cewl -h
Kali Linux is a powerful operating system that includes a wide range of password cracking tools, making it essential for security professionals and penetration testers. In this article, I will provide a list of the best password attack tools available in Kali Linux 2021. These tools are open source and can be directly accessed in Kali by default.
One of the tools is CeWL, which is a Ruby application used for crawling specified URLs to a specified depth. It can also follow external links and generate a word list that can be used with tools like John the Ripper for password cracking. CeWL is primarily used for web scraping to create password dictionaries.
Another tool is Crunch, which is a dictionary generation tool that quickly generates all possible password combinations. It supports combinations of numbers, symbols, uppercase and lowercase letters. Crunch can also break down results based on file size and support when encountering difficulties. For example, it can generate a password dictionary with four-digit combinations of numbers.
Hashcat is one of the most popular, fastest, and professional password recovery tools. It supports five unique attack modes and is compatible with over 300 highly optimized hash algorithms. Hashcat can utilize CPU, GPU, and other hardware accelerators, and it supports various options to customize multiple parameters during password recovery.
John is a reliable and fast password cracking tool that includes multiple cracking modes and can be highly customized and configured according to your requirements. It supports various hash types by default, including traditional DES, bigcrypt, FreeBSD MD5, Blowfish, BSDI extended DES, Kerberos, and MS Windows LM hash. It also supports other DES-based crypt codes, but they require configuration. Additionally, John can handle SHA hashes, Sun MD5 hashes, OpenSSH private keys, PDF files, ZIP, RAR archives, and more.
Medusa is a brute-force login tool with a fast, reliable, and modular design. It supports parallel testing based on multithreading and offers flexible user input. Medusa supports various protocols such as SMB, HTTP, POP3, MSSQL, and SSH version 2.
Wordlists is a password attack tool that includes a wordlist and symbolic links to several password files in the Kali Linux distribution. It provides a collection of commonly used passwords and wordlists.
Hydra is a centralized parallel login cracker that supports multiple attack protocols. It is flexible, fast, reliable, and can be customized by adding new modules. Hydra can gain unauthorized access to systems remotely, making it valuable for security professionals. It supports various protocols such as Cisco AAA, Cisco authorization, FTP, HTTPS GET/POST/PROXY, IMAP, MySQL, MSSQL, Oracle, PostgreSQL, SIP, POP3, SMTP, SSH key, and SSH.
Ncrack is a fast network authentication cracking tool that helps organizations protect their networks from password attacks. It searches for weak passwords by testing hosts and network devices. Ncrack works similar to the NMAP tool and has a dynamic engine to handle network feedback. It provides fast and reliable auditing services for multiple hosts and supports protocols like SSH, FTP, HTTPS, Telnet, IMAP, SIP, SMB, PostgreSQL, MS-SQL, MySQL, MongoDB, and more.
Mimikatz is a C language tool designed for Windows security. It extracts passwords, PINs, hashes, and Kerberos tickets from the host’s memory and saves them in plain text files. Mimikatz performs three services: pass-the-ticket, pass-the-hash, and building golden tickets.