acccheck alternatives

Looking for an alternative tool to replace acccheck? During the review of acccheck we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. eapmd5pass (offline EAP-MD5 dictionary attack tool)
  2. Patator (multi-purpose brute-force tool)
  3. hashcat (password recovery tool)

These tools are ranked as the best alternatives to acccheck.

Alternatives (by score)

60

eapmd5pass

Introduction

A tool like this would be most likely used to show the weakness of old authentication protocols, including penetration testing.

Project details

eapmd5pass is written in C.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Network analysis
    • Password discovery
    • Penetration testing

    eapmd5pass review

    84

    Patator

    Introduction

    Patator is based on similar tools like Hydra, yet with the goal to avoid the common flaws these tools have like performance limitations. The tool is modular and supports different types of brute-force attacks or enumeration of information.

    Project details

    Patator is written in Python.

    Strengths and weaknesses

    • + More than 500 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Password discovery
      • Penetration testing
      • Reconnaissance
      • Vulnerability scanning

      Patator review

      100

      hashcat

      Introduction

      Hashcat can be used to discover lost passwords, or as part of a security assignment. For example, it could be trying to crack a password from a password file that was obtained during a penetration test.

      Project details

      hashcat is written in C.

      Strengths and weaknesses

      • + More than 25 contributors
      • + More than 4000 GitHub stars
      • + The source code of this software is available
      • + Well-known tool

        Typical usage

        • Password discovery

        hashcat review

        78

        THC Hydra (thc-hydra)

        Introduction

        THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

        Project details

        THC Hydra is written in C.

        Strengths and weaknesses

        • + More than 25 contributors
        • + More than 1000 GitHub stars
        • + Project is mature (10+ years)
        • + The source code of this software is available

          Typical usage

          • Penetration testing
          • Security assessment

          THC Hydra review

          60

          PassGen

          Introduction

          PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.

          Project details

          PassGen is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Password discovery
            • Password strength testing
            • Security assessment

            PassGen review

            85

            Crowbar

            Introduction

            While most brute forcing tools take a similar approach, Crowbar can use different methods that are not always available in other utilities. For example, Crowbar can use SSH keys, instead of the typical username and password combination. This might be useful during penetration testing when these type of details are discovered.

            Project details

            Crowbar is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Penetration testing

              Crowbar review

              64

              mimipenguin

              Introduction

              The tool requires root permissions to work.

              Project details

              mimipenguin is written in Python, shell script.

              Strengths and weaknesses

              • + The source code of this software is available
              • - No releases on GitHub available
              • - Full name of author is unknown

              Typical usage

              • Information gathering
              • Security assessment

              mimipenguin review

              60

              not24get

              Introduction

              API: pwdCheckModule object in ppolicy.
              Executable: "check password script" in Samba suite (not24get_check)

              This module is a wrapper around libpasswdqc, the library that powers the pam_passwdqc module.

              Project details

              not24get is written in C.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Password strength testing

                not24get review

                64

                RouterSploit

                Introduction

                RouterSploit is a framework to exploit embedded devices such as cameras and routers. It can be used during penetration testing to test the security of a wide variety of devices. RouterSploit comes with several modules to scan and exploit the devices. The tool helps in all steps, like from credential testing to deploying a payload to perform an exploitation attempt.

                Project details

                RouterSploit is written in Python.

                Strengths and weaknesses

                • + More than 50 contributors
                • + More than 6000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Penetration testing
                  • Self-assessment
                  • Software testing
                  • Vulnerability scanning

                  RouterSploit review

                  56

                  John the Ripper

                  Introduction

                  John the Ripper is a mature password cracker to find weak or known passwords. It works on Linux and other flavors of Unix and Microsoft Windows.

                  Project details

                  Some relevant tool missing as an alternative to acccheck? Please contact us with your suggestion.