Top 10 Password Crackers

After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is
delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers
mailing list to share their favorite tools, and 3,243 people responded. This allowed me
to expand the list to 100 tools, and even subdivide them into categories. This is the
category page for password crackers -- the full network security list is available here.
Anyone in the security field would be well advised to go over the list and investigate
tools they are unfamiliar with. I discovered several powerful new tools this way. I also
point newbies to this site whenever they write me saying “I don't know where to start”.

Respondents were allowed to list open source or commercial tools on any platform.
Commercial tools are noted as such in the list below. No votes for the Nmap Security
Scanner were counted because the survey was taken on a Nmap mailing list. This
audience also biases the list slightly toward “attack” hacking tools rather than defensive
ones.

Each tool is described by one ore more attributes:

Did not appear on the 2003 list

Generally costs money. A free limited/demo/trial version may be available.

Works natively on Linux

Works natively on OpenBSD, FreeBSD, Solaris, and/or other UNIX variants

Works natively on Apple Mac OS X

Works natively on Microsoft Windows

Features a command-line interface

Offers a GUI (point and click) interface

Source code available for inspection.

Please send updates and suggestions (or better tool logos) to Fyodor. If your tool is
featured or you think your site visitors might enjoy this list, you are welcome to use our
link banners. Here is the list, starting with the most popular:

#1 Cain and Abel : The top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools
support their platform first, and Windows ports are often an afterthought. They are
usually right, but Cain & Abel is a glaring exception. This Windows-only password
recovery tool handles an enormous variety of tasks. It can recover passwords by
sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force
and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, revealing password boxes, uncovering cached passwords and analyzing
routing protocols. It is also well documented.

Also categorized as: packet sniffers

#2 John the Ripper : A powerful, flexible, and fast multi-platform
password hash cracker
John the Ripper is a fast password cracker, currently available for
many flavors of Unix (11 are officially supported, not counting
different architectures), DOS, Win32, BeOS, and OpenVMS. Its
primary purpose is to detect weak Unix passwords. It supports several
crypt(3) password hash types which are most commonly found on
various Unix flavors, as well as Kerberos AFS and Windows
NT/2000/XP LM hashes. Several other hash types are added with
contributed patches. You will want to start with some wordlists, which you can
find here, here, or here.
#3 THC Hydra : A Fast network authentication cracker which supports
many different services
When you need to brute force crack a remote authentication service,
Hydra is often the tool of choice. It can perform rapid dictionary
attacks against more then 30 protocols, including telnet, ftp, http, https,
smb, several databases, and much more. Like THC Amap this release is from the
fine folks at THC.

#4 Aircrack : The fastest available WEP/WPA cracking tool

Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It
can recover a 40 through 512-bit WEP key once enough encrypted
packets have been gathered. It can also attack WPA 1 or 2 networks
using advanced cryptographic methods or by brute force. The suite includes
airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection
program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts
WEP/WPA capture files).

Also categorized as: wireless tools

#5 L0phtcrack : Windows password auditing and recovery application

L0phtCrack attempts to crack Windows passwords from hashes which it
can obtain (given proper access) from stand-alone Windows
workstations, networked servers, primary domain controllers, or Active
Directory. In some cases it can sniff the hashes off the wire. It also has numerous
methods of generating password guesses (dictionary, brute force, etc). LC5 was
discontinued by Symantec in 2006, then re-acquired by the original L0pht guys and
reborn as LC6 in 2009. For free alternatives, consider Ophcrack, Cain and Abel, or
John the Ripper.
#6 Airsnort : 802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool that recovers encryption
keys. It was developed by the Shmoo Group and operates by passively
monitoring transmissions, computing the encryption key when enough packets
have been gathered. You may also be interested in the similar Aircrack.

Also categorized as: wireless tools

#7 SolarWinds : A plethora of network discovery/monitoring/attack tools
SolarWinds has created and sells dozens of special-purpose tools
targeted at systems administrators. Security-related tools include many
network discovery scanners, an SNMP brute-force cracker, router password
decryption, a TCP connection reset program, one of the fastest and easiest router
config download/upload applications available and more.

Also categorized as: traffic monitoring tools

#8 Pwdump : A window password recovery tool
Pwdump is able to extract NTLM and LanMan hashes from a Windows target,
regardless of whether Syskey is enabled. It is also capable of displaying password
histories if they are available. It outputs the data in L0phtcrack-compatible form,
and can write to an output file.

#9 RainbowCrack : An Innovative Password Hash Cracker

The RainbowCrack tool is a hash cracker that makes use of a large-scale time-
memory trade-off. A traditional brute force cracker tries all possible plaintexts one
by one, which can be time consuming for complex passwords. RainbowCrack uses
a time-memory trade-off to do all the cracking-time computation in advance and
store the results in so-called "rainbow tables". It does take a long time to
precompute the tables but RainbowCrack can be hundreds of times faster than a
brute force cracker once the precomputation is finished.

#10 Brutus : A network brute-force authentication cracker

This Windows-only cracker bangs against network services of remote systems
trying to guess passwords by using a dictionary and permutations thereof. It
supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source
code is available. UNIX users should take a look at THC Hydra.