Hashcat
GPU-accelerated password recovery and hash cracking supporting hundreds of algorithms and attack modes.
Why it is included
Fastest open stack for verifying password policy strength on dumps you legally possess.
Best for
Crack-the-hash labs, CTFs, and policy audits on owned material.
Strengths
- GPU speed
- Rules engines
- Huge algo list
Limitations
- Never use on stolen data; export/compliance for hardware
Good alternatives
John the Ripper
Related tools
Security & Privacy
John the Ripper
Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.
Security & Privacy
testssl.sh
CLI probe of TLS/SSL ciphers, protocols, headers, and common misconfigurations on any TCP listener.
Security & Privacy
Ciphey
Automatic decryption and decoding helper using heuristics and ML.
Security & Privacy
OpenSSL
TLS and cryptography toolkit underpinning HTTPS, SSH adjacency, and certificate workflows.
Security & Privacy
Metasploit Framework
Modular exploitation framework with payloads, encoders, auxiliaries, and integration points for exploit development.
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.