That got us all thinking -- what would Andy have wanted for his homelab? What would our own spouses do if we suddenly weren't there? Who would close our Azure accounts? Who should get the PureStorage array? For those of us who are The Bill Payers, how would our spouses know which bill is paid by what bank account?
I put together an initial draft to answer these questions for my own wife, and then crowdsourced the rest. So many of my tech friends suggested stuff I hadn't thought of and I'm sure there's more. Initially, I was going to make it a gist, but a friend suggested putting it on GitHub which would make PRs possible.
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
vaults is a password manager featuring client side AES-256 encryption of passwords and notes, PBKDF2 hashing, vaults, and password generation. Separate vaults per user.
Front end, back end, and storage.
Requires PHP8 and MySQL v8. Says that it demands Docker but it can probably be built manually.
l0phtcrack is now open source.
A password manager/generator that takes a master password, a URL, a username, and optionally a serial number (for when you have to change passwords) and (re)generates the password for you. Requires no database or third party storage - the right password is always generated for you. Desktop versions, browser plugins, and a cli tool.
No notepad feature, so no storing your 2fa recovery codes there.
Shaming sites with dumb password rules.
Passky is simple password manager which works on a zero trust architecture. That means only user will be able to decrypt his passwords. So users can safely store their passwords on any server. That means if a server on where all passwords are stored get hacked, hacker won't be able to decrypt passwords and data on this server will be useless for him.
Dockerized webshit, but can be run outside of that context using official instructions for doing so.
REST API only. There are multiple clients for mobile devices, browser addons, and even a webapp.
A smart solution to the problem of passwords. Cloverleaf generates passwords on demand, using the name of the app you're making a password for and a master password to derive a passcode. Enter those two things and you don't need to store the passcode because you can re-generate it whenever you want.
Can be installed as a native app and used offline.
Python implementation of Dropbox's realistic password strength estimator.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. Some of this stuff can be used to prime discovery operations.
Maybe I could use these as password cracking dictionaries?
Give it an identifier or serial number for a Compaq, Dell, Fujitsu, HP, Insyde, Phoenix, Sony, or Samsung laptop, and it'll generate a backdoor passcode to get into the system settings.
World's fastest and most advanced password recovery utility
An online password generator/decoder for the Mega Man games, Castlevania 2, Metroid, Solar Jetman, the Guardian Legend, Faxanadu, and Battle of Olympus. Pick the options you want and it'll build you a password. Type in a password and it'll show you what it means.
A Windows password cracker that uses rainbow tables. A LiveCD is also available.
Password hashes that may be freely downloaded to stage memory/time tradeoff attacks.
A database of manufacturers of home office routers and their default login credentials.
A next-generation brute-force login cracker for many different applications and operating systems. Runs as a multi-threaded application for efficiency. Uses a modular system to implement new authentication protocols and application connectors.
A massive online database of default passwords for networking hardware, embedded devices, and operating systems.
A utility used to extract user credentials and other secrets from the Windows registry hives offline.
4220 links, including 280 private