Projects

admittance

A application that will populate password and, optionally, a username, for any application requiring standard, password-based authentication. Built around the concept of password hashes, this add-on never stores any site's passwords nor any information from which a password can be derived ... [More] either through brute-force or any other cracking methods. Passwords are generated on-the-fly for any site that requires authentication. All generation criteria with the exception of site and a hint are also hashed and only accessible via correct pass-phrase. This is an added level of security so that criteria can be publicly accessible while still securing most password generation criteria. [Less]

Openwall - phpass

phpass is a portable password hashing framework for use in PHP applications. The preferred (most secure) hashing method supported by phpass is the OpenBSD-style bcrypt (known in PHP as CRYPT_BLOWFISH), with a fallback to BSDI-style extended DES-based hashes (known in PHP as CRYPT_EXT_DES), and a ... [More] last resort fallback to an MD5-based variable iteration count password hashing method implemented in phpass itself. [Less]

Enlarge Your Password!

This is a very simple web app, designed for everyday use. The goal is to generate a strong password to access a web site by filling in a form with simple yet unique information. All inputs are optional and the password is generated on the fly, which lets the user choose the level of details to get ... [More] more or less security. The same password is generated consistently for the same inputs. Different versions of the SHA algorithm are applied to the string resulting from the concatenation to generate passwords of different lengths: * MD5 generates passwords of 32 characters (size M) * SHA-1 generates passwords of 40 characters (size L) * SHA-256 generates passwords of 56 characters (size XL) * SHA-512 generates passwords of 128 characters (size XXL) [Less]

tomcat-user-loader

You need to use this utility if you can answer yes to one of these questions? Do you have a java web application that requires users authentication? Do you actually store your passwords in a database, or worse off, in tomcat-users.xml?  Are you passwords in Plaintext, either in a database ... [More] , or (gasp) in tomcat-users.xml? Google, please add HTML Support [Less]

keimpx

keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be: * Combination of user / plain-text password. Combination of user / NTLM hash. * Combination ... [More] of user / NTLM logon session token. If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can: * Spawn an interactive command prompt. * Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc. * Deploy and undeploy his own service, for instance, a backdoor listening. [Less]

uniquepasswordbuilder

That jetpack builds an unique and strong password for each web site you visit. It combines a master password (never stored) with the web page location hashed by SHA1 and transformed to ASCII characters. A checkbox allows you to choose if the generated password may contain specials characters or ... [More] only plain text (number, lower and upper case letters). You will find that Jetpack on the Mozilla Jetpack gallery. The source code contains a suite of unit tests written using QUnit. That jetpack includes a SHA1 script from Chris Veness. Many thanks ! [Less]

pwdhash-bookmarklet

This bookmarklet is a bookmarklet version of PwhHash 1.7 for Mozilla Firefox. Trunk tarball download at : http://pwdhash-bookmarklet.googlecode.com/svn/pwdhash-bookmarklet-trunk.tar.gz Demo available at : http://bookmarklets.infocris.net How To Use ?Go to your favorite website login page Enter ... [More] your password in the password input field Then launch the bookmarklet from your bookmark list, the bookmarklet will automatically find the password input field and automatically convert it. [Less]

salty-py

DescriptionPython based salt bruteforcer for known hashes. Useful when you want to find out how a certain application hashes its passwords when you have both the password and the hash. This project is still in its inception but we plan on supporting more hashes and complex functions in the near ... [More] future. For example, you were able to obtain a list of application password hashes stored in a database, including your own. To be able to brute force for other users' passwords you would first need to know how the application hashes these passwords. Salty-py attempts to guess the salt used to hash the passwords by prepending/appending user supplied salt and comparing the resultant hash to the known hash. Example usagepython salty-py -a MD5 -p password -r 9e107d9d372bb6826bd81d3542a419d6 -w wordlist.txt [Less]

chrome-pwdhash

Pwdhash extension for Google Chrome Stable version : https://chrome.google.com/extensions/detail/dnfmcfhnhnpoehjoommondmlmhdoonca Beta version : https://chrome.google.com/webstore/detail/eifhjhiaidpibjankeadbhfebndhbajk This extension is a pwdhash port for Google Chrome. Official pwdhash ... [More] project home can be found here : https://www.pwdhash.com/ [Less]