Password attacks

/usr/share/wordlists - consolidated set of word lists in Kali
/usr/share/seclists - consolidated set of word lists in Kali

crunch - generates custom word list using predefined set of characters

online bruteforcing

Hydra - SNMP / ssh / rdp
Medusa - HTTP
Ncrack - RDP

offline bruteforce

john

http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

hashcat

hashcat -m ### --force --username hashfile.txt wordlist.txt
--username - used if the file format is USERNAME:HASH
--force - if needed

https://hashcat.net/wiki/doku.php?id=example_hashes