A smart solution to the problem of passwords. Cloverleaf generates passwords on demand, using the name of the app you're making a password for and a master password to derive a passcode. Enter those two things and you don't need to store the passcode because you can re-generate it whenever you want.
Can be installed as a native app and used offline.
Python implementation of Dropbox's realistic password strength estimator.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. Some of this stuff can be used to prime discovery operations.
Maybe I could use these as password cracking dictionaries?
The EFF has put together d20 based fandom wordlists for diceware.
Add them to diceware.py.
Give it an identifier or serial number for a Compaq, Dell, Fujitsu, HP, Insyde, Phoenix, Sony, or Samsung laptop, and it'll generate a backdoor passcode to get into the system settings.
World's fastest and most advanced password recovery utility
An online password generator/decoder for the Mega Man games, Castlevania 2, Metroid, Solar Jetman, the Guardian Legend, Faxanadu, and Battle of Olympus. Pick the options you want and it'll build you a password. Type in a password and it'll show you what it means.
A huge list of default usernames and passwords for many operating systems and network-enabled devices.
A Windows password cracker that uses rainbow tables. A LiveCD is also available.
Password hashes that may be freely downloaded to stage memory/time tradeoff attacks.
A database of manufacturers of home office routers and their default login credentials.
A next-generation brute-force login cracker for many different applications and operating systems. Runs as a multi-threaded application for efficiency. Uses a modular system to implement new authentication protocols and application connectors.
A massive online database of default passwords for networking hardware, embedded devices, and operating systems.
A utility used to extract user credentials and other secrets from the Windows registry hives offline.
A free utility for Windows that extracts your wireless keys in case you forget them.
An offline method of generating passwords using a randomized matrix of characters. You pick out your password by remembering a symbol, a color, and a direction. Much easier to use than it sounds.
Hashkill is a FOSS password cracker that uses the OpenSSL libraries as its back end. It uses plugins to implement different password types, hashes, and even file types (like passworded .zip files). It's even CUDA aware and can use Nvidia GPUs to accelerate password cracking.
An open source brute-force passphrase cracker for attacking Truecrypt volumes. Can attack volumes that use the RIPEMD160 and AES-XTS cryptosystems by either throwing a dictionary at it or by generating pseudorandom passphrases from a user-defined set of characters. CUDA-aware, so nVidia graphics cards can be used to accelerate the process.
How to configure password complexity on Redhat Linux machines (and its derivatives). After playing with it for a while, I'd call this a best practice because it requires all of the different character classes but doesn't give you bonus points for using any one (i.e., you have to use them all, but they could the same insofar as character scoring is concerned).