Abstract

Recovering a password from encrypted or hashed form is known as password cracking and attackers often use open source intelligence as assistance. The information gathered can vary from usernames, email addresses to personal information such as birth dates. Attackers use this information to create custom wordlists and apply different techniques such as brute force attacks, dictionary attacks and social engineering attacks for password cracking. This paper gives an outline of the password cracking process via web crawling and stresses the significance of implementing strong password policies and making users aware of the hazards of password reuse as well as weak passwords. Moreover, website owners should secure their databases and restrict access to personal information. By comprehending the methods used by attackers, individuals and organizations can defend themselves against password cracking attempts