The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Password Open-Source Projects
-
keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
-
Probable-Wordlists
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
staticrypt
Password protect a static HTML page, decrypted in-browser in JS with no dependency. No server logic needed.
-
Passbolt
Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!
-
h8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
mentalist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
-
PasswordPusher
🔐 An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Project mention: Hacking WiFi 101: basic concepts, terminology, and a real-life example | dev.to | 2024-04-03Hashcat Cracking WPA/WPA2 Spacehuhn's Deauther
Project mention: KeePassXC Issue: [Passkeys] should never be exported in clear text | news.ycombinator.com | 2024-03-13
I get what you are trying to do, but it feels a bit insecure. Why not use an OSS passwordless project like https://github.com/supertokens/supertokens-core/ or https://github.com/teamhanko/hanko
John The Ripper
I am sure there are other use cases, that why there are some tools used for, such as the https://github.com/robinmoisson/staticrypt, this tool/feature was also requested by users.
Project mention: LessPass: Generates passwords offline based on a login, a master pass, and a url | news.ycombinator.com | 2024-02-25
Passbolt - Open Source Alternative to 1Password
Project mention: Search for sensitive data using theHarvester and h8mail tools | dev.to | 2023-12-01
There's also Picocrypt.
Project mention: A Step-by-Step Guide to Implement JWT Authentication in NestJS using Passport | dev.to | 2024-01-23❓ Why is hashing and salting passwords mandatory? A salt is simply a random data used as an additional input to the hashing function to safeguard your password. The random string from the salt makes the hash unpredictable. A password hash involves converting the password into an alphanumeric string using specialized algorithms. Hashing and salting are irreversible and ensure that even if someone gains access to the hashed passwords, they will not be able to decrypt them to recover the original passwords. Hystorically bcrypt is recognized as the best hashing algorithm. However, in terms of robustness against all the new cryptographic attacks targeting hashing algorithms, the current clear winner is argon2. However, since the “youth" (2015) of this algorithm, I chose to use bcrypt
Project mention: MSP Wants Admin Credentials Sent via Email with multiple Recipients | /r/sysadmin | 2023-12-07There's also the Password Pusher website: https://pwpush.com/
Project mention: Why use OpenID Connect instead of plain OAuth2? | news.ycombinator.com | 2023-06-27You can start with: https://github.com/kdeldycke/awesome-iam . But beware of the rabbit hole!
Password related posts
- Show HN: German-Language Diceware
- Insult Passphrase Generator
- FlashPaper: One-time encrypted password/secret sharing
- LessPass: Generates passwords offline based on a login, a master pass, and a url
- I Know What Your Password Was Last Summer
- Command Line Interface Guidelines
- Wordlists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.
-
A note from our sponsor - WorkOS
workos.com | 25 Apr 2024
Index
What are some of the best open-source Password projects? This list will help you:
Project | Stars | |
---|---|---|
1 | hashcat | 19,873 |
2 | keepassxc | 19,176 |
3 | KeeWeb | 12,054 |
4 | SuperTokens Community | 11,898 |
5 | john | 9,267 |
6 | Probable-Wordlists | 8,440 |
7 | MacPass | 6,696 |
8 | staticrypt | 5,786 |
9 | lesspass | 5,653 |
10 | Passbolt | 4,376 |
11 | cupp | 4,207 |
12 | h8mail | 3,884 |
13 | SecretScanner | 2,956 |
14 | passport-local | 2,706 |
15 | Picocrypt | 2,248 |
16 | huge | 2,141 |
17 | node-argon2 | 1,792 |
18 | mentalist | 1,705 |
19 | PasswordPusher | 1,697 |
20 | PassGAN | 1,691 |
21 | awesome-iam | 1,560 |
22 | accounts | 1,486 |
23 | bkcrack | 1,390 |
Sponsored