Hashes and Passwords

• Rawsec's CyberSecurity Inventory
  • Large list of tools/wordlists

Cracking

• Haiti - identify hashes, tell you the hashcat/john mode to use
  • Install with gem install haiti-hash
• Search That Hash - identify hashes and attempt to crack them
• Hashcat
  • Hash mode examples
• John the Ripper
  • john <hashfile> --format=<format> --wordlist=</path/to/wordlist>
  • Formats

Online Tools

• Hashes.com
• CrackStation

Wordlists

• SecLists
• wordlistctl 

Generating Wordlists

• Mentalist - given a list, creates variations of it (i.e. hello -> h3ll0)
• CeWL - grab words from a URL
      - e.g. download all words from example.org with a depth of 2: cewl -d 2 -w $(pwd)/example.txt https://example.org
• TTPassGen
      - e.g. create wordlist containing all combinations of 4 digits ttpassgen --rule '[?d]{4:4:*}' out.txt
      - all lowercase character combinations of length 1 - 3 ttpassgen --rule '[?l]{1:3:*}' out.txt
      - combination of the above: ttpassgen --dictlist 'pin.txt,abc.txt' --rule '$0[-]{1}$1' combination.txt