cewl -h
Kali Linux is a powerful operating system that includes a wide range of password cracking tools, making it essential for security professionals and penetration testers. In this article, I will provide a list of the best password attack tools available in Kali Linux 2021. These tools are open-source and can be directly accessed in Kali by default.
One of the tools is CeWL, which is a Ruby application used for crawling specified URLs to a specified depth. It can also follow external links and generate a wordlist that can be used with tools like John the Ripper for password cracking. CeWL is primarily used for web scraping to create password dictionaries.
Crunch is another tool in Kali Linux that is used for generating password dictionaries. It quickly generates all possible password combinations based on specified criteria such as length and character sets. It supports combinations of numbers, symbols, uppercase and lowercase letters.
Hashcat is one of the most popular and fastest password recovery tools available. It supports five unique attack modes and is compatible with over 300 highly optimized hash algorithms. Hashcat can utilize CPU, GPU, and other hardware accelerators, making it suitable for distributed password cracking. It offers various options to customize and fine-tune parameters during the password recovery process.
John the Ripper is a reliable and versatile password cracking tool that supports multiple cracking modes. It can handle various hash types, including traditional DES, MD5, Blowfish, and Windows LM hashes. It also supports other DES-based hash types, SHA hashes, and encryption formats like OpenSSH private keys, PDF files, ZIP, and RAR archives.
Medusa is a brute-force login tool designed for speed, reliability, and modularity. It supports parallel testing with multiple threads and offers flexibility in terms of user input and modular design. Medusa can crack passwords for various protocols such as SMB, HTTP, POP3, MSSQL, and SSH.
Wordlists is a password attack tool that includes a collection of wordlists and symbolic links to password files in the Kali Linux distribution.
Hydra is a centralized parallel login cracker that supports multiple attack protocols. It is highly flexible, fast, and reliable, with the ability to customize and add new modules. Hydra can be used for unauthorized access to systems and supports protocols like FTP, HTTP, IMAP, MySQL, Oracle, SIP, POP3, and SSH.
Ncrack is a fast network authentication cracking tool that helps organizations protect their networks from password attacks. It searches for weak passwords by testing hosts and network devices. Ncrack works similarly to the NMAP tool and has a dynamic engine to handle network feedback. It provides fast and reliable auditing services for multiple hosts and supports protocols like SSH, FTP, HTTPS, TELNET, IMAP, SIP, SMB, PostgreSQL, MS-SQL, MySQL, and MongoDB.
Mimikatz is a C language tool designed for Windows security. It extracts passwords, PINs, hashes, and Kerberos tickets from the host’s memory and saves them in plain text files. Mimikatz performs three services: pass-the-ticket, pass-the-hash, and building golden tickets.
In conclusion, Kali Linux offers a comprehensive suite of password cracking tools that are essential for security professionals and penetration testers. These tools provide various methods and techniques to test the strength of passwords and enhance overall security.