Cain and Abel - Best password recovery tool for Windows

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
More information on Cain and Abel @

John the Ripper - A powerful, flexible and fast password hash cracker

John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others.
More information on John the ripper @

THC-Hydra - The Hacker's Choice

Hydra was a software project developed by "The Hacker's Choice" (THC) that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. It was designed as a proof-of-concept utility to demonstrate the ease of cracking poorly chosen passwords. It is licensed under version 2.0 of the GNU General Public License with the additional terms that the software may not be used for illegal purposes, and any commercial service or program that uses Hydra must give credit to THC. Hydra is now mainly used for Teamspeak password recovery.
The list of supported services includes: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP, PostgreSQL, Teamspeak, Cisco auth, Cisco enable, and Cisco AAA.
More information on THC-Hydra @

Aircrack - 802.11 WEP and WPA-PSK keys cracking program

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.
More information on Aircrack @

Airsnort - 802.11g WEP Encryption Cracking Tool

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementaions of this attack.
AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.
More information @

Pwdump6 - Windows password recovery tool

A significantly modified version of pwdump3e, this program is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.
More information on Pwdump6 @

RainbowCrack - A Hash cracker

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.
Some ready to work lanmanager and md5 tables are demonstrated in Rainbow Table section. One interesting table set is the lm configuration #6 tables, with which we can break any windows password up to 14 characters in a few minutes.
More information on Rainbowcrack @

Brutus - a Brute force online password cracker

Brutus is an online based password cracket. It works by trying to break telnet, POP3, FTP, HTTP, RAS or IMAP by simply trying to login as a legitimate users. Brutus imitates a real outside attack (unlike other password cracking applications that simulate an internal attack) and thus serves as a valuable security-auditing tool.Brutus can run in single user mode (trying to break into a single user's account by trying different password combinations) or by trying a list of user/password combinations from a word file. The application scans the host for known services and can be easily customized to break-in any other custom service requiring interactive logon of a username and a password.Using Brutus will teach you a lot about your system, since it simulates a real attack. To make a good use of Brutus's attack simulation an administrator should that note whether the break-in attempts are logged, and whether a timeout is issued after a few failed logins - this can be easily seen by the progress Brutus is making.

Brutus can be downloaded from:

NOTE : This blog is developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. (I) The blog owner will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall (I) the blog owner be liable for such damages or loss of data. Please read the License Agreement in the program carefully before using it.