Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →
Top 23 Password Open-Source Projects
-
keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
Project mention: Passkey marketing is lying to you (it's simple) | news.ycombinator.com | 2025-01-04Oof, I found a whole ton of anti-open-source-software quotes on the related Github issue https://github.com/keepassxreboot/keepassxc/issues/10406 :
> When required, the authenticator must perform user verification (PIN, biometric, or some other unlock mechanism). If this is not possible, the authenticator should not handle the request.
> [A passkey provider certification process] is currently being defined and is almost complete.
> This implementation is not spec compliant and has the potential to be blocked by relying parties.
> Then you should require its use when passkeys are enabled ... [You may be blocked because] you have a passkey provider that is known to not be spec compliant.
> I suspect we'll see [biometrics] required by regulation in some geo-regions.
> I see a lot of misinformation and incorrect guesses about the intentions of various parties in the recent threads. If it would be helpful, I'm willing to have a [private, non-public] call with interested parties to try and answer some of the questions that have been raised to ensure we have a common technical understanding of FIDO/WebAuthn.
I felt reasonably positive about Passkeys while writing this blog post, but continuing to read the spec authors' insistence that only Big Tech may handle these problems is extremely worrying. I really want to like this feature, but the authors are acting like complete jerks and driving me away.
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
Project mention: Build An Advanced Password Cracker With Python (Complete Guide) | dev.to | 2024-10-07
Download Hashcat from the official website.
-
For B2C, Supabase will get you most of the way for small to medium MAU applications. You might need additional services for analytics and monitoring. If you are building a boom-or-bust B2C company (ex. social media platform, video game, media publication) you should consider using an open-source self-hosted solution like SuperTokens.
-
Project mention: Bitwarden SDK relicensed from proprietary to GPLv3 | news.ycombinator.com | 2024-10-24
It is actually sort of how I used it as well, though through nextcloud. It did still remain a hassle. It also requires all different apps to be maintained and equally safe.
Keeweb for example has not had an active maintainer since 2022 https://github.com/keeweb/keeweb/issues/2022
-
john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
My quest to crack this Wi-Fi password led me deep into the world of network security. I learned about tools like aircrack-ng and John the Ripper. I discovered the concept of packet capture and the vulnerabilities of WPS-protected networks. But more importantly, this journey led me to a revelation that would change everything: Android was built on the Linux kernel.
-
Probable-Wordlists
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
-
staticrypt
Password protect a static HTML page, decrypted in-browser in JS with no dependency. No server logic needed.
Project mention: Password protect a static HTML page, decrypted in-browser in JavaScript | news.ycombinator.com | 2024-08-30Especially with 600k PDBKF2 iterations, 16 alphanum chars should be very safe.
There's a (warning: very detailed) issue covering the topic of PBKDF2 iterations and password length over here, if you feel like diving into that rabbit hole: https://github.com/robinmoisson/staticrypt/issues/159
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
Project mention: LessPass: Generates passwords offline based on a login, a master pass, and a url | news.ycombinator.com | 2024-02-25
-
Passbolt
Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!
-
-
h8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
-
PasswordPusher
🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
Project mention: Password Pusher: Securely share sensitive information with automatic expiration | news.ycombinator.com | 2024-10-09 -
-
-
-
mentalist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
-
-
Project mention: Cracking an old ZIP file to help open source the ANC's "Vula" secret crypto code | news.ycombinator.com | 2024-09-07
The author kindly modified bkcrack based on Tim's fuzzy recollection of what he thought he might have chosen for the password: https://github.com/kimci86/bkcrack/pull/56 and https://github.com/kimci86/bkcrack/pull/126. However, I ran out of time to work on this part and it seemed more important to get the actual code running.
Also, in the course of things I discovered that Tim used PKZIP inside the BASIC code using a password that used non-printing characters.
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Password discussion
Password related posts
-
Show HN: I built an open source computer-use SDK enabling agents to authenticate
-
I built an open source computer-use SDK enabling agents to authenticate securely
-
Passkey technology is elegant, but it's most definitely not usable security
-
A Tour of WebAuthn – Adam Langley
-
Keydex v0.4.0 – A KeePass Terminal Password Manager
-
Operational PGP
-
Password Composition Policies Are Bad and Here's Why
-
A note from our sponsor - CodeRabbit
coderabbit.ai | 7 Feb 2025
Index
What are some of the best open-source Password projects? This list will help you:
# | Project | Stars |
---|---|---|
1 | keepassxc | 22,094 |
2 | hashcat | 21,887 |
3 | SuperTokens Community | 13,768 |
4 | KeeWeb | 12,429 |
5 | john | 10,751 |
6 | Probable-Wordlists | 8,745 |
7 | staticrypt | 7,249 |
8 | MacPass | 6,773 |
9 | lesspass | 5,793 |
10 | Passbolt | 4,840 |
11 | cupp | 4,503 |
12 | h8mail | 4,178 |
13 | SecretScanner | 3,157 |
14 | passport-local | 2,746 |
15 | PasswordPusher | 2,204 |
16 | huge | 2,137 |
17 | node-argon2 | 1,931 |
18 | awesome-iam | 1,859 |
19 | mentalist | 1,831 |
20 | PassGAN | 1,778 |
21 | bkcrack | 1,756 |
22 | accounts | 1,504 |
23 | bruteforce-database | 1,484 |