eapmd5pass alternatives

Looking for an alternative tool to replace eapmd5pass? During the review of eapmd5pass we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. acccheck (SMB password guessing and dictionary attack tool)
  2. Patator (multi-purpose brute-force tool)
  3. THC Hydra (password discovery)

These tools are ranked as the best alternatives to eapmd5pass.

Alternatives (by score)

56

acccheck

Introduction

The acccheck tool performs a password guessing and dictionary attack on SMB services used to share files and printers.

Project details

acccheck is written in Perl.

Strengths and weaknesses

  • + The source code of this software is available
  • - No updates for a while

Typical usage

  • Password discovery
  • Password strength testing

acccheck review

68

Patator

Introduction

Patator is based on similar tools like Hydra, yet with the goal to avoid the common flaws these tools have like performance limitations. The tool is modular and supports different types of brute-force attacks or enumeration of information.

Project details

Patator is written in Python.

Strengths and weaknesses

  • + More than 500 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Password discovery
    • Penetration testing
    • Reconnaissance
    • Vulnerability scanning

    Patator review

    100

    THC Hydra (thc-hydra)

    Introduction

    THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

    Project details

    THC Hydra is written in C.

    Strengths and weaknesses

    • + More than 25 contributors
    • + More than 1000 GitHub stars
    • + Project is mature (10+ years)
    • + The source code of this software is available

      Typical usage

      • Penetration testing
      • Security assessment

      THC Hydra review

      100

      hashcat

      Introduction

      Hashcat can be used to discover lost passwords, or as part of a security assignment. For example, it could be trying to crack a password from a password file that was obtained during a penetration test.

      Project details

      hashcat is written in C.

      Strengths and weaknesses

      • + More than 25 contributors
      • + More than 4000 GitHub stars
      • + The source code of this software is available
      • + Well-known tool

        Typical usage

        • Password discovery

        hashcat review

        60

        Crowbar

        Introduction

        While most brute forcing tools take a similar approach, Crowbar can use different methods that are not always available in other utilities. For example, Crowbar can use SSH keys, instead of the typical username and password combination. This might be useful during penetration testing when these type of details are discovered.

        Project details

        Crowbar is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Penetration testing

          Crowbar review

          60

          PassGen

          Introduction

          PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.

          Project details

          PassGen is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Password discovery
            • Password strength testing
            • Security assessment

            PassGen review

            56

            mimipenguin

            Introduction

            The tool requires root permissions to work.

            Project details

            mimipenguin is written in Python, shell script.

            Strengths and weaknesses

            • + The source code of this software is available
            • - No releases on GitHub available
            • - Full name of author is unknown

            Typical usage

            • Information gathering
            • Security assessment

            mimipenguin review

            60

            not24get

            Introduction

            API: pwdCheckModule object in ppolicy.
            Executable: "check password script" in Samba suite (not24get_check)

            This module is a wrapper around libpasswdqc, the library that powers the pam_passwdqc module.

            Project details

            not24get is written in C.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Password strength testing

              not24get review

              89

              Fail2ban

              Introduction

              Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

              Project details

              Fail2ban is written in Python.

              Strengths and weaknesses

              • + More than 2000 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Network traffic filtering
                • Security monitoring

                Fail2ban review

                85

                LogonTracer

                Introduction

                LogonTracer is a tool to investigate malicious logins from Windows event logs with visualization capabilities.

                Project details

                LogonTracer is written in Python.

                Strengths and weaknesses

                • + More than 500 contributors
                • + The source code of this software is available

                  Typical usage

                  • Criminal investigations
                  • Digital forensics
                  • Learning

                  LogonTracer review

                  74

                  Yosai

                  Introduction

                  Yosai is a security framework for Python applications and adds authentication, authorization, and session management capabilities. Features include Role-Based Access Control (RBAC), two-factor authentication, and Time-based One-Time Passwords (TOTP). Besides a focus on the authentication and authorization, Yosai enables an audit trail of all relevant events.

                  As each framework comes with some overhead, Yosai aims to leverage caching and serialization where possible.

                  Project details

                  Yosai is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Application security
                    • Audit logging
                    • Identity and access management

                    Yosai review

                    76

                    django-two-factor-auth (Django Two-Factor Authentication)

                    Introduction

                    A complete Two-Factor Authentication for Django. It leverages the django-otp tooling together with Django's authentication framework.

                    Project details

                    56

                    John the Ripper

                    Introduction

                    John the Ripper is a mature password cracker to find weak or known passwords. It works on Linux and other flavors of Unix and Microsoft Windows.

                    Project details

                    Some relevant tool missing as an alternative to eapmd5pass? Please contact us with your suggestion.