Free cracker software for linux

aircrack is a 802.11 sniffer and WEP/WPA key cracker.
It consists of: airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).
Enhancements:
- airodump: show probing clients as "not associated"
- airodump: dont substract the noise level unless madwifi
- airodump: fixed channel hopping with old orinoco
- airmon.sh: added detection of the zd1211 driver

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method.

This projetc comes with a GTK+ Graphical User Interface and runs on ,Linux Mac OS X (Intel CPU) as well as on Windows.

Aircrack-ng is a set of tools for auditing wireless networks.
- airodump: 802.11 packet capture program
- aireplay: 802.11 packet injection program
- aircrack: static WEP and WPA-PSK key cracker
- airdecap: decrypts WEP/WPA capture files
Aircrack-ng is the next generation of aircrack with lots of new features.
How do I crack a static WEP key ?
The basic idea is to capture as much encrypted traffic as possible using airodump. Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack on the resulting capture file. aircrack will then perform a set of statistical attacks developped by a talented hacker named KoreK.
How do I know my WEP key is correct ?
There are two authentication modes for WEP:
Open-System Authentication: this is the default mode. All clients are accepted by the AP, and the key is never checked: association is always granted. However if your key is incorrect you wont be able to receive or send packets (because decryption will fail), so DHCP, ping etc. will timeout.
Shared-Key Authentication: the client has to encrypt a challenge before association is granted by the AP. This mode is flawed and leads to keystream recovery, so its never enabled by default.
In summary, just because you seem to have successfully connected to the access point doesnt mean your WEP key is correct ! To check your WEP key, try to decrypt a capture file with the airdecap program.
How many IVs are required to crack WEP ?
WEP cracking is not an exact science. The number of required IVs depends on the WEP key length, and it also depends on your luck. Usually, 40-bit WEP can be cracked with 300.000 IVs, and 104-bit WEP can be cracked with 1.000.000 IVs; if youre out of luck you may need two million IVs, or more.
Theres no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, airodump can not report the WEP key length. Thus, it is recommended to run aircrack twice: when you have 250.000 IVs, start aircrack with "-n 64" to crack 40-bit WEP. Then if the key isnt found, restart aircrack (without the -n option) to crack 104-bit WEP.
Enhancements:
- This release adds an ACX injection patch, and updates the rtl8187 patch for 2.6.21.
- It fixes madwifi-ng detection with airmon-ng.
- It fixes 2 bugs in aircrack-ng related to WPA cracking.
- It fixes an old Debian bug (#417388).
- It fixes the use of wlanng, and fixes IP address writing in the CSV file with airodump-ng.
- It fixes a bug in the GUI for Windows and adds a PTW option.

THC-Hydra is the best parallized login hacker: for Samba, FTP, IMAP, Telnet, POP3, HTTP Auth, LDAP, MySQL, VNC, ICQ, NNTP, Socks5, PCNFS, Cisco and more.

Includes SSL support and is part of Nessus. Visit the project web site to download Win32, Palm and ARM binaries.

Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

Currently this tool supports:

TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA (incorporated in telnet module).

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

This tool is for legal purposes only!

If this tool is used as part of a commercial service (e.g. pentest), name, version and web address of this tool must be mentioned in the report.

If this tool is incorporated into a commercial tool (means: it costs money, has license costs or upgrade fees, etc.) or called by it, the name, version and web address of this tool must be mentioned in the report output of the tool. Addtionally, a commercial version, key file, etc. must be made available to the author free of charge.

Bob the Butcher project is a distributed password cracker package.
This is ALPHA software, full of bugs, some of them being likely to be security holes. Besides, there is no client authentification, so anybody could impersonate a client and alter your search results.
Only use it on a trusted network!
Main features:
- Ciphers near source compatibility with John the Ripper. Bob the Butcher benefits from the fast algorithms that have been develloped for John:
Traditionnal DES Solar Designer
BSDI DES [BROKEN] Solar Designer
FreeBSD MD5 [BROKEN] Solar Designer
Windows NTLM (MD4)
MMX/SSE2 bartavelle
Windows Cache (mscash) bartavelle
Raw MD5 (hex-encoded) bartavelle
Raw SHA1 (hex-encoded) bartavelle
MySQL passwords Noah Williamsson
Netscape LDAP SHA Sun-Zero
Netscape LDAP SHA
MMX/SSE2 Bartavelle
Lotus Domino Jeff Fay
Oracle Passwords Bartavelle
- Password cracking speed scales linearly with the number of cracking clients.
- Central server that can handles several jobs, supporting different priorities (in the future.
- Smart keyspace distribution when several jobs are using the same algorithm (not for now).
Usage:
Build instructions
Only works on pentium or later!
./configure --enable-debug
make
cd bob_client
./bob_client -b
If it segfaults, try again with:
./configure --enable-debug --disable-sse2
bob_server
Just run ./bob_server -k SECRET_KEY
bob_admin
Use it to add jobs and check status. For now only he following commands work:
newjob : add a new job
status : gives general status
jobinf : give detailled status
Dont forget to use the -k switch for PSK.
bob_client Put this one on as many computers as possible, and just run:
./bob_client -d -k SECRET_KEY server_host_name
Enhancements:
- Bugfixes in cyphers, support for Solaris, and a prototype Python server.

AUSTRUMI is a bootable Live CD Linux distribution with a business card size (50MB). Imagine the ability to boot your favorite Linux distribution whether you are at home, at school or at work.
Main features:
Graphic
- gqview - image browser
- gimp - Image Manipulation Program
- inkscape - SVG editor
Office
- gcalctool - graphical calculator
- abiword - word processor
- gnumeric - spreadsheet editor
- stardict - dictionary
- bluefish - html editor
- gv - a PostScript and PDF previewer
Network
- nmap - network scaner
- ettercap - sniffer/interceptor/logger for LAN
- airsnort - wireless LAN (WLAN) tool
- gspoof - sending tool of TCP/IP packets
- hydra - login cracker
- LinNeighborhood - samba client
- tsclient - frontend for rdesktop and vncviewer
- telnet - telnet client
- gputty - ssh client
- mtr - traceroute
Internet
- firefox - WWW browser
- gftp - ftp client
- skype - free internet telephony
- gitmail - mail client
- apache - Web server
- vsftpd - ftp server
- xmail - mail server
Multimedia
- mplayer - movie player
- simplecdrx - CD creation and audio manipulation program
Games
- ltris - classic Tetris clone
- atomix - logical game
- xboard:phalanx - chess
- gnomine - variation of minesweeper
- gtkballs - clone of well-known DOS game "Lines"
- gsoko - logical game
- icebreaker - clasic Xonix clone
Other
- emelfm - file manager
- rxvt - color VT102 terminal emulator
- htop - task manager
- xproc - system information
- partimage - partition imaging utility
- voarti - firewall/router
- gtkfind - graphical file finding program
- turma - search (and replace) text
- xfdiff4 - graphical diff frontend
- hexedit - shows/modify a file both in ASCII and in hexadecimal
- gcrontab - a crontab editor

Distributed Network John The Ripper is a client/server framework that wraps around a slightly modified version of John The Ripper.
In contrast to the MPI version of John, dnetj allows the use of nodes which are of differing speeds and for nodes which do not run 24/7.
This tool was written for a number of reasons, firstly the MPI version requires an MPI installation on each node, and for the nodes to be configured together and be roughly the same speed. Also, although other distributed password crackers exist (such as djohn or medussa) they all have their own limitations.
The server loads a set of password hashes, and splits the available keyspace into "work units" of a configurable size. The clients connect and retrieve the hashes, as well as a set of work units to process. Once a client has processed some work units, it connects back to the server to submit the completed units as well as any passwords which have been cracked.
Possible uses include eg, running as a background task on all the workstations in an office.
Note, this tool is at an early stage of development and is likely to be very buggy, although it is functional. Bug reports and/or patches are strongly encouraged.
Main features:
- Distributed client/server model, any number of clients can be supported and can be brought up and down at will
- Support for any cipher supported by John 1.7.2 (additional cipher patches should be able to be applied normally)
- Keep the changes to John to a minimum, so that patches/updates can still be applied without too much fuss
- Uses the same optimized encryption routines as John
- Cracked hashes are stored in the standard john.pot format, so they can be displayed with john -show
- Passwd files sent to clients are sanitised (only the hash is sent, other fields from the passwd file are removed)
- Capability for auto client registration
- Code is intentionally kept clean to aid porting
Supported Platforms
Dnetj has been tested on the following systems:
- Linux/x86
- Linux/amd64
- Linux/sparc
- MacOSX/PPC
- MacOSX/Intel
- Solaris/x86
Version restrictions:
- Clients will sometimes crash if unable to connect to the server for a long period of time.
- Work unit size is limited to a 32bit integer number of crypts (ie: 4294967296)
- Node performance calculations wrap once the node has performed more than 4294967296 crypts, so nodes may appear to be much slower than they truly are.
- Doesnt work with NTLM, as the NTLM hash is stored in a different field of the passwd file.
- Traffic is sent in plain text (this makes debugging easier at this early stage of development)
- Makefile is very basic, and has no configure script, compilation on Solaris requires adding -lnsl -lsocket to the compile command.
Enhancements:
- Basic functionality is implemented, and dnetj is usable, but there are many things still to be implemented and a lot more testing is needed.