In cryptanalysis and computer security, password cracking is the process of recovering passwords

All 36 Kali Linux tools for Password Attacks

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

All 36 Kali Linux tools for Password Attacks



1. Acccheck

acccheck Package Description

All 36 Kali Linux tools for Password Attacks. The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution.

acccheck Homepage | Kali acccheck Repo

  • Author: Faisal Dean
  • License: GPLv2

Tools included in the acccheck package

acccheck – Password dictionary attack tool for SMB
root@kali:~# acccheck

acccheck v0.2.1 – By Faiz

Attempts to connect to the IPC$ and ADMIN$ shares depending on which flags have been
chosen, and tries a combination of usernames and passwords in the hope to identify
the password to a given account via a dictionary password guessing attack.

Usage = ./acccheck [optional]

-t [single host IP address]
-T [file containing target ip address(es)]

-p [single password]
-P [file containing passwords]
-u [single user]
-U [file containing usernames]
-v [verbose mode]

Attempt the ‘Administrator’ account with a [BLANK] password.
acccheck -t
Attempt all passwords in ‘password.txt’ against the ‘Administrator’ account.
acccheck -t -P password.txt
Attempt all password in ‘password.txt’ against all users in ‘users.txt’.
acccehck -t -U users.txt -P password.txt
Attempt a single password against a single user.
acccheck -t -u administrator -p password

2. Burp Suite

Burp Suite Package Description

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite Homepage | Kali Burp Suite Repo

  • Author: PortSwigger
  • License: Commercial

Tools included in the burpsuite package

burpsuite – Platform for security testing of web applications

Tool for security testing of web applications.

burpsuite Usage Example

root@kali:~# burpsuite


3. CeWL

CeWL Package Description

CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. All 36 Kali Linux tools for Password Attacks.

CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

CeWL Homepage | Kali CeWL Repo

  • Author: Robin Wood
  • License: Creative Commons Attribution-Share Alike 2.0

tools included in the cewl package

cewl – Custom wordlist generator
root@kali:~# cewl –help
CeWL 5.0 Robin Wood ( (

Usage: cewl [OPTION] … URL
–help, -h: show help
–keep, -k: keep the downloaded file
–depth x, -d x: depth to spider to, default 2
–min_word_length, -m: minimum word length, default 3
–offsite, -o: let the spider visit other sites
–write, -w file: write the output to the file
–ua, -u user-agent: useragent to send
–no-words, -n: don’t output the wordlist
–meta, -a include meta data
–meta_file file: output file for meta data
–email, -e include email addresses
–email_file file: output file for email addresses
–meta-temp-dir directory: the temporary directory used by exiftool when parsing files, default /tmp
–count, -c: show the count for each word found

–auth_type: digest or basic
–auth_user: authentication username
–auth_pass: authentication password

Proxy Support
–proxy_host: proxy host
–proxy_port: proxy port, default 8080
–proxy_username: username for proxy, if required
–proxy_password: password for proxy, if required

–verbose, -v: verbose

URL: The site to spider.

fab – Files Already Bagged

root@kali:~# fab –help

Usage: xx [OPTION] … filename/list
-h, –help: show help
-v: verbose

filename/list: the file or list of files to check

cewl Usage Example

Scan to a depth of 2 (-d 2) and use a minimum word length of 5 (-m 5), save the words to a file (-w docswords.txt), targeting the given URL (

4. chntpw

chntpw Package Description

This little program provides a way to view information and change user passwords in a Windows NT/2000 user database file. Old passwords need not be known since they are overwritten. In addition it also contains a simple registry editor (same size data writes) and an hex-editor which enables you to fiddle around with bits and bytes in the file as you wish. All 36 Kali Linux tools for Password Attacks.

If you want GNU/Linux bootdisks for offline password recovery you can add this utility to custom image disks or use those provided at the tools homepage.

chntpw Homepage | Kali chntpw Repo

  • Author: Petter Nordahl-Hagen
  • License: GPLv2

Tools included in the chntpw package

chntpw – NT SAM password recovery utility
root@kali:~# chntpw -h
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
chntpw: change password of a user in a NT/2k/XP/2k3/Vista SAM file, or invoke registry editor.
chntpw [OPTIONS] <samfile> [systemfile] [securityfile] [otherreghive] […]
-h          This message
-u <user>   Username to change, Administrator is default
-l          list all users in SAM file
-i          Interactive. List users (as -l) then ask for username to change
-e          Registry editor. Now with full write support!
-d          Enter buffer debugger instead (hex editor),
-t          Trace. Show hexdump of structs/segments. (deprecated debug function)
-v          Be a little more verbose (for debuging)
-L          Write names of changed files to /tmp/changed
-N          No allocation mode. Only (old style) same length overwrites possible
See readme file on how to get to the registry files, and what they are.
Source/binary freely distributable under GPL v2 license. See README for details.
NOTE: This program is somewhat hackish! You are on your own!

chntpw Usage Example

root@kali:~# coming soon

5. cisco-auditing-tool

cisco-auditing-tool Package Description

Perl script which scans cisco routers for common vulnerabilities. All 36 Kali Linux tools for Password Attacks.

cisco-auditing-tool Homepage | Kali cisco-auditing-tool Repo

  • Author: g0ne
  • License: GPLv2

Tools included in the cisco-auditing-tool package

CAT – Scans cisco routers for common vulnerabilities
root@kali:~# CAT

Cisco Auditing Tool – g0ne [null0]
-h hostname (for scanning single hosts)
-f hostfile (for scanning multiple hosts)
-p port #   (default port is 23)
-w wordlist (wordlist for community name guessing)
-a passlist (wordlist for password guessing)
-i [ioshist]    (Check for IOS History bug)
-l logfile  (file to log to, default screen)
-q quiet mode   (no screen output)

cisco-auditing-tool Usage Example

Scan the host (-h on port 23 (-p 23), using a password dictionary file (-a /usr/share/wordlists/nmap.lst):

root@kali:~# CAT -h -p 23 -a /usr/share/wordlists/nmap.lst

Cisco Auditing Tool – g0ne [null0]

Checking Host:

Guessing passwords:

Invalid Password: 123456
Invalid Password: 12345

6. CmosPwd

CmosPwd Package Description

CmosPwd is a cross-platform tool to decrypt password stored in CMOS used to access a computer’s BIOS setup.

This application should work out of the box on most modern systems, but some more esoteric BIOSes may not be supported or may require additional steps.

CmosPwd Homepage | Kali CmosPwd Repo

  • Author: Christophe GRENIER
  • License: GPLv2

tools included in the cmospwd package

root@kali:~# cmospwd -h
CmosPwd – BIOS Cracker 5.0, October 2007, Copyright 1996-2007
GRENIER Christophe,

Usage: cmospwd [/k[de|fr]] [/d]
cmospwd [/k[de|fr]] [/d] /[wlr] cmos_backup_file           write/load/restore
cmospwd /k                                          kill cmos
cmospwd [/k[de|fr]] /m[01]*  execute selected module

ALSO READ  Kali Linux WordPress Admin Phishing Pages

/kfr french AZERTY keyboard, /kde german QWERTZ keyboard
/d to dump cmos
/m0010011 to execute module 3,6 and 7

NB: For Award BIOS, passwords are differents than original, but work. All 36 Kali Linux tools for Password Attacks.

7. creddump

creddump Package Description

creddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts:

  • LM and NT hashes (SYSKEY protected)
  • Cached domain passwords
  • LSA secrets

It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way.

It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only available on Windows).


creddump Homepage | Kali creddump Repo

  • Author: Brendan Dolan-Gavitt
  • License: GPLv3

Tools included in the creddump package

cachedump – Dump cached credentials
root@kali:~# cachedump
usage: /usr/bin/cachedump <system hive> <security hive>

lsadump – Dump LSA secrets

root@kali:~# lsadump
usage: /usr/bin/lsadump <system hive> <security hive>

pwdump – Dump password hashes

root@kali:~# pwdump
usage: /usr/bin/pwdump <system hive> <SAM hive>

pwdump Usage Example

Dump the password hashes using the system (system) and sam (sam) hives:

root@kali:~# pwdump system sam

lsadump Usage Example

Dump the LSA secrets using the system (system) and security (security) hives:

root@kali:~# lsadump system security






0000   01 05 00 00 00 00 00 05 15 00 00 00 B6 44 E4 23    ………….D.#
0010   F4 50 BA 74 07 E5 3B 2B E8 03 00 00                .P.t..;+….

0000   00 38 00 48 00 6F 00 31 00 49 45 00 4A 00 26 00    E.J.&.8.H.o.1.I.
0010   00 63 00 72 00 48 00 68 00 53 6B 00 00 00          h.S.c.r.H.k…







8. Crunch

crunch Package Description

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.


  • crunch generates wordlists in both combination and permutation ways
  • it can breakup output by number of lines or file size
  • now has resume support
  • pattern now supports number and symbols
  • pattern now supports upper and lower case characters separately
  • adds a status report when generating multiple files
  • new -l option for literal support of @,%^
  • new -d option to limit duplicate characters see man file for details
  • now has unicode support

crunch Homepage | Kali crunch Repo

  • Author: bofh28
  • License: GPLv2

Tools included in the crunch package

crunch – Create a wordlist based on criteria you specify


9. DBPwAudit


DBPwAudit Package Description

DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

The tool has been tested and known to work with:

  • Microsoft SQL Server 2000/2005
  • Oracle 8/9/10/11
  • IBM DB2 Universal Database
  • MySQL

The tool is pre-configured for these drivers but does not ship with them, due to licensing issues.

DBPwAudit Homepage | Kali DBPwAudit Repo

  • Author: Patrik Karlsson
  • License: GPLv2

Tools included in the dbpwaudit package


10. findmyhash

findmyhash Package Description

Accepted algorithms are:

  • MD4 – RFC 1320
  • MD5 – RFC 1321
  • SHA1 – RFC 3174 (FIPS 180-3)
  • SHA224 – RFC 3874 (FIPS 180-3)
  • SHA256 – FIPS 180-3
  • SHA384 – FIPS 180-3
  • SHA512 – FIPS 180-3
  • RMD160 – RFC 2857
  • GOST – RFC 583
  • WHIRLPOOL – ISO/IEC 10118-3:2004
  • LM – Microsoft Windows hash NTLM – Microsoft Windows hash
  • MYSQL – MySQL 3, 4, 5 hash
  • CISCO7 – Cisco IOS type 7 encrypted passwords
  • JUNIPER – Juniper Networks $9$ encrypted passwords
  • LDAP_MD5 – MD5 Base64 encoded
  • LDAP_SHA1 – SHA1 Base64 encoded
ALSO READ  Kali Linux - Maintaining Access Tutorials

findmyhash Homepage | Kali findmyhash Repo

  • Author: JulGor
  • License: GPLv3

Tools included in the findmyhash package


11. gpp-decrypt

gpp-decrypt Package Description

A simple ruby script that will decrypt a given GPP encrypted string.

gpp-decrypt Homepage | Kali gpp-decrypt Repo

  • Author: Chris Gates
  • License: GPLv2

Tools included in the gpp-decrypt package

gpp-decrypt – Group Policy Preferences decrypter
root@kali:~# gpp-decrypt
Usage: gpp-decrypt: encrypted_data

gpp-decrypt Usage Example

Decrypt the given Group Policy Preferences string (j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw):

root@kali:~# gpp-decrypt j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw

12. hash-identifier

hash-identifier Package Description

Software to identify the different types of hashes used to encrypt data and especially passwords.

hash-identifier Homepage | Kali hash-identifier Repo

  • Author: Zion3R
  • License: GPLv3

Tools included in the hash-identifier package

hash-identifier – Identify different types of hashes

Identify the different types of hashes.

hash-identifier Usage Example

root@kali:~# hash-identifier
#     __  __             __       ______    _____       #
#    /\ \/\ \           /\ \     /\__  _\  /\  _ `\     #
#    \ \ \_\ \     __      ____ \ \ \___ \/_/\ \/  \ \ \/\ \    #
#     \ \  _  \  /’__`\   / ,__\ \ \  _ `\      \ \ \   \ \ \ \ \       #
#      \ \ \ \ \/\ \_\ \_/\__, `\ \ \ \ \ \      \_\ \__ \ \ \_\ \      #
#       \ \_\ \_\ \___ \_\/\____/  \ \_\ \_\     /\_____\ \ \____/      #
#        \/_/\/_/\/__/\/_/\/___/    \/_/\/_/     \/_____/  \/___/  v1.1 #
#                                 By Zion3R #
#                   #
#                      #

HASH: 098f6bcd4621d373cade4e832627b4f6

Possible Hashs:
[+]  MD5
[+]  Domain Cached Credentials – MD4(MD4(($pass)).(strtolower($username)))

Least Possible Hashs:
[+]  RAdmin v2.x
[+]  NTLM
[+]  MD4
[+]  MD2
[+]  MD5(HMAC)
[+]  MD4(HMAC)
[+]  MD2(HMAC)
[+]  MD5(HMAC(WordPress))
[+]  Haval-128
[+]  Haval-128(HMAC)
[+]  RipeMD-128
[+]  RipeMD-128(HMAC)
[+]  SNEFRU-128
[+]  SNEFRU-128(HMAC)
[+]  Tiger-128
[+]  Tiger-128(HMAC)
[+]  md5($pass.$salt)
[+]  md5($salt.$pass)
[+]  md5($salt.$pass.$salt)
[+]  md5($salt.$pass.$username)
[+]  md5($salt.md5($pass))
[+]  md5($salt.md5($pass))
[+]  md5($salt.md5($pass.$salt))
[+]  md5($salt.md5($pass.$salt))
[+]  md5($salt.md5($salt.$pass))
[+]  md5($salt.md5(md5($pass).$salt))
[+]  md5($username.0.$pass)
[+]  md5($username.LF.$pass)
[+]  md5($username.md5($pass).$salt)
[+]  md5(md5($pass))
[+]  md5(md5($pass).$salt)
[+]  md5(md5($pass).md5($salt))
[+]  md5(md5($salt).$pass)
[+]  md5(md5($salt).md5($pass))
[+]  md5(md5($username.$pass).$salt)
[+]  md5(md5(md5($pass)))
[+]  md5(md5(md5(md5($pass))))
[+]  md5(md5(md5(md5(md5($pass)))))
[+]  md5(sha1($pass))
[+]  md5(sha1(md5($pass)))
[+]  md5(sha1(md5(sha1($pass))))
[+]  md5(strtoupper(md5($pass)))


13. HexorBase


HexorBase Package Description

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ). HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

HexorBase Homepage | Kali HexorBase Repo

  • Author: Saviour Emmanuel Ekiko
  • License: GPLv3

Tools included in the hexorbase package

hexorbase – Multiple database management and audit application

A database application designed for administering and auditing multiple database servers simultaneously from a centralized location.

HexorBase Usage Example(s)

root@kali:~# hexorbase


14. THC-Hydra

15. John the Ripper

16. Johnny

17. keimpx

18. Maltego Teeth

19. Maskprocessor

20. multiforcer

21. Ncrack

22. oclgausscrack

23. PACK

24. patator

25. phrasendrescher

26. polenum

27. RainbowCrack

28. rcracki-mt

29. RSMangler



32. THC-pptp-bruter

33. TrueCrack

34. WebScarab

35. wordlists

36. zaproxy

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon