View Issue Details

IDProjectCategoryView StatusLast Update
0003610Kali LinuxQueued Tool Additionpublic2020-12-01 11:06
Reporterunicornfurnace Assigned To 
Status acknowledgedResolutionopen 
Summary0003610: FeatherDuster - An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

FeatherDuster is a tool designed for automating and simplifying cryptanalysis work. It is capable of analyzing encrypted data from a black box perspective and describing weaknesses suggested by statistical properties of the data being analyzed. It is capable of suggesting which of its available modules apply to the data being analyzed, and even has an autopwn command to automatically run relevant modules.

Its core, called Cryptanalib, is a Python module containing a number of useful functions for cryptanalysts who have some knowledge about cryptanalysis, reducing the coding work in exploiting common crypto flaws such as secret-suffix ECB chosen plaintext attacks from hours to minutes, as well as reducing the necessary level of expertise needed to write crypto attack tools.




2016-10-02 22:28

reporter   ~0006017

It's worth noting that to date, no cryptographic exploitation tools exist in Kali except for PadBuster, which is a single-purpose tool.



2017-03-24 15:53

reporter   ~0006530

Official repo is at

Also, there's an autopwn mode, so if you don't know what you're doing, it very well might break encrypted data for you when you have no idea how to do it yourself.

Any updates on this?



2017-03-27 18:04

reporter   ~0006535

As requested by muts:

dependency info

Required libraries:

Required python modules:
ishell (requires readline and ncurses)
gmpy (requires GMP, mentioned above)
PyCrypto (debian package python-crypto will install this)

FeatherDuster is capable of identifying how crypto is used and, in some cases, automagically breaking crypto with only the encrypted data and no other information, due to its autopwn functionality. FeatherDuster will also suggest various types of attacks which apply to the type of encryption identified. It has an analysis engine which, among other checks, will try to identify whether the data has been encrypted with strong encryption or not.

In the case that you have a little bit more crypto knowledge, you can use modules individually to achieve your goals. For instance, the detect_hash_format module will allow you to brute force guess how information is arranged before being hashed to produce an authentication token, so that you can produce your own with the right information.

FeatherDuster is built on top of Cryptanalib, which is a Python module built for FeatherDuster to serve as its core, and to be accessible to more advanced users who are capable of identifying crypto flaws, but don't have tools capable of exploiting them. As an example, Padbuster exists to exploit padding oracle flaws such as MS10-070 in traditional HTTP-based services, but is unusable for padding oracle flaws in any other system, or in any Web application where some odd encoding or unusual format is used. Cryptanalib can be useful here, as it has generic padding oracle exploit functions. All you need to do is write an oracle function to communicate with the padding oracle and identify good padding responses vs bad padding responses. Even if those are based on side channels such as timing information, heat, power consumption, or any number of things, the padding oracle function will happily do its work with the oracle function you've created.

There are other utility functions available for common cryptographic weaknesses, such as nonce reuse in DSA and ECDSA, a flaw used to recover the private code signing key for the PS3!

FeatherDuster is also modular, so its functionality can be expanded easily by third parties.



2017-04-03 23:25

reporter   ~0006551

FeatherDuster now has an official release version of 0.2.

Having numbered releases was the last item requested by muts.

Please let me know if any further items must be addressed before FeatherDuster can be included in Kali.



2018-01-29 14:54

administrator   ~0008393

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?


2018-02-19 19:50

reporter   ~0008694

  • [Name] - FeatherDuster
  • [Version] - 0.2
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] -
  • [Download] -
  • [Author] - Daniel Crowley
  • [Licence] - BSD 3-clause
  • [Description] - In short, it's like Metasploit/Clippy for breaking encryption
  • [Dependencies] - libGMP, libreadline, Python 2.7, a few pip installable Python libs
  • [Similar tools] - No tool combines all the functionality of FeatherDuster or has an analysis engine that identifies more than just hashes, but examples include hashid, padbuster, hash-extender, rsatool
  • [How to install] - git clone; apt-get install libgmp3-dev; pip install .
  • [How to use] -
    The analyze and autopwn functions are the easiest ones to use to demonstrate FeatherDuster's capabilities.
    Start by launching FeatherDuster with featherduster.
    Then, use import multifile to import a file with multiple encoded ciphertext samples separated with newlines.
    Enter examples/manytimepad.ciphertexts to import a sample of ciphertext encrypted with AES in CTR mode (included with FeatherDuster for practice), but using the same key and nonce for each operation, a fatal mistake.
    Type analyze. FeatherDuster will identify the data as being encrypted with a block cipher in stream mode, and note the statistical likelihood of stream cipher key reuse in the data, suggesting that the many_time_pad module may be useful.
    Either type autopwn to try all modules that the analysis engine would suggest, or use many_time_pad and run to launch the module manually.
    Observe that FeatherDuster is able to decrypt fixed-key-and-nonce stream cipher schemes such as one based on AES-CTR without any prior cryptographic knowledge from the operator.


2020-03-25 13:36

administrator   ~0012543

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~

Issue History

Date Modified Username Field Change
2016-09-22 01:12 unicornfurnace New Issue
2016-10-02 22:28 unicornfurnace Note Added: 0006017
2017-03-24 15:53 unicornfurnace Note Added: 0006530
2017-03-27 18:04 unicornfurnace Note Added: 0006535
2017-04-03 23:25 unicornfurnace Note Added: 0006551
2018-01-29 14:54 g0tmi1k Note Added: 0008393
2018-02-19 19:50 unicornfurnace Note Added: 0008694
2020-03-25 13:36 g0tmi1k Note Added: 0012543
2020-03-25 13:36 g0tmi1k Status new => acknowledged
2020-03-25 13:36 g0tmi1k Category New Tool Requests => Queued Tool Addition
2020-06-17 14:58 g0tmi1k Severity feature => minor
2020-12-01 11:06 g0tmi1k Summary FeatherDuster => FeatherDuster - An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction