There are other useful tools found in Kali. We have limited the list to utilities that assist with compromising host systems accessing web application servers. There are other password cracking tools available in Kali not shown in this list; however, the focus of those tools is out of scope for this text.
Hash-identifier is a Python utility used to identify hash types. Most password cracking tools such as John the Ripper include a auto-detection function for hashes which are very good and probably 90 percent accurate. This utility can be used to verify a hash type manually. To use Hash-identifier, run the utility and paste it in a copy of the hash.
The following screenshot shows an output of a hash:
dictstat is a Python script utility used for password cracking results analysis or for a regular wordlist analysis. dictstat will analyze results and provide masks for brute-forcing password combinations that have already been cracked. This will likely provide clues for cracking more hashes in the bunch. This can be helpful when targeting a company with a password policy. The following screenshot shows the dictstat home screen:
To run dictstat, type dictstat [options] passwords.txt. The following screenshot shows an example of using dictstat:
RainbowCrack is the hash cracking program that generates rainbow tables to be used in password cracking. RainbowCrack is different than the standard brute-force approach by using large pre-computed tables to reduce the length of time needed to crack a password. RainbowCrack is a decent application; however, there are many free Rainbow tables available for download, such as www.freerainbowtables.com. The following screenshot shows the RainbowCrack home screen:
findmyhash is a Python script, which uses a free online service to crack hashes. You must have Internet access before using this tool. The following screenshot shows findmyhash running a MD5 hash against multiple websites:
phrasendrescher is a modular and multi-processing pass phrase cracking tool. phrasendrescher comes with a number of plugins, as well as API that permits development of new plugins.