CentOS

What are we suppose to use nowadays for password testing? Saint? Satan? Crack??

I've inherited a web server that was just hacked into and my hunch is weak passwords (on the customer end). PAM will fix this for new accounts but I wanted to also know how to test the old ones ... maybe narrow down the list or something less global than a "Everyone's password has expired. Change it NOW!" :)

http://freshmeat.net/search/?q=password+cracker&section=projects&Go.x=0&Go.y=0

But "John the Ripper" works well http://www.openwall.com/john/

hah! "Bob the Butcher" ... wow. So John's still out there? It always seems like these things were suppose to be deprecated by another one down the pipe ...

Anyways, I wasn't necessarily looking for password "recovery". More like door knocking on websites to see if customers are using something like "password" for their password so we can tell just the weak ones to reset.

http://freshmeat.net/search/?q=security+auditing&section=projects&Go.x=0&Go.y=0
may provide more like what you may want.