SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.

World's fastest and most advanced password recovery utility

Low-Budget Password Strength Estimation

Open source alternative to Auth0 / Firebase Auth / AWS Cognito

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

Free cross-platform password manager compatible with KeePass

🧑‍🚀 Authentication and authorization infrastructure for SaaS and AI apps, built on OIDC and OAuth 2.1 with multi-tenancy, SSO, and RBAC.

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

Bitwarden mobile apps (Password Manager and Authenticator) for Android.

You Know, For WEB Fuzzing !

Password protect a static HTML page, decrypted in-browser in JS with no dependency. No server logic needed.

A native macOS KeePass client

The slightly more awesome standard unix password manager for teams

Open-source Auth0/Clerk alternative

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

:key: stateless open source password manager

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Password manager app for Android

Common User Passwords Profiler (CUPP)

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等，大量高危漏洞检测模块MS17010、Zimbra、Exchange

The password hash Argon2, winner of PHC

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

A place for creators and users of password managers to collaborate on resources to make password management better.

Get the password of the wifi you're on (bash)