[Kali]--密碼工具

密碼工具

cewl

爬取一個指定的url，傳回一個單詞清單。一款密碼自動化定制工具。

CeWL 5.4.8 (Inclusion) Robin Wood ([email protected]) (https://digi.ninja/)

Usage: cewl [OPTIONS] …

OPTIONS:
      -h, --help: Show help.
      -k, --keep: Keep the downloaded file.	# 儲存下載下傳的檔案
      -d <x>,--depth <x>: Depth to spider to, default 2.	# 在目标網站上要爬取的連結深度，預設為2
      -m, --min_word_length: Minimum word length, default 3.	# 指定收錄詞彙的最小長度
      -o, --offsite: Let the spider visit other sites.	# 允許爬取其他網站
      --exclude: A file containing a list of paths to exclude.	# 排除包含路徑清單的檔案
      --allowed: A regex pattern that path must match to be followed.	#遵循的路徑正規表達式
      -w, --write: Write the output to the file.	# 将結果儲存的檔案
      -u, --ua <agent>: User agent to send.	# 要發送的useragent
      -n, --no-words: Don't output the wordlist.	# 不輸出單詞表
      --lowercase: Lowercase all parsed words.	# 單詞表的小寫
      --with-numbers: Accept words with numbers in as well as just letters.	#接受帶數字的字母和單詞
      --convert-umlauts: Convert common ISO-8859-1 (Latin-1) umlauts (ä-ae, ö-oe, ü-ue, ß-ss)
      -a, --meta: include meta data.	# 包含網頁中的meta資料
      --meta_file file: Output file for meta data.	#将meta資料輸出檔案
      -e, --email: Include email addresses.	#包含郵件位址
      --email_file <file>: Output file for email addresses.	# 郵件位址輸出檔案
      --meta-temp-dir <dir>: The temporary directory used by exiftool when parsing files, default /tmp.
      -c, --count: Show the count for each word found.	# 統計每個單詞出現的次數
      -v, --verbose: Verbose.	# 顯示進度
      --debug: Extra debug information.	# 額外的debug資訊
  
      Authentication	# 認證
      --auth_type: Digest or basic.
      --auth_user: Authentication username.
      --auth_pass: Authentication password.
  
      Proxy Support	# 代理
      --proxy_host: Proxy host.
      --proxy_port: Proxy port, default 8080.
      --proxy_username: Username for proxy, if required.
      --proxy_password: Password for proxy, if required.
  
      Headers
      --header, -H: In format name:value - can pass multiple.
  
  <url>: The site to spider.
  
  eg：cewl -w words.txt -d 1 -m 5 www.xxx.com:
  在xxx網站上檢索的連結深度為1，詞彙最小長度為5，并将檢索結果輸出到words.txt檔案中。
           

crunch

密碼字典建立工具，将限定字元集的所有可能組合都排列出來，或者生成既定長度的排列組合。

crunch version 3.6

Crunch can create a wordlist based on criteria you specify. The output from crunch can be sent to the screen, file, or to another program.

Usage: crunch [options]

where min and max are numbers

Please refer to the man page for instructions and examples on how to use crunch.

OPTIONS:

​ -b :指定輸出檔案的大小。僅在-o START使用時生效。

​ -c：指定檔案的行數，也就是單詞個數。僅在-o START使用時生效。

​ -d：限制字元重複的次數

​ -e：遇到該字元，crunch會提前結束

​ -f：從檔案中擷取字元集（kali密碼庫檔案：/usr/share/crunch/charset.lst)

​ -i：反轉輸出内容

​ -o：指定輸出檔案

​ -p：告訴crunch生成不包含重複字元的詞

​ -s：指定起始字元串

​ -t：指定模式：@表示小寫字母，,表示大寫字母，%表示數字，^表示符号

​ -z：壓縮，-o選項指定的輸出

root使用者生成的檔案位置：/root

Hydra

Hydra v9.0 © 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [service://server[:PORT][/OPT]]

Options:

-R restore a previous aborted/crashed session # 恢複上一次進度破解

-S        perform an SSL connect	# 采用SSL連接配接

-s PORT   if the service is on a different default port, define it here	# 指定端口

-l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE	# l使用者名，L使用者名字典

-p PASS  or -P FILE  try password PASS, or load several passwords from FILE	# p密碼，P密碼字典

-e nsr    try "n" null password, "s" login as pass and/or "r" reversed login	# n-空密碼試探，s-指定使用者名跟密碼試探

-C FILE   colon separated "login:pass" format, instead of -L/-P options	# 冒号分隔格式，代替-L,-P

-M FILE   list of servers to attack, one entry per line, ':' to specify port	# 指定目标清單檔案，一行一條，冒号指定端口

-o FILE   write found login/password pairs to FILE instead of stdout	# 将結果儲存到檔案

-f / -F   exit when a login/pass pair is found (-M: -f per host, -F global)	# 在使用-M參數以後，找到第一對登入名或者密碼的時候退出
-t TASKS  run TASKS number of connects in parallel per target (default: 16)	# 線程數

-w / -W TIME  wait time for a response (32) / between connects per thread (0)	# 最大逾時時間

-4 / -6   use IPv4 (default) / IPv6 addresses (put always in [] also in -M)	# 使用IPv4或ipv6位址

-v / -V / -d  verbose mode / show login+pass for each attempt / debug mode 	# 顯示詳細過程

-O        use old SSL v2 and v3	# 指定SSLv2或v3

-q        do not print messages about connection errors	# 連接配接錯誤不顯示資訊

server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service   the service to crack (see below for supported protocols)
OPT       some service modules support additional input (-U for module help)
           

支援的協定

Supported services: adam6500 asterisk cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

The newest version is always available at https://github.com/vanhauser-thc/thc-hydra

代理設定

Use HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.

E.g. % export HYDRA_PROXY=socks5://l:[email protected]:9150 (or: socks4:// connect://)

% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 entries)

% export HYDRA_PROXY_HTTP=http://login:[email protected]:8080

% export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)

Examples:

hydra -l user -P passlist.txt ftp://192.168.0.1

hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN

hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5

hydra -l admin -p password ftp://[192.168.0.0/24]/

hydra -L logins.txt -P pws.txt -M targets.txt ssh

# hydra -L users.txt -P password.txt -t 1 -vV -e ns -o save.log 192.168.1.104 ssh

FTP:
# hydra ip ftp -l 使用者名 -P 密碼字典 -t 線程(預設16) -vV
# hydra ip ftp -l 使用者名 -P 密碼字典 -e ns -vV

WEB:GET
# hydra -l 使用者名 -p 密碼字典 -t 線程 -vV -e ns ip http-get /admin/
# hydra -l 使用者名 -p 密碼字典 -t 線程 -vV -e ns -f ip http-get /admin/index.php

HTTPS:
# hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https

CISCO
# hydra -P pass.txt 10.36.16.18 cisco
# hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable
           

Jonh the Ripper

破解哈希值。