Password Topics (CloudMonk.io)

==Password Topics=

Return to Password

CIA triad

From the article Passwordless authentication:
* Authentication
* FIDO Alliance
* Password cracking
* Password fatigue
* Password policy
* Password psychology
* Password strength
* Pre-shared key
* Usability of web authentication systems

* cryptographic hash function (CHF)

Dictionary attack software


Dictionary attack:
* Cain and Abel (software) - Cain and Abel
* Crack (password software) - Crack
* Aircrack-ng
* John the Ripper
* L0phtCrack
* Metasploit Project
* Ophcrack
* Cryptool



Passwords: Password topics, Passwordless, Password manager - Password management, Authentication, Personal identification number (PIN), Single signon, MFA-2FA, Microsoft Hello, Apple Face ID, Facial recognition, Biometric authentication, Iris recognition, Mainframe passwords (IBM RACF, Retinal scan, Eye vein verification, Recognition, Fingerprint recognition, Password cracking, Password hashing, Popular passwords, Strong passwords, Rainbow table, Secrets - Secrets management (HashiCorp Vault, Azure Vault, AWS Vault, GCP Vault)). (navbar_passwords)
----

https://github.com/topics/password

Here are 3,167 public repositories matching this topic...

* keepassxreboot / keepassxc - KeePassXC is a cross-platform community-driven port of the Windows applicationKeepass Password Safe”. - Keywords: windows, macos, linux, security, privacy, cross-platform, password-manager, yubikey, password, keepass, hacktoberfest, keepassxc

C++

* hashcat - World's fastest and most advanced password recovery utility - Keywords: c, opencl, cuda, password, gpgpu, hashes, cracking, hashcat

* keeweb - Free cross-platform password manager compatible with KeePass
electron
javascript
security
password-manager
keeweb
password
keepass

JavaScript

berzerk0 / Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and password testing - make sure your passwords aren't popular!

dictionary
password
wordlist
password-strength
password-safety
dictionary-attack

* MacPass - A native OS X KeePass client

macos
objective-c
password-manager
password
keepass
kdbx
macpass
autotype

Objective-C


openwall / john - Open Have some *2john programs explain that it's normal to have large output

Our users are often confused by the output from programs such as zip2john sometimes being very large (multi-gigabyte). Maybe we should identify and enhance these programs to output a message to stderr to explain to users that it's normal for the output to be very large - maybe always or maybe only when the output size is above a threshold (e.g., 1 million bytes?)


supertokens / supertokens-core - Open (Intermediate) Docker image's error log not in stderr

The repo containing the Dockerfile and the entrypoint is here.

* lesspass - 🔑 stateless open source password manager

privacy
password-manager
password
self-hosted
anonymous
passwords
lesspass

JavaScript


* TheKingOfDuck / fuzzDicts - Web Pentesting Fuzz 字典,一个就够了。

directory
password
fuzzing
fuzz-testing
pentesting
username
fuzzer
wfuzz
paramter

Python


* K8tools - k8gege - K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

database
apt
exploit
scanner
hacking
password
poc
brute-force
pentest
bypass
crack
privilege-escalation
0day
getshell
netscan
rar-mysql

Updated 21 days ago

PowerShell


k8gege / Ladon - 大型内网渗透扫描器&Cobalt Strike,Ladon9.1.4内置150个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0

security
tools
hack
exploit
scanner
hacking
password
poc
brute-force
pentest
portscan
security-scanner
exp
security-tools
ladon
ipscanner
getshell
netscan

Updated 15 days ago

C#


* Mebus / cupp - Common User Passwords Profiler (CUPP)

password
wordlist
password-strength
weak-passwords
dictionary-attack
wordlist-generator


Python

jaredhanson / passport-local - Username and password authentication strategy for Passport and Node.js.

password
passport

JavaScript


ignis-sec / Pwdb-Public - A collection of all the data i could extract from 1 billion leaked credentials from internet.

password
infosec
seclists
rockyou


* khast3x / h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

osint
email
hacking
password
recon
leak
hibp
haveibeenpwned
breach
kali
theharvester
breach-compilation

Python


* robinmoisson / staticrypt - Password protect a static HTML page

javascript
html
cli
encryption
password
static-html

JavaScript


* panique / huge - Simple user-authentication solution, embedded into a small framework.

php
framework
authentication
password
auth
authorization
password-hash
user-auth


PHP


* drduh / pwd.sh - GPG symmetric password manager

bash
unix
encryption
password-manager
gnupg
gpg
password
bash-script
file-encryption


Shell


* accounts-js / accounts - Fullstack authentication and [[accounts-management] for Javascript.

graphql
oauth
rest
password
accounts
sessions

TypeScript


* ranisalt / node-argon2 - Node.js bindings for Argon2 hashing algorithm

hashing
crypto
encryption
argon2
password

JavaScript


* deepfence / SecretScanner - Find secrets and Find passwords in container images and file systems

docker
kubernetes
security
containers
secrets
password
k8s
vulnerability-scanners
security-tools
devsecops
secret-keys
secrets-management
secrets-detection
scanning-tool
infosectools

Go


* sc0tfree / mentalist - Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

password
wordlist
cracking
wordlist-generator
wordlist-technique
cracking-hashes

Python


* insightglacier / Dictionary-Of-Pentesting - [Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

dns
database
spring-boot
dictionary
fingerprint
wifi
password
bruteforce
subdomain
rce
fuzzing
pentesting
regex-pattern
bugbounty
pentest
payloads
iot-security
websecurity
bugbountytips
bughunting-methodology


Shell


* Viralmaniar / Passhunt - Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

security
password
cybersecurity
penetration-testing
pentest-tool
security-testing
default-password
default-credentials


Python


* browserpass / browserpass-legacy - Legacy Browser pass repo, development is now happening at:

go
firefox
chrome
password


JavaScript


* duyet / bruteforce-database - Bruteforce database

password
bruteforce
brute-force-attacks
brute-force
duyetdev
password-dictionaries
seclists


* unosquare / passcore - A self-service password management tool for Active Directory

react
recaptcha
dotnet
powershell
dotnetcore
password-manager
password
iis
activedirectory
ssl-certificate
self-service
password-meter
application-pool


C#


* CRAnimation / CRBoxInputView - Verify code input view. Support security type for password. 短信验证码输入框,支持密文模式

mobile
placeholder
phone-number
phone
uitextfield
password
uitextview
verifycode
verifycodeview

Objective-C


* ltb-project / self-service-password - Web interface to change password and reset password in an LDAP directory

ldap
password
self-service
self-service-password


PHP


* K8CScan - k8gege / K8CScan - K8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动

mysql
security
exploit
ftp
scanner
ipc
smb
oracle
hacking
password
subdomain
wmi
poc
mssql
pentest
crack
portscan
cobalt-strike
getshell
netscan


Fair Use Source: https://github.com/topics/password



Passwords: Password Policies, Password Complexity Requirements, Password Expiration Policies, Password Rotation, Password History, Password Length, Multi-Factor Authentication, Password Managers, Secure Password Storage, Password Hashing Algorithms, Salted Password Hashing, Password Encryption, Password Recovery Processes, Password Reset Procedures, Password Audits, Password Strength Meters, Password Generation Algorithms, Biometric Authentication as Password Replacement, Single Sign-On (SSO) Systems, Two-Factor Authentication Methods, Passwordless Authentication, Social Login Integration, Phishing Resistance Techniques, User Education on Password Security, Account Lockout Mechanisms, Brute Force Attack Prevention, Dictionary Attack Mitigation, Credential Stuffing Defense Strategies, Security Questions for Password Recovery, Email Verification for Password Reset, Mobile Authentication for Password Management, Password Sharing Practices, Compliance Standards for Password Management, Password Synchronization Techniques, Password Aging Policies, Role-Based Password Access Control, Password Change Notifications, Temporary Passwords Handling, Password Encryption at Rest and in Transit, Third-Party Password Manager Security, Password Policy Enforcement Tools, User Behavior Analytics for Password Security, Zero Trust Approach to Password Management, Password Security for Remote Workers, Password Security Auditing Tools, Password Vulnerability Scanning, Automated Password Reset Solutions, Secure Password Exchange Protocols, Password Entropy Measurement



Passwords GitHub, Password topics, Passwordless, Password manager - Password management (LastPass, 1Password), Authentication, Personal identification number (PIN), Single signon, MFA-2FA, Microsoft Hello, Apple Face ID, Facial recognition, Biometric authentication, Iris recognition, Mainframe passwords (IBM RACF, Retinal scan, Eye vein verification, Recognition, Fingerprint recognition, Password cracking, Password hashing, Popular passwords, Strong passwords, Rainbow table, Secrets - Secrets management (HashiCorp Vault, Azure Vault, AWS Vault, GCP Vault), Passkeys, Awesome passwords (navbar_passwords - See also: navbar_passkeys, navbar_iam, navbar_pentesting, navbar_encryption, navbar_mfa)

----



Cloud Monk is Retired (impermanence |for now). Buddha with you. Copyright | © Beginningless Time - Present Moment - Three Times: The Buddhas or Fair Use. Disclaimers



SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.



----