PE-bear has a user-friendly UI and file-comparing utility. So, if you find a bug, you can fix it yourself. This program emulates working with a network. When studying malware samples, you often need to see all their Internet activities: monitor DNS and HTTP queries, sniff traffic and identify IP addresses of the controlling servers for example, if you are dealing with a ransomware bot. Fakenet-NG is fully supported with frequent updates, so this utility can be used in the latest operating sytems.
It would be hard to perform reverse engineering without programs from Sysinternals that monitor how applications access the filesystem and processes. ProcessExplorer shows all processes in a hierarchical tree view, so you can easily see their spawning order. You can also see which dynamic libraries they use, as well as their priority, digital signatures, processor usage and much more.
A handy utility for monitoring registry changes. RegShot takes snapshots of the registry before and after you do some system or software changes. You can see which ports it accesses both local and remote , together with protocols, process identifiers and transmitted packet counters. Overall, this is one of the most useful tools for any hacker! A popular program for editing resources, including manifests, icons, text dialog lines, cursor info and much more.
We have covered the main utilities used for most reverse engineering tasks. I think this should be enough for a beginner. Your own list will grow as you progress. Many reverse engineers end up writing their own targeted programs, plugins and scripts. If you know similar software or want to share links to other useful tools, please do so in the comments!
Click here to cancel reply. Name required. Email will not be published required. Packages used for cracking cryptographic functions, ie hashes. Tool count: BlackArch code-audit. A password dictionary attack tool that targets windows authentication via the SMB protocol. A very fast ssh attacking script which includes a multithreaded port scanning module tcp connect for discovering possible targets and a multithreaded brute-forcing module which attacks parallel all discovered hosts or given ip addresses from a list.
A tool to dump RAM contents to disk aka cold boot attack. Crack legacy zip encryption with Biham and Kocher known plaintext attack. Brute-force attack that supports multiple protocols and services. Try to find the password of a LUKS encrypted volume. Try to find the password of a file that was encrypted with the 'openssl' command.
Try to find the password of an encrypted Peercoin or Bitcoin,Litecoin, etc A simple sshd password bruteforcer using a wordlist, it's very fast for internal networks. It's multithreads. Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts. Crypt and decrypt the cisco enable 5 passwords.
Crypt and decrypt the cisco enable 7 passwords. Company Passwords Profiler helps making a bruteforce wordlist for a targeted company. A python tool to extract various credentials and secrets from Windows registry hives. A brute forcing tool that can be used during penetration tests. Parallel testing also allows the software to perform simultaneous brute-force testing. The flexible user input allows the user to configure each item as either single-entry or multiple-entry, and the modular design means that Medusa requires no modifications to extend the supported list of services.
There is currently no support for Windows. For Kali Linux users, Medusa is already pre-installed. As for privacy, Medusa does not store any information obtained for or inputted by the user.
Any cracked passwords are available only to the user, which may allay some privacy fears. Medusa is completely legal to use as long as users ensure that the passwords obtained are their own or belong to people who have given authority or consent for password recovery.
THC Hydra has seen many comparisons to Medusa as a password cracker, but there are notable differences between the two software. Like Medusa, THC Hydra is also an online password cracking tool that uses a brute-force password guessing method.
In addition to the brute-force method, THC Hydra can also use dictionary attacks, using external wordlists. THC Hydra is free and also open-source, with over 25 regular contributors.
Like the main software, xHydra may also be downloaded from the Github repository. THC Hydra does not collect or store any recovered passwords on online servers. The mere use of THC Hydra is not illegal. Another feature of the program is finding hidden resources like servlets, directories, and scripts.
The tool also supports multiple injection types with multiple dictionaries. WFuzz stands out as more than just a password cracker; the software also allows users to detect vulnerabilities and secure Web applications as a whole. WFuzz is a free tool that makes this list because of its multi-platform support. The software can be installed on Windows, macOS, and Linux. Since WFuzz uses a command-line interface, users may have to be familiar with commands to maximize the use of WFuzz.
WFuzz is legal to use, provided that users limit their use of the program to the legal recovery of passwords. Brutus can recover passwords and usernames from websites, operating systems, and other applications. True to its name, Brutus utilizes a brute-force dictionary attack to retrieve passwords. There are also multiple brute force modes that users can choose from to tweak the exact methodology by which Brutus cracks passwords. Brutus also supports multiple connections, allowing for up to 60 simultaneous connections.
The user can also tweak the precise brute force modes. Unlike most password crackers on the list, Brutus does not support any operating system other than Windows desktop. Additionally, Brutus cannot crack passwords for social media and email accounts. The program also cannot hack complex passwords that consist of numbers, letters, and symbols. Brutus is a free software that does not require command-line knowledge or familiarity from the user.
The graphics user interface allows for relatively easier use than more powerful and more technical password crackers that use only command-line interfaces. For this reason, Brutus is recommended for simple projects and users who are unfamiliar with complex interfaces. Since Brutus does not use any external files like wordlists, users will face minimal privacy issues, if any.
Additionally, the only safety concerns that users may face are hardware-related, as password crackers can be quite taxing on computers.
As with all password crackers, Brutus can be used legally, provided users limit password recovery to their passwords or passwords of people who have authorized password recovery. RainbowCrack is another password cracker tool that uses a rainbow table attack to decipher passwords in hash form. The main technique used is the time-memory trade-off technique which can be accelerated with multiple GPUs. Users can use RainbowCrack to generate rainbow tables to be used in the password cracking process or download preexisting rainbow tables from the Internet.
Just like OphCrack tool L0phtCrack is also a Windows passwords recovery tool uses hashes to crack passwords, with extra features of Brute force and dictionary attacks. It normally gains access to these hashes from directories, network servers, or domain controllers.
Yet it is still the easiest to use password auditing and recovery software available. Pwdump password cracker is capable of extracting LM, NTLM and LanMan hashes from the target in Windows, in case if Syskey is disabled, software has the ability to extract in this condition.
Software is update with extra feature of password histories display if history is available. Extracted data will be available in form that is compatible with L0phtcrack. Recently software is updated to new version called Fgdump as Pwdump not work fine when any antivirus program is running. It is speedy brute force, parallel and modular tool. Software can perform Brute force attack against multiple users, hosts, and passwords. Medusa is pthread-based tool, this feature prevent unnecessarily duplicate of information.
All modules available as an independent. Product-related questions? Product About Support. BACK Multimedia. More Products. Top 10 Password Cracking Tools What is password cracking? Brute Force Password Cracking: Term brute force password cracking may also be referred as brute force attack.
0コメント