A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks. Supports wordlist-based dictionary attacks, date, number range, and alphanumeric brute-forcing, and a custom query builder for password formats. Performs about 50k-100k+ passwords per second utilizing full CPU cores. You can write your own queries like STRING{69-420} which would generate and use a wordlist with the full number range. Specify a maximum and optionally a minimum length for the password search and all passwords of length 4 up to the specified maximum consisting of letters and numbers (a-zA-Z0-9) will be tried.
This tool has been made to crack the password of an XMPP account. The server in question needs to use SASL authentication.
Crack legacy zip encryption with Biham and Kocher's known plaintext attack.
A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based symmetric encryption algorithm referred to as traditional PKWARE encryption, legacy encryption or ZipCrypto. This algorithm generates a pseudo-random stream of bytes (keystream) which is XORed to the entry's content (plaintext) to produce encrypted data (ciphertext). The generator's state, made of three 32-bits integers, is initialized using the password and then continuously updated with plaintext as encryption goes on. This encryption algorithm is vulnerable to known plaintext attacks as shown by Eli Biham and Paul C. Kocher in the research paper A known plaintext attack on the PKZIP stream cipher. Given ciphertext and 12 or more bytes of the corresponding plaintext, the internal state of the keystream generator can be recovered. This internal state is enough to decipher ciphertext entirely as well as other entries which were encrypted with the same password. It can also be used to bruteforce the password with a complexity of nl-6 where n is the size of the character set and l is the length of the password.
Patator is a utility written in Python to brute-force accounts in different kinds of services (like IMAP, SSH, and HTTP) to gain access. Requires a dictionary file. Dependency heavy because it doesn't actually implement any of the protocols itself but instead relies upon a number of Python modules that already do. Read the code carefully before attempting to run it, it's designed to be user-unfriendly to limit the possibility of abuse.
A utility that cracks BIOS passwords.