Password sniffing tools

Usage

Password sniffing tools are typically used for password discovery and password sniffing.

Users for these tools include pentesters, security professionals.

Tools

Bucket Stream (AWS S3 bucket discovery using CT logs)

discovery of sensitive information, information leak detection, penetration testing, reconnaissance

Bucket Stream can be used to discover AWS S3 buckets. This tool may be helpful during reconnaissance and security assessments. As it does not include active scanning on the target itself, it is a passive way of finding information. This is a huge benefit, as you don't have to guess or brute-force the names.

LaZagne (password retrieval and recovery tool)

data extraction, information gathering, password discovery, password recovery

The LaZagne tool can be a good addition to the toolkit of pentesters or forensic specialists to recover sensitive details from systems. For a pentester, this typically means that limited access has been gained. By trying to find passwords from local applications, the step to other applications or privilege level might be possible. For example, a password that is shared among multiple services, or even finding an administrator password.

sshLooter (PAM backdoor for SSH)

information snooping, password discovery, password sniffing

The most likely use for tools like this is backdoor a system after root permissions were gained. By planting it into the PAM stack, it allows for password sniffing.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.