eapmd5pass alternatives

Looking for an alternative tool to replace eapmd5pass? During the review of eapmd5pass we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

acccheck (SMB password guessing and dictionary attack tool)
Patator (multi-purpose brute-force tool)
THC Hydra (password discovery)

These tools are ranked as the best alternatives to eapmd5pass.

Alternatives (by score)

acccheck

Introduction

The acccheck tool performs a password guessing and dictionary attack on SMB services used to share files and printers.

Project details

acccheck is written in Perl.

Strengths and weaknesses

+ The source code of this software is available

- No updates for a while

Typical usage

Password discovery
Password strength testing

acccheck review

Patator

Introduction

Patator is based on similar tools like Hydra, yet with the goal to avoid the common flaws these tools have like performance limitations. The tool is modular and supports different types of brute-force attacks or enumeration of information.

Project details

Patator is written in Python.

Strengths and weaknesses

+ More than 500 GitHub stars
+ The source code of this software is available

Typical usage

Password discovery
Penetration testing
Reconnaissance
Vulnerability scanning

Patator review

THC Hydra (thc-hydra)

Introduction

THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

Project details

THC Hydra is written in C.

Strengths and weaknesses

+ More than 25 contributors
+ More than 1000 GitHub stars
+ Project is mature (10+ years)
+ The source code of this software is available

Typical usage

Penetration testing
Security assessment

THC Hydra review

hashcat

Introduction

Hashcat can be used to discover lost passwords, or as part of a security assignment. For example, it could be trying to crack a password from a password file that was obtained during a penetration test.

Project details

hashcat is written in C.

Strengths and weaknesses

+ More than 25 contributors
+ More than 4000 GitHub stars
+ The source code of this software is available
+ Well-known tool

Typical usage

Password discovery

hashcat review

Crowbar

Introduction

While most brute forcing tools take a similar approach, Crowbar can use different methods that are not always available in other utilities. For example, Crowbar can use SSH keys, instead of the typical username and password combination. This might be useful during penetration testing when these type of details are discovered.

Project details

Crowbar is written in Python.

Strengths and weaknesses

+ The source code of this software is available

Typical usage

Penetration testing

Crowbar review

PassGen

Introduction

PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.

Project details

PassGen is written in Python.

Strengths and weaknesses

+ The source code of this software is available

Typical usage

Password discovery
Password strength testing
Security assessment

PassGen review

mimipenguin

Introduction

The tool requires root permissions to work.

Project details

mimipenguin is written in Python, shell script.

Strengths and weaknesses

+ The source code of this software is available

- No releases on GitHub available
- Full name of author is unknown

Typical usage

Information gathering
Security assessment

mimipenguin review

not24get

Introduction

API: pwdCheckModule object in ppolicy.
Executable: "check password script" in Samba suite (not24get_check)

This module is a wrapper around libpasswdqc, the library that powers the pam_passwdqc module.

Project details

not24get is written in C.

Strengths and weaknesses

+ The source code of this software is available

Typical usage

Password strength testing

not24get review

Fail2ban

Introduction

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

Project details

Fail2ban is written in Python.

Strengths and weaknesses

+ More than 2000 GitHub stars
+ The source code of this software is available

Typical usage

Network traffic filtering
Security monitoring

Fail2ban review

LogonTracer

Introduction

LogonTracer is a tool to investigate malicious logins from Windows event logs with visualization capabilities.

Project details

LogonTracer is written in Python.

Strengths and weaknesses

+ More than 500 contributors
+ The source code of this software is available

Typical usage

Criminal investigations
Digital forensics
Learning

LogonTracer review

Yosai

Introduction

Yosai is a security framework for Python applications and adds authentication, authorization, and session management capabilities. Features include Role-Based Access Control (RBAC), two-factor authentication, and Time-based One-Time Passwords (TOTP). Besides a focus on the authentication and authorization, Yosai enables an audit trail of all relevant events.

As each framework comes with some overhead, Yosai aims to leverage caching and serialization where possible.

Project details

Yosai is written in Python.

Strengths and weaknesses

+ The source code of this software is available

Typical usage

Application security
Audit logging
Identity and access management

Yosai review

django-two-factor-auth (Django Two-Factor Authentication)

Introduction

A complete Two-Factor Authentication for Django. It leverages the django-otp tooling together with Django's authentication framework.

Project details

John the Ripper

Introduction

John the Ripper is a mature password cracker to find weak or known passwords. It works on Linux and other flavors of Unix and Microsoft Windows.

Project details

Some relevant tool missing as an alternative to eapmd5pass? Please contact us with your suggestion.