# Password & Cracking

[**Depix**](https://github.com/beurtschipper/Depix)**:** Recovers passwords from pixelized screenshots.

![](/files/5ORCo6jfXpEhvKr34tyJ)

{% embed url="<https://github.com/beurtschipper/Depix>" %}

**bopscrk:** Before Outset PaSsword CRacKing is a tool to generate smart and powerful wordlists for targeted attacks.

![](/files/-MX-60xKnId0KCxRMFhB)

[**spraygen**](https://github.com/3ndG4me/spraygen)**:** Password list generator for password spraying - prebaked with goodie.

[**cook**](https://github.com/giteshnxtlvl/cook)**:** Easily create word's permutation and combination to generate complex wordlists and passwords.

![](/files/-MZFCkxPSC0naJG8L2zJ)

![](/files/-MZFCt9UfWg0CnWj81_7)

[**crackpkcs12:**](https://github.com/crackpkcs12/crackpkcs12) A multithreaded program to crack PKCS#12 files (p12 and pfx extensions) by Aestu.

```
crackpkcs12 -d dictionary.txt certificate.pfx
```

[**hashcat:**](https://hashcat.net/hashcat/)  This is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.

```
Linux:
hashcat hash.txt -a 0 -m 3200 -w 4 --username -r /usr/share/hashcat/rules/best64.rule wordlist.txt --force

-r option will permutate the words, e.g:
password, password!, password1, password21, password30

Windows:
hashcat64.exe -a 0 --session=2021-04-02 -m 3200 -w 4 --username --force --status --status-timer=60 -p : -O --hwmon-disable -o "C:\Users\xxx\Desktop\cracked.txt" --outfile-format=3 -r "C:\Users\xxx\Desktop\hashcat-5.1.0\rules\nsav2.rule" "C:\Users\xxx\Desktop\hash.txt" "C:\Users\xxx\Desktop\wordlist.txt"
```

![](/files/p420ad5Vx1lOghsRHb1d)

&#x20;[**pack**](https://github.com/iphelix/pack): PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

```
python statsgen.py rockyou.txt
```

[**pipal**](https://github.com/digininja/pipal): Pipal, THE password analyser.

{% embed url="<https://github.com/digininja/pipal>" %}

Script to keep repetition of NTDS passwords when cracked with hashcat before analyze them with pipal:

```
#script to count repetitions of cracked passwords
import sys

if len(sys.argv) != 3:
    print("Usage: python script.py arg1[ntds_file] arg2[cracked_file]")
    print("Please provide exactly 2 arguments.")
    sys.exit(1)

if __name__ == "__main__":
	ntds_hashes = {}
	cracked_hashes= {}
	file_name_ntds = sys.argv[1]
	file_name_cracked= sys.argv[2]
	file_name_output = "output.txt"

	with open(file_name_output, 'w') as output_file:

	#open ntds file and compare if the hash is in cracked
		with open(file_name_ntds, 'r') as ntds_file:
			for line_ntds in ntds_file:
				parts = line_ntds.strip().split(':')
				with open(file_name_cracked, 'r') as cracked_file:
					for line_cracked in cracked_file:
						parts1 = line_cracked.strip().split(':')
						if parts[3] == parts1[0]:
						    output_file.write(parts1[1]+"\n")




```

&#x20;[**BridgeKeeper**](https://github.com/0xZDH/BridgeKeeper): Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format.

```
$ python3 bridgekeeper.py --file names.txt --format {f}{last}@example.com --output example-employees/ --debug

Name: John Adams Smith
{f}{last}                   > jsmith
{f}{m}.{last}               > ja.smith
{f}{last}[4]@example.com    > jsmit@example.com
```

## assless-chaps

\
Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes<br>

{% embed url="<https://github.com/sensepost/assless-chaps.git>" %}

## Hashes online

{% embed url="<https://hashes.com/en/decrypt/hash>" %}

{% embed url="<https://crackstation.net>" %}

{% embed url="<https://www.tunnelsup.com/hash-analyzer>" %}

{% embed url="<https://hashcat.net/hashcat>" %}

{% embed url="<https://weakpass.com>" %}

{% embed url="<https://hashmob.net/hashlists>" %}

{% embed url="<https://cybertoolbank.cc/leakcheck.php>" %}

{% embed url="<https://dehashed.com>" %}

{% embed url="<https://leakcheck.io>" %}

{% embed url="<https://haveibeenpwned.com>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gitbook.seguranca-informatica.pt/tools/password-and-cracking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.