John the Ripper
Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.
Why it is included
Long-running reference for offline hash auditing when material is lawfully available.
Best for
Unix/Windows hash formats in labs and authorized recovery.
Strengths
- Format breadth
- Community rules
- Jumbo patches
Limitations
- Legal use only on data you may test
Good alternatives
Hashcat
Related tools
Security & Privacy
Hashcat
GPU-accelerated password recovery and hash cracking supporting hundreds of algorithms and attack modes.
Security & Privacy
Metasploit Framework
Modular exploitation framework with payloads, encoders, auxiliaries, and integration points for exploit development.
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
Security & Privacy
sqlmap
Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.
Security & Privacy
Nikto
Web server scanner that probes for dangerous files, outdated software, and misconfigurations via many checks.
Security & Privacy
Nuclei
Fast vulnerability scanner driven by YAML templates—used for recon, misconfigs, CVEs, and custom checks at scale.