Password attacks

/usr/share/wordlists – consolidated set of word lists in Kali
/usr/share/seclists – consolidated set of word lists in Kali

crunch – generates custom word list using predefined set of characters

online bruteforcing

Hydra – SNMP / ssh / rdp
Medusa – HTTP
Ncrack – RDP

offline bruteforce

john

http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

hashcat

hashcat -m ### --force --username hashfile.txt wordlist.txt
--username – used if the file format is USERNAME:HASH
--force – if needed

https://hashcat.net/wiki/doku.php?id=example_hashes