mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-12-29 17:16:18 -05:00
18 KiB
18 KiB
Cryptography Ethical Hacking Tools
The following list includes some of the most popular tools to test crypto implementations.
Name | Description |
---|---|
aespipe | Reads data from stdin and outputs encrypted or decrypted results to stdout. |
argon2 | The password hash Argon2, winner of PHC. |
armor | A simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. |
athena-ssl-scanner | a SSL cipher scanner that checks all cipher codes. It can identify about 150 different ciphers. |
auto-xor-decryptor | Automatic XOR decryptor tool. |
bletchley | A collection of practical application cryptanalysis tools. |
brute12 | A tool designed for auditing the cryptography container security in PKCS12 format. |
bruteforce-luks | Try to find the password of a LUKS encrypted volume. |
bruteforce-salted-openssl | Try to find the password of a file that was encrypted with the 'openssl' command. |
bruteforce-wallet | Try to find the password of an encrypted Peercoin (or Bitcoin,Litecoin, etc...) wallet file. |
check-weak-dh-ssh | Debian OpenSSL weak client Diffie-Hellman Exchange checker. |
chrome-decode | Chrome web browser decoder tool that demonstrates recovering passwords. |
cipherscan | A very simple way to find out which SSL ciphersuites are supported by a target. |
ciphertest | A better SSL cipher checker using gnutls. |
ciphr | A CLI tool for encoding, decoding, encryption, decryption, and hashing streams of data. |
cisco5crack | Crypt and decrypt the cisco enable 5 passwords. |
cisco7crack | Crypt and decrypt the cisco enable 7 passwords. |
cloakify | Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Evade AV Detection. |
codetective | A tool to determine the crypto/encoding algorithm used according to traces of its representation. |
cribdrag | An interactive crib dragging tool for cryptanalysis on ciphertext generated with reused or predictable stream cipher keys. |
crypthook | TCP/UDP symmetric encryption tunnel wrapper. |
cryptonark | SSL security checker. |
dagon | Advanced Hash Manipulation. |
daredevil | A tool to perform (higher-order) correlation power analysis attacks (CPA). |
decodify | Tool that can detect and decode encoded strings, recursively. |
deen | Generic data encoding/decoding application built with PyQt5. |
demiguise | HTA encryption tool for RedTeams. |
dislocker | A tool to exploit the hash length extension attack in various hashing algorithms. With FUSE capabilities built in. |
ducktoolkit | Encoding Tools for Rubber Ducky. |
evilize | Tool to create MD5 colliding binaries. |
factordb-pycli | CLI for factordb and Python API Client. |
featherduster | An automated, modular cryptanalysis tool. |
findmyhash | Crack different types of hashes using free online services |
foresight | A tool for predicting the output of random number generators. |
gcrypt | Simple file encryption tool written in C++. |
gnutls2 | A library which provides a secure layer over a reliable transport layer (Version 2) |
gtalk-decode | Google Talk decoder tool that demonstrates recovering passwords from accounts. |
haiti | A CLI tool to identify the hash type of a given hash. |
hash-buster | A python script which scraps online hash crackers to find cleartext of a hash. |
hash-extender | A hash length extension attack tool. |
hash-identifier | Software to identify the different types of hashes used to encrypt data and especially passwords. |
hashcheck | Search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. |
hashdb | A block hash toolkit. |
hasher | A tool that allows you to quickly hash plaintext strings, or compare hashed values with a plaintext locally. |
hashfind | A tool to search files for matching password hash types and other interesting data. |
hashid | Software to identify the different types of hashes used to encrypt data. |
hashpump | A tool to exploit the hash length extension attack in various hashing algorithms. |
hcxkeys | Set of tools to generate plainmasterkeys (rainbowtables) and hashes for hashcat and John the Ripper |
hdcp-genkey | Generate HDCP source and sink keys from the leaked master key. |
hlextend | Pure Python hash length extension module. |
httpsscanner | A tool to test the strength of a SSL web server. |
hyperion-crypter | A runtime encrypter for 32-bit portable executables. |
ja3 | Standard for creating SSL client fingerprints in an easy to produce and shareable way. |
jeangrey | A tool to perform differential fault analysis attacks (DFA). |
kraken | A project to encrypt A5/1 GSM signaling using a Time/Memory Tradeoff Attack. |
libbde | A library to access the BitLocker Drive Encryption (BDE) format. |
littleblackbox | Penetration testing tool, search in a collection of thousands of private SSL keys extracted from various embedded devices. |
luksipc | A tool to convert unencrypted block devices to encrypted LUKS devices in-place. |
morxcrack | A cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords. |
morxkeyfmt | Read a private key from stdin and output formatted data values. |
nomorexor | Tool to help guess a files 256 byte XOR key by using frequency analysis |
omen | Ordered Markov ENumerator - Password Guesser. |
omnihash | Hash files, strings, input streams and network resources in various common algorithms simultaneously. |
openstego | A tool implemented in Java for generic steganography, with support for password-based encryption of the data. |
outguess | A universal steganographic tool. |
pacumen | Packet Acumen - Analyse encrypted network traffic and more (side-channel attacks). |
pip3line | The Swiss army knife of byte manipulation. |
poracle | A tool for demonstrating padding oracle attacks. |
posttester | A jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin. |
pwd-hash | A password hashing tool that use the crypt function to generate the hash of a string given on standard input. |
pwdlyser | Python-based CLI Password Analyser (Reporting Tool). |
pybozocrack | A silly & effective MD5 cracker in Python. |
pyssltest | A python multithreaded script to make use of Qualys ssllabs api to test SSL flaws. |
rdp-cipher-checker | Enumerate the encryption protocols supported by the server and the cipher strengths supported using native RDP encryption. |
rsactftool | RSA tool for ctf - retreive private key from weak public key and/or uncipher data. |
rsatool | Tool that can be used to calculate RSA and RSA-CRT parameters. |
rshack | Python tool which allows to carry out some attacks on RSA, and offer a few tools to manipulate RSA keys. |
rupture | A framework for BREACH and other compression-based crypto attacks. |
sandy | An open-source Samsung phone encryption assessment framework |
sbd | Netcat-clone, portable, offers strong encryption - features AES-128-CBC + HMAC-SHA1 encryption, program execution (-e), choosing source port, continuous reconnection with delay + more |
sha1collisiondetection | Library and command line tool to detect SHA-1 collision in a file |
sherlocked | Universal script packer-- transforms any type of script into a protected ELF executable, encrypted with anti-debugging. |
skul | A PoC to bruteforce the Cryptsetup implementation of Linux Unified Key Setup (LUKS). |
snapception | Intercept and decrypt all snapchats received over your network. |
snow | Steganography program for concealing messages in text files. |
spiped | A utility for creating symmetrically encrypted and authenticated pipes between socket addresses. |
ssdeep | A program for computing context triggered piecewise hashes |
sslcaudit | Utility to perform security audits of SSL/TLS clients. |
ssllabs-scan | Command-line client for the SSL Labs APIs |
sslmap | A lightweight TLS/SSL cipher suite scanner. |
sslscan | A fast tools to scan SSL services, such as HTTPS to determine the ciphers that are supported |
tchunt-ng | Reveal encrypted files stored on a filesystem. |
testssl | Testing TLS/SSL encryption. |
testssl.sh | Testing TLS/SSL encryption |
tls-attacker | A Java-based framework for analyzing TLS libraries. |
tls-map | CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnUTLS, NSS. |
tls-prober | A tool to fingerprint SSL/TLS servers. |
tlsenum | A command line tool to enumerate TLS cipher-suites supported by a server. |
tlsfuzzer | SSL and TLS protocol test suite and fuzzer. |
tlspretense | SSL/TLS client testing framework |
untwister | Seed recovery tool for PRNGs. |
veracrypt | Disk encryption with strong security based on TrueCrypt |
webfixy | On-the-fly decryption proxy for MikroTik RouterOS WebFig sessions. |
x-rsa | Contains a many of attack types in RSA such as Hasted, Common Modulus, Chinese Remainder Theorem. |
xorbruteforcer | Script that implements a XOR bruteforcing of a given file, although a specific key can be used too. |
xorsearch | Program to search for a given string in an XOR, ROL or ROT encoded binary file. |
xortool | A tool to analyze multi-byte xor cipher. |
zulucrypt | Front end to cryptsetup and tcplay and it allows easy management of encrypted block devices. |