Here, you can find the list of tools from weakpass.com for password and hash cracking in one place.
All of the tools and libraries you can find in separate folders, a quick overview of the tools if you want to try them right now
Generate a wordlist based on user-provided keywords for targeted password testing.
Try it online: Passgen
For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organization name with some date, special character, etc. Therefore, it is simpler and easier to test some combinations before launching more complex and time-consuming checks. For example, cracking a Wi-Fi password with a wordlist can take several hours and can fail, even if you choose a great wordlist because there was no such password in it like Evilcorp2019.
Perform secure hash lookups without submitting sensitive data to a server using the Range API.
Try it online: Lookup
Reveal passwords for MD5, NTLM, SHA1, or SHA256 hashes using the precomputed weakpass4.merged.txt
file without sending your hash to the backend. The primary advantage is that all hash checks are done client-side, ensuring that your data remains secure and private.
Additionally, you can host and build the database for this tool locally and in-house. To do so, use one of the precomputed tables available here and set up an API to serve hash ranges by value.
A server example that “works” with this database structure can be found in the repository.
Determine if your password has been compromised or is vulnerable to rule-based attacks.
Online: Passcheck
This tool checks if your password exists in the weakpass_4.merged wordlist using a range lookup API.
But what if someone decided to use a rule-based attack? Is your password safe for rule-based attacks? Beyond that, it simulates rule-based attacks by applying “reverse” hashcat rules to identify potential candidates that could be used with the rules to crack your password.
Crack hashes directly in your browser with this JavaScript-based tool.
Try it online: Kraker-js