Open Source BSD Brute Force Tools

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman's original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.

SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using several firewall backends, including iptables, ipfw, and pf.

This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected. You can test module here: http://www.iosec.org/test.php (demo) Watch the Proof of Concept video: http://goo.gl/dSiAL Hakin9 IT Security Magazine Article about IOSEC http://goo.gl/aQM4Di (different format -> http://goo.gl/JKMUPN) IJNSA Article at http://goo.gl/LLxRdX WP Plugin Page http://goo.gl/nF5nD CHANGES v.1.8.2 - Iptables Auto Ban Bash Script Included - Token Access via Implicit Deny - Reverse Proxy Support - reCAPTCHA Support Do you want more features? Check for third party addons http://sf.net/projects/iosecaddons Gökhan Muharremoğlu

Generic clustering/load-balancing platform (over a LAN or internet) using java based P2P Aorta workers that execute java "tasklets". Various tasklets can be implemented to solve fractals, process images, render webpages, crack RSA "brute force".

BlockSSHD protects computers from SSH brute force attacks by dynamically blocking IP addresses by adding iptables rules.

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembl

BRUTALIS - BRUTeforce ALternative Is Stupid. Brutalis generate brute force passwords. It can be integrated in any command line for an attack and support resume, character panel, minimum and maximum length, special separating characters and more.

Blaster Scan is a TCP port scanner. It can extract users exploiting vrfy or expn, check anonymous access on FTP, check brute force on FTP and POP3, extract daemons\' versions, and scan for CGI bugs. It also has a SYN port scan, the ability to ping hosts t

An original bruteforce-based encryption/decryption system. BBE was originally conceived to chat with encrypted text on IRC. mIRC and X-Chat support BBE via script addon. BBE can also encrypt MIME encoded files. Blowfish encryption is currently supported.

Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attacker's IP into IPFW table effectively blocking them. Addresses are removed from the table after expiration period

BruteNet is a system of the distributed brute force and distributed calculations built on user extensions capable to solve a great number of problems related to the partition on a lot of machines.With sample extention you can distribute brute md5-hash

A shell script which determines by brute force the best compression format (bzip2, gzip, Z, zip, etc.) and which compression level to use in order to archive a file the smallest possible.

LabMACOSX: Is a laboratory of applications written in Applescript language. Brutosx is brutus.pl remote login and password bruteforce cracker inserted inside the application Brutosx (need only of Net::Telnet Perl module are required get them at CPAN, while the list of users and passwords, and the service is inserted inside the application). SSHOSX is ssh application client to establish an ssh connection from client to server, Nmaposx is nmap port scanner invoked from the application Nmaposx (Syntax of nmap is inside the application). Packetstorm is all packet storm exploits database all inserted inside in the application Packetstorm, Shoppingosx an example of https connection. The application Ob open four browsers, Tesseract applications container, TAL, Chatosx, AndroMac, AndroEmu, MySMS, Shutdown, Updater, Search for, MyMaps, SOA, BLI, Xcoder, BasicProg, BasicProg2, VM, D,M&Z Suite Basic and D,M&Z Suite Advanced (POSIX based).

md5 hash bruteforce for MPI clusters with mpich2 architecture

This project considers the problem of calculating primes as a sorting problem. It includes the most efficient tree-based sorting algorithm that is possible and shows that finding a new prime can be done by sorting the differences between the previous primes in the right way. Unfortunately it has turned out that going this way is even more slowly than trying to find primes by brute force. So it can only be used as a test with heavy load for the sorting algorithm, which can be used for sorting any kind of data. And as already mentioned, it's just the most efficient tree-based sorting algorithm that you can get. But furthermore this way of finding primes interestingly leaves a hard nut to crack for mathematicians: In very rare cases it finds numbers that are not primes. For all primes below one million this phenomenon arises in exactly two cases: 31213 which is 7 * 7 * 7 * 7 * 13 336141 which is 3 * 3 * 13 * 13 * 13 * 17 Who can explain, why?

Setra is a cross-platform command line utility used to brute-force password protected zip file. It is written in the Python programming language.

Script to automatically update /etc/hosts.deny due to use of an illegal username or excessive bad passwords. Written to prevent the success of a brute force attack.

Valkyries is a parallel programming project designed for and developed on a Beowulf cluster to crack several UNIX systems' passwords by brute-force. Currently implemented system cracks only numerical passwords but it's being developed.

A python script used to generate all possible password combinations for cracking WAP and other logins or password files. This program is open source. If you see the need to repair or change something by all means do so, but share your findings. *HONK* Usage: wordpie.py [-h] [-o OUTPUT] [-min MIN_SIZE] [-max MAX_SIZE] [-N] [-L] [-U] [-S] [-A] [-v] Generate a wordlist with all possible combinations of letters including: -L (Lowercase Letters) -U (Uppercase Letters) -N (Numbers) -S (Special Characters) -A (All Characters, Numbers, and Letters) -min (Minimum Size) -max (Maximum Size) -o outputfile.gz or -o stdout By default -o filename.gz to create a GZ compressed text file of all the words. Use the keyword "stdout" to print to screen or for use with other programs like Aircrack-ng or Medusa ./wordpie.py | xargs -L 1 medusa -h 192.168.1.1 -u admin -M web-form -p ./wordpie.py -o stdout -A | aircrack-ng -b XX:XX:XX:XX:XX:XX -w - *.cap

Cheescloth is a security script that is used to monitor and block email being brute force sent to your mail server by zombie machines in control by spammers and hackers. It also will catch and block hackers trying to hack your server via SSH connection

distributedPHP client is a simple PHP script that can simultaneously activate/send data to as many web scripts as you want. You must open and configure the distributedPHP .php file prior to running it. ditributedPHP client supports activating scripts without data, sending the same data to all scripts, sending unique data to each script or sending user input to each script. Examples of use include: distributed math computation, encryption breaking, SETI@home/folding@home (well, if they made the projects in php..) distributed bruteforce attacks, ddos attacks, distributed processing, etc.. distributedPHP client can be configured to distribute computing to scripts written in a language other than php as long as the script supports html form input (or doesn't require input at all).

Strength in numbers. Existing products we're involved in include port to Linux of Tony Forbes' MFAC for brute-force factorization of MM61 for relatively small factors, and further development and improvement of Tim Charron's ECMnet distributed computing f

Secwatch is an intrusion detection system using log analysis to detect service scan and other brute-force attempts on a server or other computer using system logs and will create temporary firewall rules to block offending IPs