密碼工具
cewl
爬取一個指定的url,傳回一個單詞清單。一款密碼自動化定制工具。
CeWL 5.4.8 (Inclusion) Robin Wood ([email protected]) (https://digi.ninja/)
Usage: cewl [OPTIONS] …
OPTIONS: -h, --help: Show help. -k, --keep: Keep the downloaded file. # 儲存下載下傳的檔案 -d <x>,--depth <x>: Depth to spider to, default 2. # 在目标網站上要爬取的連結深度,預設為2 -m, --min_word_length: Minimum word length, default 3. # 指定收錄詞彙的最小長度 -o, --offsite: Let the spider visit other sites. # 允許爬取其他網站 --exclude: A file containing a list of paths to exclude. # 排除包含路徑清單的檔案 --allowed: A regex pattern that path must match to be followed. #遵循的路徑正規表達式 -w, --write: Write the output to the file. # 将結果儲存的檔案 -u, --ua <agent>: User agent to send. # 要發送的useragent -n, --no-words: Don't output the wordlist. # 不輸出單詞表 --lowercase: Lowercase all parsed words. # 單詞表的小寫 --with-numbers: Accept words with numbers in as well as just letters. #接受帶數字的字母和單詞 --convert-umlauts: Convert common ISO-8859-1 (Latin-1) umlauts (ä-ae, ö-oe, ü-ue, ß-ss) -a, --meta: include meta data. # 包含網頁中的meta資料 --meta_file file: Output file for meta data. #将meta資料輸出檔案 -e, --email: Include email addresses. #包含郵件位址 --email_file <file>: Output file for email addresses. # 郵件位址輸出檔案 --meta-temp-dir <dir>: The temporary directory used by exiftool when parsing files, default /tmp. -c, --count: Show the count for each word found. # 統計每個單詞出現的次數 -v, --verbose: Verbose. # 顯示進度 --debug: Extra debug information. # 額外的debug資訊 Authentication # 認證 --auth_type: Digest or basic. --auth_user: Authentication username. --auth_pass: Authentication password. Proxy Support # 代理 --proxy_host: Proxy host. --proxy_port: Proxy port, default 8080. --proxy_username: Username for proxy, if required. --proxy_password: Password for proxy, if required. Headers --header, -H: In format name:value - can pass multiple. <url>: The site to spider. eg:cewl -w words.txt -d 1 -m 5 www.xxx.com: 在xxx網站上檢索的連結深度為1,詞彙最小長度為5,并将檢索結果輸出到words.txt檔案中。
crunch
密碼字典建立工具,将限定字元集的所有可能組合都排列出來,或者生成既定長度的排列組合。
crunch version 3.6
Crunch can create a wordlist based on criteria you specify. The output from crunch can be sent to the screen, file, or to another program.
Usage: crunch [options]
where min and max are numbers
Please refer to the man page for instructions and examples on how to use crunch.
OPTIONS:
-b :指定輸出檔案的大小。僅在-o START使用時生效。
-c:指定檔案的行數,也就是單詞個數。僅在-o START使用時生效。
-d:限制字元重複的次數
-e:遇到該字元,crunch會提前結束
-f:從檔案中擷取字元集(kali密碼庫檔案:/usr/share/crunch/charset.lst)
-i:反轉輸出内容
-o:指定輸出檔案
-p:告訴crunch生成不包含重複字元的詞
-s:指定起始字元串
-t:指定模式:@表示小寫字母,,表示大寫字母,%表示數字,^表示符号
-z:壓縮,-o選項指定的輸出
root使用者生成的檔案位置:/root
Hydra
Hydra v9.0 © 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [service://server[:PORT][/OPT]]
Options:
-R restore a previous aborted/crashed session # 恢複上一次進度破解
-S perform an SSL connect # 采用SSL連接配接 -s PORT if the service is on a different default port, define it here # 指定端口 -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE # l使用者名,L使用者名字典 -p PASS or -P FILE try password PASS, or load several passwords from FILE # p密碼,P密碼字典 -e nsr try "n" null password, "s" login as pass and/or "r" reversed login # n-空密碼試探,s-指定使用者名跟密碼試探 -C FILE colon separated "login:pass" format, instead of -L/-P options # 冒号分隔格式,代替-L,-P -M FILE list of servers to attack, one entry per line, ':' to specify port # 指定目标清單檔案,一行一條,冒号指定端口 -o FILE write found login/password pairs to FILE instead of stdout # 将結果儲存到檔案 -f / -F exit when a login/pass pair is found (-M: -f per host, -F global) # 在使用-M參數以後,找到第一對登入名或者密碼的時候退出 -t TASKS run TASKS number of connects in parallel per target (default: 16) # 線程數 -w / -W TIME wait time for a response (32) / between connects per thread (0) # 最大逾時時間 -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M) # 使用IPv4或ipv6位址 -v / -V / -d verbose mode / show login+pass for each attempt / debug mode # 顯示詳細過程 -O use old SSL v2 and v3 # 指定SSLv2或v3 -q do not print messages about connection errors # 連接配接錯誤不顯示資訊 server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option) service the service to crack (see below for supported protocols) OPT some service modules support additional input (-U for module help)
支援的協定
Supported services: adam6500 asterisk cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
The newest version is always available at https://github.com/vanhauser-thc/thc-hydra
代理設定
Use HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.
E.g. % export HYDRA_PROXY=socks5://l:[email protected]:9150 (or: socks4:// connect://)
% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 entries)
% export HYDRA_PROXY_HTTP=http://login:[email protected]:8080
% export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)
Examples:
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
hydra -l admin -p password ftp://[192.168.0.0/24]/
hydra -L logins.txt -P pws.txt -M targets.txt ssh
# hydra -L users.txt -P password.txt -t 1 -vV -e ns -o save.log 192.168.1.104 ssh FTP: # hydra ip ftp -l 使用者名 -P 密碼字典 -t 線程(預設16) -vV # hydra ip ftp -l 使用者名 -P 密碼字典 -e ns -vV WEB:GET # hydra -l 使用者名 -p 密碼字典 -t 線程 -vV -e ns ip http-get /admin/ # hydra -l 使用者名 -p 密碼字典 -t 線程 -vV -e ns -f ip http-get /admin/index.php HTTPS: # hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https CISCO # hydra -P pass.txt 10.36.16.18 cisco # hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable
![](https://img.laitimes.com/img/__Qf2AjLwojIjJCLyojI0JCLicmbw5SMjJWZ0kTM0YTN3AzYzEGM0EGOhN2N4ETNmZzNlVTY38CX0JXZ252bj91Ztl2Lc52YucWbp5GZzNmLn9Gbi1yZtl2Lc9CX6MHc0RHaiojIsJye.png)
Jonh the Ripper
破解哈希值。