All Projects → shmuelamar → cracken

shmuelamar / cracken

Licence: MIT license
a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Programming Languages

rust
11053 projects
Jupyter Notebook
11667 projects
python
139335 projects - #7 most used programming language
Makefile
30231 projects

Projects that are alternatives of or similar to cracken

Mentalist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
Stars: ✭ 945 (+392.19%)
Mutual labels:  password, wordlist, cracking
Cupp
The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values.
Stars: ✭ 2,493 (+1198.44%)
Mutual labels:  password, wordlist, wordlist-generator
Hashcat
World's fastest and most advanced password recovery utility
Stars: ✭ 11,014 (+5636.46%)
Mutual labels:  password, hashes, cracking
Bopscrk
Tool to generate smart and powerful wordlists
Stars: ✭ 273 (+42.19%)
Mutual labels:  password, wordlist, cracking
Duplicut
Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
Stars: ✭ 352 (+83.33%)
Mutual labels:  password, wordlist, cracking
WPA2-FritzBox-Pswd-Wordlist-Generator
This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.
Stars: ✭ 22 (-88.54%)
Mutual labels:  password, wordlist, wordlist-generator
Filevaultcracker
macOS FileVault cracking tool
Stars: ✭ 199 (+3.65%)
Mutual labels:  password, wordlist, cracking
Keychaincracker
macOS keychain cracking tool
Stars: ✭ 693 (+260.94%)
Mutual labels:  password, wordlist, cracking
longtongue
Customized Password/Passphrase List inputting Target Info
Stars: ✭ 61 (-68.23%)
Mutual labels:  password, wordlist, wordlist-generator
Gosecretsdump
Dump ntds.dit really fast
Stars: ✭ 122 (-36.46%)
Mutual labels:  password, cracking
Zydra
Stars: ✭ 178 (-7.29%)
Mutual labels:  password, cracking
ComPP
Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.
Stars: ✭ 44 (-77.08%)
Mutual labels:  password, wordlist
Ttpassgen
密码生成 flexible and scriptable password dictionary generator which can support brute-force、combination、complex rule mode etc...
Stars: ✭ 68 (-64.58%)
Mutual labels:  password, wordlist
Chasm
A CHaracter Aware Splitting Method for producing password candidates.
Stars: ✭ 37 (-80.73%)
Mutual labels:  password, cracking
vietnamese-password-dicts
Tổng hợp danh sách mật khẩu wifi tiếng Việt sử dụng cho aircrack-ng
Stars: ✭ 40 (-79.17%)
Mutual labels:  password, wordlist
Passhunt
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Stars: ✭ 961 (+400.52%)
Mutual labels:  password, pentest-tool
Dcipher Cli
🔓Crack hashes using online rainbow & lookup table attack services, right from your terminal.
Stars: ✭ 193 (+0.52%)
Mutual labels:  password, cracking
password-list
Password lists with top passwords to optimize bruteforce attacks
Stars: ✭ 174 (-9.37%)
Mutual labels:  password, cracking
weakpass generator
generates weak passwords based on current date
Stars: ✭ 36 (-81.25%)
Mutual labels:  password, pentest-tool
PUPI
🛅 Passwords using personal information
Stars: ✭ 65 (-66.15%)
Mutual labels:  wordlist, wordlist-generator

Cracken

cracken crate cracken version cracken documentation cracken total downloads

Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust (more on talk/). Inspired by great tools like maskprocessor, hashcat, Crunch and 🤗 HuggingFace's tokenizers.

What? Why? Woot??

At DeepSec2021 we presented a new method for analysing passwords as Hybrid-Masks exploiting common substrings in passwords by utilizing NLP tokenizers (more info on talk/).

Our method splits a password into its subwords instead of just a characters mask. HelloWorld123! splitted into ['Hello', 'World', '123!'] as these three subwords are very common in other passwords.

Hybrid Masks & Smartlists

  • 📄 Smartlists - Compact & representative subword lists created from passwords by utilizing NLP tokenizers
  • 🎭 Hybrid-Mask - A representation of a password as a combination of wordlists & characters (e.g. ?w1?w2?l?d)

Analyzing RockYou Passwords with Smartlists & Hybrid-Masks:

Top25 Hybrid Masks from RockYou

full table here

Cracken 🐙 is used for:

  • Generating Hybrid-Masks very VERY FAST 🦸💨 (see performance section)
  • Building Smartlists - compact & representative list of subwords from given passwords files (using 🤗 HuggingFace's tokenizers)
  • Analyzing passwords for their Hybrid-Masks - building statistics for better password candidates (again very fast)

Possible workflows with Cracken:

Simple:

  1. Generate wordlist candidates from a hybrid mask - e.g. cracken -w rockyou.txt -w 100-most-common.txt '?w1?w2?d?d?d?d?s'
  2. You can pipe the passwords Cracken generates into hashcat, john or your favorite password cracker

Advanced:

  1. Create a Smartlist from existing passwords - cracken create
  2. Analyze a passwords list of plaintext passwords - cracken entropy
  3. use most frequent Hybrid-Masks to generate password candidates fast - cracken generate -i hybrid-masks.txt

For more details see Usage section

Getting Started

download (linux only currently): latest release 🔗

for more installation options see installation section

run Cracken:

generate all words of length 8 starting with uppercase followed by 6 lowercase chars and then a digit:

$ cracken -o pwdz.lst '?u?l?l?l?l?l?l?d'

generate words from two wordlists with year suffix (1000-2999) <firstname><lastname><year>

$ cracken --wordlist firstnames.txt --wordlist lastnames.lst --charset '12' '?w1?w2?1?d?d?d'

create a Smartlist of size 50k from subwords extracted from rockyou.txt

$ cracken create -f rockyou.txt -m 50000 --smartlist smart.lst

estimate the entropy of hybrid mask of the password HelloWorld123! using a smartlist

$ cracken entropy -f smart.lst 'HelloWorld123!'

hybrid-min-split: ["hello", "world1", "2", "3", "!"]
hybrid-mask: ?w1?w1?d?d?s
hybrid-min-entropy: 42.73
--
charset-mask: ?l?l?l?l?l?l?l?l?l?l?d?d?d?s
charset-mask-entropy: 61.97

Performance

As of writing this, Cracken is probably the world's fastest wordlist generator:

bechmarks results

Cracken has around 25% increased performance over hashcat's fast maskprocessor thats written in C.

Cracken can generate around 2 GB/s per core.

more details on benchmarks/ 🔗

Why speed is important? A typical GPU can test billions passwords per second depending on the password hash function. When the wordlist generator produces fewer words per second than the cracking tool can handle - the cracking speed will degrade.

Hybrid-Masks Analysis Performance

Cracken uses A* algorithm to analyze passwords very fast. it can find the minimal Hybrid-Mask of passwords file at rate of ~100k Passwords/sec (cracken entropy -f words1.txt -f words2.txt ... -p pwds.txt)

Installation

install Cracken or compile from source

Download Binary (Linux Only Currently)

download latest release from releases 🔗

Build From Source (All Platforms)

Cracken is written in Rust and needs rustc to get compiled. Cracken should support all Platforms that Rust support.

installation instructions for cargo 🔗

there are two options building from source - installing with cargo from crates.io (preferred) or compiling manually from source.

1. install from crates.io (preferred)

install with cargo:

$ cargo install cracken

2. build from source

clone Cracken:

$ git clone https://github.com/shmuelamar/cracken

build Cracken:

$ cd cracken
$ cargo build --release

run it:

$ ./target/release/cracken --help

Usage Info

$ cracken --help
Cracken v1.0.0 - a fast password wordlist generator 

USAGE:
    cracken [SUBCOMMAND]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

SUBCOMMANDS:
    generate    (default) - Generates newline separated words according to given mask and wordlist files
    create      Create a new smartlist from input file(s)
    entropy     
                Computes the estimated entropy of password or password file.
                The entropy of a password is the log2(len(keyspace)) of the password.
                
                There are two types of keyspace size estimations:
                  * mask - keyspace of each char (digit=10, lowercase=26...).
                  * hybrid - finding minimal split into subwords and charsets.


For specific subcommand help run: cracken <subcommand> --help


Example Usage:

  ## Generate Subcommand Examples:

  # all digits from 00000000 to 99999999
  cracken ?d?d?d?d?d?d?d?d

  # all digits from 0 to 99999999
  cracken -m 1 ?d?d?d?d?d?d?d?d

  # words with pwd prefix - pwd0000 to pwd9999
  cracken pwd?d?d?d?d

  # all passwords of length 8 starting with upper then 6 lowers then digit
  cracken ?u?l?l?l?l?l?l?d

  # same as above, write output to pwds.txt instead of stdout
  cracken -o pwds.txt ?u?l?l?l?l?l?l?d

  # custom charset - all hex values
  cracken -c 0123456789abcdef '?1?1?1?1'

  # 4 custom charsets - the order determines the id of the charset
  cracken -c 01 -c ab -c de -c ef '?1?2?3?4'

  # 4 lowercase chars with years 2000-2019 suffix
  cracken -c 01 '?l?l?l?l20?1?d'

  # starts with firstname from wordlist followed by 4 digits
  cracken -w firstnames.txt '?w1?d?d?d?d'

  # starts with firstname from wordlist with lastname from wordlist ending with symbol
  cracken -w firstnames.txt -w lastnames.txt -c '!@#$' '?w1?w2?1'

  # repeating wordlists multiple times and combining charsets
  cracken -w verbs.txt -w nouns.txt '?w1?w2?w1?w2?w2?d?d?d'


  ## Create Smartlists Subcommand Examples:

  # create smartlist from single file into smart.txt
  cracken create -f rockyou.txt --smartlist smart.txt

  # create smartlist from multiple files with multiple tokenization algorithms
  cracken create -t bpe -t unigram -t wordpiece -f rockyou.txt -f passwords.txt -f wikipedia.txt --smartlist smart.txt

  # create smartlist with minimum subword length of 3 and max numbers-only subwords of size 6
  cracken create -f rockyou.txt --min-word-len 3 --numbers-max-size 6 --smartlist smart.txt


  ## Entropy Subcommand Examples:

  # estimating entropy of a password
  cracken entropy --smartlist vocab.txt 'helloworld123!'

  # estimating entropy of a passwords file with a charset mask entropy (default is hybrid)
  cracken entropy --smartlist vocab.txt -t charset -p passwords.txt

  # estimating the entropy of a passwords file
  cracken entropy --smartlist vocab.txt -p passwords.txt

cracken-v1.0.0 linux-x86_64 compiler: rustc 1.56.1 (59eed8a2a 2021-11-01)
more info at: https://github.com/shmuelamar/cracken

Generate Subcommand Usage Info

$ cracken generate --help
cracken-generate 
(default) - Generates newline separated words according to given mask and wordlist files

USAGE:
    cracken generate [FLAGS] [OPTIONS] <mask> --masks-file <masks-file>

FLAGS:
    -h, --help       
            Prints help information

    -s, --stats      
            prints the number of words this command will generate and exits

    -V, --version    
            Prints version information


OPTIONS:
    -c, --custom-charset <custom-charset>...    
            custom charset (string of chars). up to 9 custom charsets - ?1 to ?9. use ?1 on the mask for the first charset

    -i, --masks-file <masks-file>               
            a file containing masks to generate

    -x, --maxlen <max-length>                   
            maximum length of the mask to start from

    -m, --minlen <min-length>                   
            minimum length of the mask to start from

    -o, --output-file <output-file>             
            output file to write the wordlist to, defaults to stdout

    -w, --wordlist <wordlist>...                
            filename containing newline (0xA) separated words. note: currently all wordlists loaded to memory


ARGS:
    <mask>    
            the wordlist mask to generate.
            available masks are:
                builtin charsets:
                ?d - digits: "0123456789"
                ?l - lowercase: "abcdefghijklmnopqrstuvwxyz"
                ?u - uppercase: "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                ?s - symbols: " !\"\#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
                ?a - all characters: ?d + ?l + ?u + ?s
                ?b - all binary values: (0-255)
            
                custom charsets ?1 to ?9:
                ?1 - first custom charset specified by --charset 'mychars'
            
                wordlists ?w1 to ?w9:
                ?w1 - first wordlist specified by --wordlist 'my-wordlist.txt'

Create Smartlist Subcommand Usage Info

$ cracken create --help  
cracken-create 
Create a new smartlist from input file(s)

USAGE:
    cracken create [FLAGS] [OPTIONS] --file <file>... --smartlist <smartlist>

FLAGS:
    -h, --help       Prints help information
    -q, --quiet      disables printing progress bar
    -V, --version    Prints version information

OPTIONS:
    -f, --file <file>...                         input filename, can be specified multiple times for multiple files
        --min-frequency <min_frequency>          minimum frequency of a word, relevant only for BPE tokenizer
    -l, --min-word-len <min_word_len>            filters words shorter than the specified length
        --numbers-max-size <numbers_max_size>    filters numbers (all digits) longer than the specified size
    -o, --smartlist <smartlist>                  output smartlist filename
    -t, --tokenizer <tokenizer>...               tokenizer to use, can be specified multiple times.
                                                 one of: bpe,unigram,wordpiece [default: bpe]  [possible values: bpe, unigram, wordpiece]
    -m, --vocab-max-size <vocab_max_size>        max vocabulary size

Entropy Subcommand Usage Info

$ cracken entropy --help
cracken-entropy 

Computes the estimated entropy of password or password file.
The entropy of a password is the log2(len(keyspace)) of the password.

There are two types of keyspace size estimations:
  * mask - keyspace of each char (digit=10, lowercase=26...).
  * hybrid - finding minimal split into subwords and charsets.


USAGE:
    cracken entropy [FLAGS] [OPTIONS] <password> --smartlist <smartlist>...

FLAGS:
    -h, --help       Prints help information
    -s, --summary    output summary of entropy for password
    -V, --version    Prints version information

OPTIONS:
    -t, --mask-type <mask_type>              type of mask to output, one of: charsets(charsets only), hybrid(charsets+wordlists) [possible values: hybrid, charset]
    -p, --passwords-file <passwords-file>    newline separated password file to estimate entropy for
    -f, --smartlist <smartlist>...           smartlist input file to estimate entropy with, a newline separated text file

ARGS:
    <password>    password to

License

Cracken is licensed under MIT. THIS PROJECT MUST BE USED FOR LEGAL PURPOSES ONLY ⚖️

Contributing

Cracken is under active development, if you wish to help below is this the partial roadmap for this project. Feel free to submit PRs and open issues.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].