Today I will introduce a cracking tool called Super Weak Password Checker, created by shack2, a well-known figure in the security industry. This tool has been updated for several years and it is undeniable that it is a useful cracking tool that can improve the efficiency of our penetration testing.
First, download the Super Weak Password Checker tool.
git clone https://github.com/shack2/SNETCracker
After downloading, unzip and open the file.
There are readme.txt and user manuals that provide some simple instructions on how to use the tool.
In the tool's directory, there are three folders: configuration, dictionary, and log. In general, we do not need to modify the configuration, but we can replace or add dictionaries according to our personal situation.
Let's open the graphical tool SENTCracker.exe and take a look.
It is easy to understand and user-friendly. It is a comprehensive checking tool that can scan multiple services and databases for weak passwords. In the left sidebar, we can select the services to be checked (multiple selections are possible) and enter the target IP (we can directly enter the IP as shown in the picture, or enter an IP range like 1.1.1.1-1.1.100.100, or import a batch of IPs). We can choose to crack only one user, set our own account password (or import account ranges and password ranges) for checking and cracking. Everyone can choose according to their own situation. In general, there is no need to check "Automatically select password dictionary based on checked services". After the check and cracking is completed, the results will be displayed in the middle column, as shown in the picture above.
The tool is simple and easy to use, and it works well. Therefore, I would like to thank shack2 for developing and providing this tool. I also recommend everyone to take a look at some of his other tools, which I believe can also be of great help to everyone.
Project address: