量子哈希cewl -h
Kali Linux is a powerful operating system that includes a variety of top password cracking tools. These tools are essential for security professionals and penetration testers. In this article, we will explore the best password attack tools available in Kali Linux 2021. All of these tools are open-source and can be directly accessed in Kali Linux.
CeWL is a Ruby application used for web crawling and generating wordlists. It can crawl a specified URL to a specified depth and generate a wordlist that can be used with tools like John the Ripper for password cracking. CeWL is commonly used to extract keywords from websites and create password dictionaries.
Crunch is a dictionary generation tool that quickly generates all possible password combinations. It supports combinations of numbers, symbols, uppercase and lowercase letters. Crunch can also break down results based on file size and support. It is a versatile tool for creating custom password dictionaries.
Hashcat is one of the most popular, fastest, and professional password recovery tools. It supports five unique attack modes and over 300 highly optimized hash algorithms. Hashcat can utilize CPU, GPU, and other hardware accelerators, making it suitable for distributed password cracking. It offers various options to support multiple parameters during the password recovery process.
John is a fast and reliable password cracking tool that includes multiple cracking modes. It supports various hash types by default, including DES, bigcrypt, FreeBSD MD5, Blowfish, BSDI extended DES, Kerberos, and MS Windows LM hash. John also supports other DES-based crypt formats but requires configuration. It can handle SHA hashes, Sun MD5 hashes, OpenSSH private keys, PDF files, ZIP, RAR archives, and more.
Medusa is a brute-force login tool designed for speed, reliability, and modularity. It supports parallel testing based on multithreading and offers flexible user input. Medusa supports various protocols such as SMB, HTTP, POP3, MSSQL, and SSH version 2.
Wordlists is a password attack tool that includes a wordlist and symbolic links to several password files in the Kali Linux distribution.
Hydra is a centralized parallel login cracker that supports multiple attack protocols. It is highly flexible, fast, reliable, and customizable with the ability to add new modules. Hydra can gain unauthorized access to systems remotely, making it essential for security professionals. It supports various protocols such as Cisco AAA, Cisco authorization, FTP, HTTPS GET/POST/PROXY, IMAP, MySQL, MSSQL, Oracle, PostgreSQL, SIP, POP3, SMTP, SSHkey, and SSH.
Ncrack is a fast network authentication cracking tool that helps organizations protect their networks from password attacks. It searches for weak passwords by testing hosts and network devices. Ncrack works similar to the NMAP tool and has a dynamic engine to handle network feedback. It provides fast and reliable auditing services for multiple hosts and supports protocols like SSH, FTP, HTTPS, TELNET, IMAP, SIP, SMB, PostgreSQL, MS-SQL, MySQL, MongoDB, and more.
Mimikatz is a C language tool designed for Windows security. It extracts passwords, PINs, hashes, and Kerberos tickets from the host’s memory and saves them in plain text files. Mimikatz performs three services: pass-the-ticket, pass-the-hash, and building golden tickets.
Rsmangler is a tool that takes a wordlist and performs various operations on it, similar to the John tool. It takes input words and generates all possible transformations and acronyms for those words, which can then be applied to other mangles.
In conclusion, Kali Linux provides a wide range of powerful password cracking tools. The ones mentioned in this article are just a few examples of the most commonly used tools. By utilizing these tools effectively, security professionals and penetration testers can enhance their capabilities in assessing and strengthening the security of systems and networks.
