Password Hacking Tools & Software


Probably our most popular resource here at Concise Courses: Password Cracking Software seems to be in hot demand. We’ve updated our list for 2020.


Need Help? Ask A Question

Posted by Henry Dalziel  |  December 8, 2019  |   Questions / Comments 99

Password Hacking Tools & Software

Recommended Tools  10
Henry Dalziel
Henry Dalziel | December 8, 2019

- C|EH, Security+, MSc Marketing Management;
- Based in Hong Kong for the last five years;
- Cybersecurity Pro & Growth Hacker


How To Crack (Hack) A Password

Password cracking or ‘password hacking’ as is it more commonly referred to is a cornerstone of Cybersecurity and security in general.

Wanting to crack passwords and the security therein is likely the oldest and most in-demand skills that any InfoSec professional needs to understand and deploy.

Password hacking software has evolved tremendously over the last few years but essentially it comes down to several things: firstly, what systems are in place to prevent certain popular types of password cracking techniques (for example ‘captcha forms’ for brute force attacks), and secondly, what is the computing processing power of the hacker?

Typically password hacking involves a hacker brute-forcing their way into a website admin panel (or login page for example) and bombarding the server with millions of variations to enter the system. That requires CPU. The faster the machine the faster the cracking process will be. Yes, a ‘clued-up’ Cybersecurity Professional will be able to prevent brute-forcing but you’ll be amazed at the number of vulnerable websites that can be forced into with the password hacking software that we’ve listed below.

Some Basics

We are all lazy. Period.

I am, you are, and you’ll find ways to make your life more efficient and easier and why shouldn’t you!

Unfortunately, convenience is something that does not play nice with Cybersecurity and especially with regards to password security. The more complex your password the more it will be difficult for a hacker to force their way into your account(s). There are a bunch of password security measures we can all take which will greatly help your security online and many of these we already know extremely well yes few of us really adopt them. For example, do not use the same password – because should a breach happen on one system you’re entire (or potentially a large chunk) of your online presence may also be compromised.

Please Share This Resource! [HINT: We'll LOVE YOU for it!]

10 Recommended Tools

Submit A Tool!

We'll promote it to our community.

Password Hacking Tools & Software

AIRCRACK

By far one of the more popular Wireless Hacking Tools in our list and one in which there are a million YouTube tutorials! This tools ships with Kali Linux. Aircrack-ng is a network hacking tool that consists of a packet sniffer, detector, WPA/WPA2-PSK cracker, WEP and an analysis tool for 802.11 wireless LANs. This tool works with a wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b, and 802.11g traffic. A new attack called “PTW” made by a team at Darmstadt University of Technology which decreases the number of initialization vectors (IVs) needed to decrypt a WEP key has been included in the aircrack-ng suite since the 0.9 release.Is Aircrack-ng Free? This tool is free and you can find many tutorials about it on the internet like on how to install aircrack-ng (https://www.aircrack-ng.org/install.html). Does Aircrack-ng Work on all Operating Systems? This tool can run on various platforms like FreeBSD, OSX, Windows, OpenBSD, and Linux. The Linux version of this tool is packaged for OpenWrt and been ported to Maemo, Zaurus and Android platforms; and a proof of concept port has been made to iPhones. What are the Typical Uses for Aircrack-ng? This tool focuses on areas of Wifi Security which includes monitoring which captures packets and exports the data to text files for processing by 3rd party tools. Replaying attacks, fake access points, deauthentication by using packet injection. Testing of wifi cards and driver capabilities via capture and injection and cracking of WPA and WPA PSK (WPA 1 and WPA 2).

CROWBAR

Crowbar is one of brute force attacking tool that provides you an opportunity to be in control what is submitted to a web server. It doesn’t try to identify a positive response like hitting a correct username or password combination but it rather tells you to give a “baseline” – the content of response and content of the baseline are then compared.

Is Crowbar Free?
Yes, Crowbar is currently free.

Does Crowbar Work on all Operating Systems?
Crowbar works with Linux operating systems.

What are the Typical Uses for Crowbar?
This brute-forcing tool is commonly used during penetration tests and is developed to support protocols that are currently not supported by other brute-forcing tools. Currently, this tool supports remote Desktop Protocol with NLA support, VNC key authentication, open VPN and SSH private key authentication.

JOHN THE RIPPER

John The Ripper is perhaps the best known password cracking (hacking) tools out there, and that’s why it will always be in our ‘concise top ten hacking tools’ category. Aside from having the best possible name, we love John, as it is affectionately known because simply said, it works and is highly effective. John The Ripper is, like Metasploit, also part of the Rapid7 family of pentesting/ hacking tools.

How do Password Crackers Work?
In cryptanalysis, (which is the study of cryptographic systems in order to attempt to understand how it operates, and, as hackers, we’ll try to see if there are any vulnerabilities that will allow them to be broken, with or without the hash/ password key). Password cracking is the process of recovering or hacking passwords from data that have been stored in or has been transmitted by a computer system or within a network. One of the most common types of password hacking is known as a ‘brute-force attack.’ which, simply said, is the process in which a computer system guesses for the correct by cross-checking against an available cryptographic hash of the password. If the brute force attack is against clear-text words then the process derives from a ‘dictionary attack’. If the password is guessed using password hashes (which is faster), then the used process would be a ‘rainbow’ table.

If you work in Cyber Security, or are looking to get started in the profession, then it is ‘a must’ that you learn certain aspects of cryptography. We’d therefore strongly suggest that you learn, and try to crack, offline passwords using John The Ripper.

How does John The Ripper compare to THC Hydra?
THC Hydra, or simply ‘Hydra’, is another very popular password hacking tool that is often referred to in the same context as John The Ripper. The easiest way to describe the difference between John The Ripper (JTR) and THC Hydra is that JTR is an offline password cracker whilst Hydra is an online password cracker.

Is John The Ripper Free?
Both. There is a very popular free version of John The Ripper, and also a ‘pro’ version. John the Ripper commerical version is used by penetration testers that are interested in password cracking specific operating systems. The commercial version optimized for performance and speed. For the average user John The Ripper ‘open-source’ will work great, for the real hard-core user we’d certainly recommend the Pro Version, available from Rapid7.

Does John The Ripper Work on all Operating Systems?
John The Ripper was originally developed for Unix operating systems but now runs on various platforms 11 of which are architecture-specific versions of DOS, Unix, BeOS, Win32 and OpenVMS.

What are Typical Uses for John The Ripper?
John the Ripper is a fast password cracker. Period. In fact, you can consider John The Ripper as ‘the definitive’ password hacking tool!

In Summary
In summary, this extremely popular password cracking software tool is a behemoth within its’ category.

This tool now works on, literally, every single platform you can think of.

Users of this software love it, primarily for two specific reasons; firstly, because you can combine it with other password crackers, and secondly because it can autodetect password hash types through its customizable cracking functionality.

This tool can easily be executed against various encrypted password formats including (but not limited to) several crypt password hash types most commonly found on various Unix versions (such as DES, MD5, or Blowfish, Kerberos AFS etc).

Like other tools such as Metasploit and Nmap, John The Ripper (JTR) can have its performance enhanced by adding on extra modules.

L0PHTCRACK

L0phtCrack is a recovery and password auditing tool originally created by Mudge. It tries to crack Windows passwords from obtained hashes from stand-alone Windows workstation, primary domain controllers, networked servers or Active Directory. It can sometimes sniff hashes off the wire. This tool also has several methods of generating password guesses.

Is L0phtCrack Free?
No, 3 versions of L0phtCrack: Professional, Administrator and Consultant are available for purchase.

Does L0phtCrack Work on all Operating Systems?
No, It only works for Microsoft Windows.

What are the Typical Uses for L0phtCrack?
L0phtCrack is used to recover lost Microsoft Windows passwords or to test someone's password strength. It uses brute force, rainbow tables, hybrid and dictionary attacks. Even if this one of the tools of choice, crackers’ use old versions because of its high availability and low price.

MEDUSA

Medusa is created to be a massively parallel, modular, speedy and login brute forcer. The aim is to support a lot of services that will allow remote authentication. Key features of this tool includes thread-based parallel testing – Brute force testing can be performed against multiple hosts, passwords or users. Flexible user input – Target information can be specified in different ways. One example is that for each item, it can be either a single entry or file containing multiple entries and Modular design – Every independent mod file exists in each service mod file. This means that no modifications are needed to the core application in order to extend the list of supported services for brute-forcing. Is Medusa Free? Yes, Medusa is free to use. Does Medusa Work on all Operating Systems? Medusa works on Linux and MAC OS X operating systems. What are the Typical Uses for Medusa? Just like THC Hydra, this tool focuses on cracking passwords by brute forcce attack. This tool can perform rapid attacks against large number of protocols that includes telnet, http, https, databases and smb.

OPHCRACK

Ophcrack is a rainbow-table based password cracker. This tool can import hashes from different formats included dumping directly from the SAM files of Windows. Some Rainbow tables are free to download but if you want larger ones, you can buy it from Objectif Sécurité.

Is ophcrack Free?
Yes!

Does ophcrack Work on all Operating Systems?
This tool works on Linux, Microsoft Windows and MAC OS X.

What are the Typical Uses for ophcrack?
The primary use of this tool is for password discovery. It can fork out simple passwords within minutes. Buying additional rainbow tables will enable you to crack complex passwords.

RAINBOWCRACK

RainbowCrack is a hash cracker tool that makes use of a large-scale time memory trade off. A common brute force cracker tries every possible plaintext one by one which is time-consuming for complex passwords but this tool uses a time-memory trade-off to do an advance cracking time computation and store results in “rainbow tables”. Password crackers take a long time to precompute tables but this tool is hundred of times faster than a brute force once it finishes the precomputation.

Is RainbowCrack Free?
Yes. RainbowCrack is free to use.

Does RainbowCrack Work on all Operating Systems?
It works on Linux, Microsoft Windows and MAC OS X (You should have mono or CrossOver for this one).

What are the Typical Uses for RainbowCrack?
The use of this tool is to crack hashes with rainbow tables that makes password cracking easier.

SOLARWINDS

SolarWinds Firewall Security Manager (FSM) is a great solution for organizations and companies who need reporting and expert management on their most critical security devices. Set-up and configuration of this product is pretty straightforward and multi clients can be deployed to allow multiple administrators to access the system.

Is SolarWinds Free?
No. SolarWinds is a paid product offered by an excellent and well-respected company.

Does SolarWinds Work on all Operating Systems?
SolarWinds works on Windows operating systems.

What are the Typical Uses for SolarWinds?
Uses of this tool include network discovery scanners, router password decryption, SNMP brute force cracker, and TCP connection reset program.

THC HYDRA

THC Hydra is a password cracking tool that can perform very fast dictionary attacks against more than fifty protocols. It is a fast and stable Network Login Hacking Tool which uses dictionary or brute-force attacks to try various password and login combinations against a login page.

Is THC Hydra free?
Yes! THC Hydra is free. This tool is a proof of concept code giving researchers and security consultants the possibility to know how easy it would be to gain unauthorized access from remote to a system.

Does THC Hydra Work on all Operating Systems?
Hydra was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.

What are the Typical uses for THC Hydra?
Hydra is used as a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add. This tool shows how easy it would be to gain unauthorized access to a system remotely.

WFUZZ

Wfuzz is a hacking tool use created to brute force Web Applications. Some of the features of this tool includes multiple Injection points capability with multiple dictionaries, output to HTML, recursion (When doing directory bruteforce), colored output, post, headers and authentication data brute forcing, cookies fuzzing, time delays between requests, SOCK support, authentication support (NTLM, Basic), proxy support, payload combinations with iterators, HEAD scan (faster for resource discovery), brute force HTTP methods, multiple proxy support (each request through a different proxy) and hide results by return code, word numbers, line numbers, regex.

and a whole lot more…

Is Wfuzz Free?
Yes! Wfuzz is free.

Does Wfuzz Work on all Operating Systems?
It works on Linux, Windows and MAC OS X operating systems.

What are the Typical Uses for Wfuzz?
This tool is used to brute force Web Applications and can be used to find resources not linked (servlets, directories, scripts, etc.), POST parameters for various injections like SQL, LDAP, XSS, form parameters brute-forcing (username/password), fuzzing and a lot more.

Password Hacking Tools & Software

Some Of Our Other Content

You might also like...

Should I use a VPN with Tor?
Should I use a VPN with Tor?

Using Tor alone is about 90% of the battle to stay anonymous online.

Blog Post

N00b Hacking
13 Offline Growth Hacks
13 Offline Growth Hacks

I list my favorite 13 Offline Growth Hacks! I've done some of these. Some are a bit out there!

Blog Post

Growth Marketing
Mobile Encryption Apps
Mobile Encryption Apps

Is WhatsApp safe? What about Telegram? There are dozens of mobile encryption apps...

List Review

Cyber Hacking
Password Cracking Tools
Password Cracking Tools

John The Ripper, Crowbar, L0phtcrack, Medusa, Rainbowcrack, THC Hydra and more!

List Review

Cyber Hacking

Summary

Social engineering and brute-forced password attacks are the two most common ways (methods) to hack into someone’s account. Sometimes the most inane reasons are attributed to a password breach, for example, the Uber hack of 2016, was the result of a programmer leaving password credentials for their AWS account within their GitHub account. Admittedly their account was private but yet a skilled hacker was able to penetrate that account and compromise a ton of data.

What’s the solution?

Be secure and use common sense!

The questions we’ve pinned to the bottom are some of the most commonly asked questions we’ve received over the years regarding password cracking.

Previously Asked Questions (with Answers)

The accepted answers are that of course, it depends on the processing power of your machine (or the system that is running the password hacking method). To put that into numbers, if you’re on a basic low-spec computer that was running a brute-force hack then it will take (1.7*10^-6 * 52^8) seconds / 2, or 1.44 years. The faster the processor the less that number becomes. A supercomputer or a botnet powered tool would take a lot less time (maybe about ten minutes at best). The moral of the story here is to have a complex password that is longer than eight characters.

Brute Force Attack and social engineering scams are the two easiest and best-known methods of being able to hack passwords. Most password cracking tools can crack simple passwords by guessing a specific number of passwords (see tools like cup.py). Hackers use tools listed within our resource that will try to crack passwords by simply entering different passwords over and over until it’s cracked. There’s more to it than this but essentially that’s how passwords are cracked. The other solution is social engineering. Uber was hacked, for example, because some developers left login credentials on their GitHub account. Such an error was human, but the access to their GitHub account was likely due to social engineering.

The five stages are: Reconnaissance > Scanning > Gaining Access > Maintaining Access > Covering Tracks.

Yes and no.

Yes, because it practice you certainly can scan the IP to see what’s on it and from that information launch at attack but likely that will be very difficult because even rudimentary client-facing ports (IP Addresses) will have some form of firewall or packet filtering. Also, typically, a semi-decent Firewall will be able to instantly detect an nmap scan (for example) and block the origin IP and subsequent rotated IP’s. An expert hacker or Penetration Tester can send creative packets to test the system and may be able to penetrate the network or IP Address. In summary therefore, the best answer is: it depends!

Yes, but it would require a significant skill. There is a multitude of ways to hack into someone’s phone. The easiest way would be to get the target to download a vulnerable “mobile app” that could then be used to remotely access that targets phone. This question is almost impossible to answer in a “yes” or “no” but in summary, I’d say that a mobile phone (iOS or Android) is, of course, a computer and therefore can be hacked so I’d lean towards always saying “yes” a mobile phone can be hacked. How easy that is of course depends on a wide range of factors.

The answer here is that it totally depends. Using creative hacking tools you can create specific dictorinary attacks based upon your target which would be really focused on getting the correct pattern or likely passwords. Such an attack would be referred to as a “Brute Force” attack. So, in summary – the harder the password the harder it is to crack! Get creative and have unqique passwords per account.

Based upon research we’ve looked at here at Concise Courses each PIN entry can take about 40 seconds to execute. Based upon that metric it would take over 112 to brute force a 4 digit PIN.

The first step of password hacking is known as “Footprinting (Reconnainsance) or “Information Gathering”. This phase is also known as OSINT (Open Source Intelligence) where the hacker (or “Ethical Hacker”) would collect as much information as possible about their target and with regards to password cracking they’d have to create their own unique rainbow/password list.

99 responses to “Password Hacking Tools & Software”

  1. hacking tool says:

    How do I download WFUZZ pleaase!

  2. Amr says:

    What do you recommend for password cracking for websites like facebook and twitter

  3. Luckkett says:

    Is there a online password cracker here?

  4. Not.Mav says:

    I need to recover the password for a MacOSx dmg. I know which possible characters I used when I generated the password but I don’t which exactly are in there. Would any of the above tools help?

  5. Misshorty81 says:

    Would any of the above software’s be able to figure out the password to log in to my bank account (online banking)? I know the username and can only remember half of the password. (Long story short, it was a joint account, my husband died, not from this country, having issues dealing with the bank for 3 months now, etc.). If not, do you know any at all?

    • I’d say no. Firstly what you are trying to do is illegal and will get you into a lot of trouble if caught. Just contact the bank and ask them directly? Surely the loss of your husband (sorry to hear that) will facilitate access to the bank account.

  6. Emon says:

    I want to hack Facebook what software do I need?

    • The simple answer is to not Hack Facebook. Don’t get on their radar.

    • Sumana panja says:

      First of all I wanna say you no! Don’t do that cuz its not a good idea if you are not a hacking student.
      Secondly, its not legal. So don’t.
      Thirdly, if you in search of Facebook cracking software than you should wrote in Google that you want a Facebook cracking software particularly with description.

      You can use truthSpy, keylogger as Facebook cracking software or you can do phissing attack, and many more software or methods you can get from google.

  7. Hi Sir, I want to learn hacking for free!

  8. alex says:

    If I don’t know the e-mail which tool you suggest me to use?

  9. Nelson says:

    How do I hack my wife’s account?

    • Patch it up with her – don’t hack her account. If you want to hack your wife’s account there sounds like there’s a lot of distrust. Gaining authorized access is not recommended. Sorry, can’t help you with that.

  10. Asher says:

    Any Credit card hack tools?

  11. Anthony Eminence says:

    What Software will work perfectly for Window 7? I am seeking tools to mainly crack Wifi Passwords

  12. Dany says:

    Hi, I just need to read a recovery email address from an email provider, which is half hidden under dots, when I click password forgotten. Complex situation but the reason is my partner recently died and I would like to retrieve pictures he has stored online, which I believe are on that email. Please, please get in touch. I am happy to explain more. I even have a bunch of his passwords because they were saved on our laptop, but that one in particular was not saved recently, so not on the laptop.

  13. SANDAY MUGENYI says:

    Please i have liked your answers and i admire sir to be like you. i want to become a computer wizard but i have failed to find someone to help me. i just have my laptop but i don’t know how to do it. Can i get your help sir and teach me some tips how to put my laptop in use?

  14. ryan says:

    I want to crack some emails can you tell the online sites to crack it

  15. Sari says:

    Hope this app works better than the other tools I’ve used.

  16. Kurt says:

    I have an old email account, unfortunately I forgot my password sometime back.

    I had it set up where it would send an SMS message to my phone to change the password but I no longer have the phone and Yahoo! Any help you could give me would be greatly appreciated…

    • Hi Kurt – not sure that I can help. If you lost the phone then I’m not sure how you’d be able to see an SMS Text ID that came out of it. Sorry that I can’t help.

  17. Saroj chy says:

    I knew username but no password .. What can I do here ..I have no number also

  18. Ashik says:

    I forgot my new FB password.How can I will get my new password .Please help me . I know the olp password only.

  19. Safwabe says:

    Hello I lost my password Snapchat (I was hacked) but none of his software help me I need help.

  20. Haziq Rafiq says:

    I cannot sign in to my Instagram acc. already tried to reset password but failed. Can somebody help me pls? I’d really appreciate it

  21. Emma says:

    I want msp (MovieStarPlanet) password cracker >:(

  22. Lorrence says:

    I forget my VBA project password. How I recover it?

  23. William Loose says:

    What is a good password hacking program for Folder Lock 7? DO NOT NEED THE MASTER PASSWORD. Need to crack a folder in a folder password that I forgot. Any suggestions.

  24. Muiz says:

    Can yot teach me hacking free..i dont know any thing about hacking but am always eagar learning…teach me please

  25. Vijay says:

    R u coaching in ethical hacking i want learning the course would u want coach in free any tips

  26. kyle bergman says:

    I do not know the password for one of the IP Cameras on this domain its user name is root and it is not the default or normal passwords we would us of course I know the IP. Will one of these hacking programs work?

  27. evans says:

    Can anyone send me the address where I can download this software?

  28. Moshood says:

    How can I crack a password?

  29. majd says:

    My insta account got hacked, any idea or app how can i get it back?

  30. ecm says:

    My friend forgot her yahoo password, what software can she use to get her account back ?

  31. Intruder hack says:

    How can I create a password crack tool by myself, can you give any suggestion on how to do that?

  32. Maria says:

    Buon giorno,
    Sto cercando uno strumento che mi permetta di cracker la psw admin di un server online per valutarne la vulnerabilità, quale tra questi mi consigliereste?

  33. Jin says:

    Hello, pls is there a way to crack a password through email lists? Like loading some email leads in a cracking tools to crack their passwords. Is that possible? Is there any cracking software for that? Thx

    • Yes of course. The tool you want to take a look at is cupp.py and create your own password lists. With regards to “email lists” that is only, possibly, helpful for enumeration and usernames for your target.

  34. Jack says:

    Hi, I’m locked out of my iPad that has alphanumerics and numerals what could I use to get in?

  35. Salim says:

    Hello sir, i have a flk file whihc is a 100 gb file created by folder lock software v7.1.8 which i created back in 2013, unfortunately i dont remmember my password, is there any way to recover my files or password for it?
    Thanks in advance

  36. Simon says:

    Please how can I crack ASC timetable generator to full version

  37. Curtis says:

    I would like to find out someones discord password, if there is something here that can do that please tell me which one and how to download it

  38. Silver Devil says:

    I want to learn all the hacking black white and grey hat

  39. Raftar says:

    How do I hack the pattern and fingerprint removal of realme phones?

  40. Sunny says:

    My Hotmail and facebook account was hacked and I reset the password but the account has been hacked again. The “No Reset” option is not working as settings and data have been changed. Now i know my user id and the old password. Please help before someone uses it for criminal purpose.

    • Sunny it sounds like your accounts have been compromised. Contact Hotmail and Facebook and explain it to them directly. If you are legit – which you are – then you will be well received.

  41. Viki says:

    Hey, i wanna hack my old Apple ID cause my phone is locked and i cant do anything, help me pleasee

  42. Darsh says:

    I want to recover my iPhone’s activation lock but can’t get in. What do I do?

    • The short answer is that I don’t know but I will keep your question here in case anybody is able to chime in and help. I can tell you to be careful though! There are tons of scams out there so don’t pay anyone!

  43. Simon says:

    I want to crack a windows application password to test my software security.
    can you suggest the best program and strategies?

  44. Bonbon says:

    I have a thumb drive that I forgot the password. It was set up a year ago I believe with BitLocker. How can I get the Password? I don’t have the recovery key

  45. Karl says:

    Please, I’ll like to know more about hacking and hacking tools plus how to use them efficiently.

    • Henry Dalziel says:

      YouTube is your friend. Some tools have better tutorials than others of course. What in particular are you trying to learn?

  46. Marcus says:

    Man I forgot my Facebook password after I changed it a couple months ago and the only recovery tool I have is my 15 year old yahoo mail email and I have no idea what it is either I know I set the password on my Facebook app on my phone is there a way to pull that information or pull up old key logs on my phones history?

  47. Faris Alsaadi says:

    Can someone help me get my password for my Microsoft account?

    • Henry Dalziel says:

      What problem do you have? What account are you referring to? Are you trying to regain access to Microsoft Outlook Account or similar?

Leave a Question or Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.