In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form.

A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password.

This is a curated list of awesome tools, research, papers and other projects related to password cracking and password security by

Read before contributing! In short:


  • Books
  • Cloud
  • Conversion
  • Hashcat
    • Automation
    • Distributed cracking
    • Rules
    • Rule tools
    • Web interfaces
  • John the Ripper
  • Misc
    • Notable People
  • Websites
    • Communities
    • Lookup services
  • Wordlist tools
    • Analysis
    • Generation/Manipulation
  • Wordlists
    • Laguage specific
    • Other
  • Specific file formats
    • PDF
    • PEM
    • JKS
    • ZIP
  • Artificial Intelligence
  • Research
    • Articles and Blog Posts
    • Papers
    • Talks



  • Cloud_crack – Crack passwords using Terraform and AWS.
  • Cloudcat – A script to automate the creation of cloud infrastructure for hash cracking.
  • Cloudstomp – Automated deployment of instances on EC2 via plugin for high CPU/GPU applications at the lowest price.
  • Cloudtopolis – A tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended (and also, free!).
  • NPK – NPK is a distributed hash-cracking platform built entirely of serverless components in AWS including Cognito, DynamoDB, and S3.
  • Penglab – Abuse of Google Colab for cracking hashes.
  • Rook – Automates the creation of AWS p3 instances for use in GPU-based password cracking.

For more information click here.