Top 23 Password Open-Source Projects

• hashcat

  103 19,873 8.8 C

  World's fastest and most advanced password recovery utility

  

Project mention: Hacking WiFi 101: basic concepts, terminology, and a real-life example | dev.to | 2024-04-03

Hashcat Cracking WPA/WPA2 Spacehuhn's Deauther

• keepassxc

  512 19,176 8.7 C++

  KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

  

Project mention: KeePassXC Issue: [Passkeys] should never be exported in clear text | news.ycombinator.com | 2024-03-13

• SurveyJS

  surveyjs.io sponsored

  Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  

• KeeWeb

  59 12,054 0.0 JavaScript

  Free cross-platform password manager compatible with KeePass

  

Project mention: Bitwarden: Free, open-source password manager | news.ycombinator.com | 2023-09-25

• SuperTokens Community

  114 11,898 9.3 Java

  Open source alternative to Auth0 / Firebase Auth / AWS Cognito

  

Project mention: Ask HN: Simple Auth for Website | news.ycombinator.com | 2024-04-23

I get what you are trying to do, but it feels a bit insecure. Why not use an OSS passwordless project like https://github.com/supertokens/supertokens-core/ or https://github.com/teamhanko/hanko

• john

  77 9,267 9.3 C

  John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

  

Project mention: Best Hacking Tools for Beginners 2024 | dev.to | 2024-02-01

John The Ripper

• Probable-Wordlists

  13 8,440 0.0

  Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

• MacPass

  4 6,696 4.6 Objective-C

  A native macOS KeePass client

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• staticrypt

  19 5,786 6.0 HTML

  Password protect a static HTML page, decrypted in-browser in JS with no dependency. No server logic needed.

Project mention: Yet another encrypt tool for Hugo | /r/gohugo | 2023-06-27

I am sure there are other use cases, that why there are some tools used for, such as the https://github.com/robinmoisson/staticrypt, this tool/feature was also requested by users.

• lesspass

  21 5,653 4.9 JavaScript

  :key: stateless open source password manager

  

Project mention: LessPass: Generates passwords offline based on a login, a master pass, and a url | news.ycombinator.com | 2024-02-25

• Passbolt

  40 4,376 9.7 PHP

  Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

  

Project mention: Open Source alternatives to tools you Pay for | dev.to | 2023-12-08

Passbolt - Open Source Alternative to 1Password

• cupp

  11 4,207 0.0 Python

  Common User Passwords Profiler (CUPP)

• h8mail

  11 3,884 0.0 Python

  Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Project mention: Search for sensitive data using theHarvester and h8mail tools | dev.to | 2023-12-01

• SecretScanner

  7 2,956 7.3 Go

  :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  

• passport-local

  1 2,706 0.0 JavaScript

  Username and password authentication strategy for Passport and Node.js.

• Picocrypt

  78 2,248 6.5 Go

  A very small, very simple, yet very secure encryption tool.

Project mention: BitLocker vs Veracrypt | /r/Bitwarden | 2023-06-20

There's also Picocrypt.

• huge

  1 2,141 0.0 PHP

  Simple user-authentication solution, embedded into a small framework.

• node-argon2

  11 1,792 7.5 JavaScript

  Node.js bindings for Argon2 hashing algorithm

Project mention: A Step-by-Step Guide to Implement JWT Authentication in NestJS using Passport | dev.to | 2024-01-23

❓ Why is hashing and salting passwords mandatory? A salt is simply a random data used as an additional input to the hashing function to safeguard your password. The random string from the salt makes the hash unpredictable. A password hash involves converting the password into an alphanumeric string using specialized algorithms. Hashing and salting are irreversible and ensure that even if someone gains access to the hashed passwords, they will not be able to decrypt them to recover the original passwords. Hystorically bcrypt is recognized as the best hashing algorithm. However, in terms of robustness against all the new cryptographic attacks targeting hashing algorithms, the current clear winner is argon2. However, since the “youth" (2015) of this algorithm, I chose to use bcrypt

• mentalist

  7 1,705 0.0 Python

  Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

• PasswordPusher

  74 1,697 9.8 Ruby

  🔐 An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.

Project mention: MSP Wants Admin Credentials Sent via Email with multiple Recipients | /r/sysadmin | 2023-12-07

There's also the Password Pusher website: https://pwpush.com/

• PassGAN

  3 1,691 0.0 Python

  A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)

Project mention: Dónde o como puedo aprender a hackear redes wifi | /r/programacion | 2023-05-31

• awesome-iam

  2 1,560 7.5

  👤 Identity and Access Management knowledge for cloud platforms

Project mention: Why use OpenID Connect instead of plain OAuth2? | news.ycombinator.com | 2023-06-27

You can start with: https://github.com/kdeldycke/awesome-iam . But beware of the rabbit hole!

• accounts

  4 1,486 8.6 TypeScript

  Fullstack authentication and accounts-management for Javascript.

  

• bkcrack

  5 1,390 8.4 C++

  Crack legacy zip encryption with Biham and Kocher's known plaintext attack.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Password related posts

• Show HN: German-Language Diceware
  1 project | news.ycombinator.com | 29 Mar 2024
• Insult Passphrase Generator
  3 projects | news.ycombinator.com | 13 Mar 2024
• FlashPaper: One-time encrypted password/secret sharing
  1 project | news.ycombinator.com | 26 Feb 2024
• LessPass: Generates passwords offline based on a login, a master pass, and a url
  1 project | news.ycombinator.com | 25 Feb 2024
• I Know What Your Password Was Last Summer
  1 project | news.ycombinator.com | 11 Feb 2024
• Command Line Interface Guidelines
  8 projects | news.ycombinator.com | 6 Feb 2024
• Wordlists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.
  5 projects | dev.to | 25 Jan 2024
• A note from our sponsor - WorkOS
  workos.com | 25 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com