acccheck alternatives

Looking for an alternative tool to replace acccheck? During the review of acccheck we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. eapmd5pass (offline EAP-MD5 dictionary attack tool)
  2. Patator (multi-purpose brute-force tool)
  3. THC Hydra (password discovery)

These tools are ranked as the best alternatives to acccheck.

Alternatives (by score)

60

eapmd5pass

Introduction

A tool like this would be most likely used to show the weakness of old authentication protocols, including penetration testing.

Project details

eapmd5pass is written in C.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Network analysis
    • Password discovery
    • Penetration testing

    eapmd5pass review

    60

    Patator

    Introduction

    Patator is based on similar tools like Hydra, yet with the goal to avoid the common flaws these tools have like performance limitations. The tool is modular and supports different types of brute-force attacks or enumeration of information.

    Project details

    Patator is written in Python.

    Strengths and weaknesses

    • + More than 500 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Password discovery
      • Penetration testing
      • Reconnaissance
      • Vulnerability scanning

      Patator review

      100

      THC Hydra (thc-hydra)

      Introduction

      THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

      Project details

      THC Hydra is written in C.

      Strengths and weaknesses

      • + More than 25 contributors
      • + More than 1000 GitHub stars
      • + Project is mature (10+ years)
      • + The source code of this software is available

        Typical usage

        • Penetration testing
        • Security assessment

        THC Hydra review

        100

        hashcat

        Introduction

        Hashcat can be used to discover lost passwords, or as part of a security assignment. For example, it could be trying to crack a password from a password file that was obtained during a penetration test.

        Project details

        hashcat is written in C.

        Strengths and weaknesses

        • + More than 25 contributors
        • + More than 4000 GitHub stars
        • + The source code of this software is available
        • + Well-known tool

          Typical usage

          • Password discovery

          hashcat review

          60

          PassGen

          Introduction

          PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.

          Project details

          PassGen is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Password discovery
            • Password strength testing
            • Security assessment

            PassGen review

            60

            Crowbar

            Introduction

            While most brute forcing tools take a similar approach, Crowbar can use different methods that are not always available in other utilities. For example, Crowbar can use SSH keys, instead of the typical username and password combination. This might be useful during penetration testing when these type of details are discovered.

            Project details

            Crowbar is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Penetration testing

              Crowbar review

              56

              mimipenguin

              Introduction

              The tool requires root permissions to work.

              Project details

              mimipenguin is written in Python, shell script.

              Strengths and weaknesses

              • + The source code of this software is available
              • - No releases on GitHub available
              • - Full name of author is unknown

              Typical usage

              • Information gathering
              • Security assessment

              mimipenguin review

              60

              not24get

              Introduction

              API: pwdCheckModule object in ppolicy.
              Executable: "check password script" in Samba suite (not24get_check)

              This module is a wrapper around libpasswdqc, the library that powers the pam_passwdqc module.

              Project details

              not24get is written in C.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Password strength testing

                not24get review

                85

                Infection Monkey

                Introduction

                This tool is useful for security assessments to test for weaknesses within the network. By automating the exploitation phase as much as possible, it will help finding any weak targets within the boundaries of the data center.

                Project details

                Infection Monkey is written in Python.

                Strengths and weaknesses

                • + More than 25 contributors
                • + More than 5000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Password discovery
                  • Service exploitation
                  • System exploitation

                  Infection Monkey review

                  64

                  RouterSploit

                  Introduction

                  RouterSploit is a framework to exploit embedded devices such as cameras and routers. It can be used during penetration testing to test the security of a wide variety of devices. RouterSploit comes with several modules to scan and exploit the devices. The tool helps in all steps, like from credential testing to deploying a payload to perform an exploitation attempt.

                  Project details

                  RouterSploit is written in Python.

                  Strengths and weaknesses

                  • + More than 50 contributors
                  • + More than 6000 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Penetration testing
                    • Self-assessment
                    • Software testing
                    • Vulnerability scanning

                    RouterSploit review

                    56

                    John the Ripper

                    Introduction

                    John the Ripper is a mature password cracker to find weak or known passwords. It works on Linux and other flavors of Unix and Microsoft Windows.

                    Project details

                    Some relevant tool missing as an alternative to acccheck? Please contact us with your suggestion.