serverless components in AWS including Cognito, DynamoDB, and S3.

Penglab - Abuse of Google Colab for cracking hashes.

Rook - Automates the creation of AWS p3 instances for use in GPU-based password cracking.

Conversion

7z2hashcat - Extract information from password-protected .7z archives (and .sfx files) such that you can crack these "hashes" with hashcat.

MacinHash - Convert macOS plist password file to hash file for password crackers.

NetNTLM-Hashcat - Converts John The Ripper/Cain format hashes (singular, or in bulk) to HashCat compatible hash format.

Rubeus-to-Hashcat - Converts / formats Rubeus kerberoasting output into hashcat readable format.

WINHELLO2hashcat - With this tool one can extract the "hash" from a WINDOWS HELLO PIN. This hash can be cracked with Hashcat.

bitwarden2hashcat - A tool that converts Bitwarden's data into a hashcat-suitable hash.

hc_to_7z - Convert 7-Zip hashcat hashes back to 7z archives.

hcxtools - Portable solution for conversion of cap/pcap/pcapng (gz compressed) WiFi dump files to hashcat formats.

itunes_backup2hashcat - Extract the information needed from the Manifest.plist files to convert it to hashes compatible with hashcat.

mongodb2hashcat - Extract hashes from the MongoDB database server to a hash format that hashcat accepts: -m 24100 (SCRAM-SHA-1) or -m 24200 (SCRAM-SHA-256).

HashcatHashcat is the "World's fastest and most advanced password recovery utility." The following are projects directly related to Hashcat in one way or another.

Awesome Password Cracking

This is a curated list of awesome tools, research, papers and other projects related to password cracking and password security by @[email protected].

Read CONTRIBUTING.md before contributing! In short:

List is alphabetically sorted
If in doubt, use awesome-lint
If you think an item shouldn't be here open an issue

Books
Cloud
Conversion
Hashcat
Automation
Distributed cracking
Rules
Rule tools
Web interfaces
John the Ripper
Misc
Notable People
Websites
Communities
Lookup services
Wordlist tools
Analysis
Generation/Manipulation
Wordlists
Laguage specific
Other
Specific file formats
PDF
JKS
ZIP
Artificial Intelligence
Research
Articles and Blog Posts
Papers
Talks

Books

Hash Crack: Password Cracking Manual (v3) - Password Cracking Manual v3 is an expanded reference guide for password recovery (cracking) methods, tools, and analysis techniques.

Cloud

Cloud_crack - Crack passwords using Terraform and AWS.
Cloudcat - A script to automate the creation of cloud infrastructure for hash cracking.
Cloudstomp - Automated deployment of instances on EC2 via plugin for high CPU/GPU applications at the lowest price.
Cloudtopolis - A tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended (and also, free!).
NPK - NPK is a distributed hash-cracking platform built entirely of serverless components in AWS including Cognito, DynamoDB, and S3.
Penglab - Abuse of Google Colab for cracking hashes.
Rook - Automates the creation of AWS p3 instances for use in GPU-based password cracking.

Conversion

7z2hashcat - Extract information from password-protected .7z archives (and .sfx files) such that you can crack these "hashes" with hashcat.
MacinHash - Convert macOS plist password file to hash file for password crackers.
NetNTLM-Hashcat - Converts John The Ripper/Cain format hashes (singular, or in bulk) to HashCat compatible hash format.
Rubeus-to-Hashcat - Converts / formats Rubeus kerberoasting output into hashcat readable format.
WINHELLO2hashcat - With this tool one can extract the "hash" from a WINDOWS HELLO PIN. This hash can be cracked with Hashcat.
bitwarden2hashcat - A tool that converts Bitwarden's data into a hashcat-suitable hash.
hc_to_7z - Convert 7-Zip hashcat hashes back to 7z archives.
hcxtools - Portable solution for conversion of cap/pcap/pcapng (gz compressed) WiFi dump files to hashcat formats.
itunes_backup2hashcat - Extract the information needed from the Manifest.plist files to convert it to hashes compatible with hashcat.
mongodb2hashcat - Extract hashes from the MongoDB database server to a hash format that hashcat accepts: -m 24100 (SCRAM-SHA-1) or -m 24200 (SCRAM-SHA-256).

Hashcat

Hashcat is the "World's fastest and most advanced password recovery utility." The following are projects directly related to Hashcat in one way or another.