Return to Password

CIA triad

From the article Passwordless authentication:

• Authentication
• FIDO Alliance
• Password cracking
• Password fatigue
• Password policy
• Password psychology
• Password strength
• Pre-shared key
• Usability of web authentication systems

• cryptographic hash function (CHF)

Dictionary attack:

• Cain and Abel (software) - Cain and Abel
• Crack (password software) - Crack
• Aircrack-ng
• John the Ripper
• L0phtCrack
• Metasploit Project
• Ophcrack
• Cryptool

Passwords: Password topics, Passwordless, Password manager - Password management, Authentication, Personal identification number (PIN), Single signon, MFA-2FA, Microsoft Hello, Apple Face ID, Facial recognition, Biometric authentication, Iris recognition, Mainframe passwords (IBM RACF, Retinal scan, Eye vein verification, Recognition, Fingerprint recognition, Password cracking, Password hashing, Popular passwords, Strong passwords, Rainbow table, Secrets - Secrets management (HashiCorp Vault, Azure Vault, AWS Vault, GCP Vault)). (navbar_passwords)

https://github.com/topics/password

Here are 3,167 public repositories matching this topic…

• keepassxreboot / keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”. - Keywords: windows, macos, linux, security, privacy, cross-platform, password-manager, yubikey, password, keepass, hacktoberfest, keepassxc

C++

• hashcat - World's fastest and most advanced password recovery utility - Keywords: c, opencl, cuda, password, gpgpu, hashes, cracking, hashcat

• keeweb - Free cross-platform password manager compatible with KeePass

electron javascript security password-manager keeweb password keepass

JavaScript

berzerk0 / Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and password testing - make sure your passwords aren't popular!

dictionary password wordlist password-strength password-safety dictionary-attack

• MacPass - A native OS X KeePass client

macos objective-c password-manager password keepass kdbx macpass autotype

Objective-C

openwall / john - Open Have some *2john programs explain that it's normal to have large output

Our users are often confused by the output from programs such as zip2john sometimes being very large (multi-gigabyte). Maybe we should identify and enhance these programs to output a message to stderr to explain to users that it's normal for the output to be very large - maybe always or maybe only when the output size is above a threshold (e.g., 1 million bytes?)

supertokens / supertokens-core - Open (Intermediate) Docker image's error log not in stderr

The repo containing the Dockerfile and the entrypoint is here.

• lesspass - 🔑 stateless open source password manager

privacy password-manager password self-hosted anonymous passwords lesspass

JavaScript

• TheKingOfDuck / fuzzDicts - Web Pentesting Fuzz 字典,一个就够了。

directory password fuzzing fuzz-testing pentesting username fuzzer wfuzz paramter

Python

• K8tools - k8gege - K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

database apt exploit scanner hacking password poc brute-force pentest bypass crack privilege-escalation 0day getshell netscan rar-mysql

Updated 21 days ago

PowerShell

k8gege / Ladon - 大型内网渗透扫描器&Cobalt Strike，Ladon9.1.4内置150个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

security tools hack exploit scanner hacking password poc brute-force pentest portscan security-scanner exp security-tools ladon ipscanner getshell netscan

Updated 15 days ago

C#

• Mebus / cupp - Common User Passwords Profiler (CUPP)

password wordlist password-strength weak-passwords dictionary-attack wordlist-generator

Python

jaredhanson / passport-local - Username and password authentication strategy for Passport and Node.js.

password passport

JavaScript

ignis-sec / Pwdb-Public - A collection of all the data i could extract from 1 billion leaked credentials from internet.

password infosec seclists rockyou

• khast3x / h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

osint email hacking password recon leak hibp haveibeenpwned breach kali theharvester breach-compilation

Python

• robinmoisson / staticrypt - Password protect a static HTML page

javascript html cli encryption password static-html

JavaScript

• panique / huge - Simple user-authentication solution, embedded into a small framework.

php framework authentication password auth authorization password-hash user-auth

PHP

• drduh / pwd.sh - GPG symmetric password manager

bash unix encryption password-manager gnupg gpg password bash-script file-encryption

Shell

• accounts-js / accounts - Fullstack authentication and accounts-management] for Javascript. graphql oauth rest password accounts sessions TypeScript * [[ranisalt / node-argon2 - Node.js bindings for Argon2 hashing algorithm

hashing crypto encryption argon2 password

JavaScript

• deepfence / SecretScanner - Find secrets and Find passwords in container images and file systems

docker kubernetes security containers secrets password k8s vulnerability-scanners security-tools devsecops secret-keys secrets-management secrets-detection scanning-tool infosectools

Go

• sc0tfree / mentalist - Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

password wordlist cracking wordlist-generator wordlist-technique cracking-hashes

Python

• insightglacier / Dictionary-Of-Pentesting - [Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

dns database spring-boot dictionary fingerprint wifi password bruteforce subdomain rce fuzzing pentesting regex-pattern bugbounty pentest payloads iot-security websecurity bugbountytips bughunting-methodology

Shell

• Viralmaniar / Passhunt - Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

security password cybersecurity penetration-testing pentest-tool security-testing default-password default-credentials

Python

• browserpass / browserpass-legacy - Legacy Browser pass repo, development is now happening at:

go firefox chrome password

JavaScript

• duyet / bruteforce-database - Bruteforce database

password bruteforce brute-force-attacks brute-force duyetdev password-dictionaries seclists

• unosquare / passcore - A self-service password management tool for Active Directory

react recaptcha dotnet powershell dotnetcore password-manager password iis activedirectory ssl-certificate self-service password-meter application-pool

C#

• CRAnimation / CRBoxInputView - Verify code input view. Support security type for password. 短信验证码输入框，支持密文模式

mobile placeholder phone-number phone uitextfield password uitextview verifycode verifycodeview

Objective-C

• ltb-project / self-service-password - Web interface to change password and reset password in an LDAP directory

ldap password self-service self-service-password

PHP

• K8CScan - k8gege / K8CScan - K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

mysql security exploit ftp scanner ipc smb oracle hacking password subdomain wmi poc mssql pentest crack portscan cobalt-strike getshell netscan

Fair Use Source: https://github.com/topics/password