Online password attacks are targeted towards a remote system such as a server on the network or even a web application login portal.
Online authentication systems will usually contain a lockout policy for a certain number of failed log-in attempts.
This type of attack is easily detectable as alerts are created for the number of failed log-on attempts.
In an offline password attack, the attacker uses various techniques to retrieve the password for password-file or document.
In the offline attack, the attacker may have retrieved the hash values of a password and uses an automating tools to retrieve the password from the hash value.
Offline password attacks will need a lot of processing power to perform cracking quickly.
Offline password attacks are less detectable as these attack is usually done on the attacker's system.
John is an online password cracking tool.
Hashcat is an advanced password recovery tool.
It can perform offline password attacks.
Takes advantage of the GPU of a system to perform password cracking.
This an online password cracking tool.
Analyses how a user creates passwords.
Helps password cracking tools to perform their password recovery process more efficiently.
This is a tool that spiders a website to gather keywords for creating a password wordlist.
This is another password wordlist generator tool.
Burp Suite is a web application vulnerability assessment tool.
Functions as a web application proxy.
Can perform online password cracking techniques.