Password security tools

Tools

acccheck (SMB password guessing and dictionary attack tool)

password discovery, password strength testing

The acccheck tool performs a password guessing and dictionary attack on SMB services used to share files and printers.

Crowbar (brute forcing tool)

penetration testing

While most brute forcing tools take a similar approach, Crowbar can use different methods that are not always available in other utilities. For example, Crowbar can use SSH keys, instead of the typical username and password combination. This might be useful during penetration testing when these type of details are discovered.

eapmd5pass (offline EAP-MD5 dictionary attack tool)

network analysis, password discovery, penetration testing

A tool like this would be most likely used to show the weakness of old authentication protocols, including penetration testing.

mimipenguin (password extractor)

information gathering, security assessment

The mimipenguin tools extracts and dumps discovered login passwords for an active Linux user. It is inspired by the mimikatz tool for Windows.

not24get (password quality checker)

password strength testing

not24get helps with password quality checking in OpenLDAP and is to be used together with ppolicy. It provides both an API for ppolicy and executable.

PassGen (password dictionary attack tool)

password discovery, password strength testing, security assessment

PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.