View Issue Details

IDProjectCategoryView StatusLast Update
0007455Kali Linux[All Projects] New Tool Requestspublic2021-11-22 16:46
Reportercracken Assigned To 
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0007455: Cracken - A Data Driven Approach for Password Cracking
Description[Name] - Cracken

[Version] - v1.0.1 (git tag)

[Homepage] -

[Download] - OR

[Author] - Shmuel Amar & Or Safran

[Licence] - MIT

[Description] -

Cracken is used for:

    * Generating Hybrid-Masks very VERY FAST superherozapdash (see performance section)
    * Building Smartlists - compact & representative list of subwords from given passwords files (using hugs HuggingFace's tokenizers)
    * Analyzing passwords for their Hybrid-Masks - building statistics for better password candidates (again very fast)

    Demo on asciinema -

[Dependencies] - all dependencies for build defined on Cargo.toml. The final binary does not require anything else.

[Similar tools] - What other tools are out there? maskprocessor, crunch, princeprocessor

[Activity] - Project started around 2019, we actively developed it and released it as part of our DeepSec2021 talk -

[How to install] -
full description here -

Option 0000001 - install from (preferred)
$ cargo install cracken

Option #2 - install with cargo:
2. build from source

$ git clone
$ cd cracken
$ cargo build --release

[How to use]

run Cracken:

Example 0000001 - generate all words of length 8 starting with uppercase followed by 6 lowercase chars and then a digit:

$ cracken -o pwdz.lst '?u?l?l?l?l?l?l?d'

Example #2 - generate words from two wordlists with year suffix (1000-2999) <firstname><lastname><year>

$ cracken --wordlist firstnames.txt --wordlist lastnames.lst --charset '12' '?w1?w2?1?d?d?d'

Example #3 - create a Smartlist of size 50k from subwords extracted from rockyou.txt

$ cracken create -f rockyou.txt -m 50000 --smartlist smart.lst

Example 0000004 - estimate the entropy of hybrid mask of the password HelloWorld123! using a smartlist

$ cracken entropy -f smart.lst 'HelloWorld123!'

hybrid-min-split: ["hello", "world1", "2", "3", "!"]
hybrid-mask: ?w1?w1?d?d?s
hybrid-min-entropy: 42.73
charset-mask: ?l?l?l?l?l?l?l?l?l?l?d?d?d?s
charset-mask-entropy: 61.97

# Even more examples:

Example Usage:

  ## Generate Subcommand Examples:

  # all digits from 00000000 to 99999999
  cracken ?d?d?d?d?d?d?d?d

  # all digits from 0 to 99999999
  cracken -m 1 ?d?d?d?d?d?d?d?d

  # words with pwd prefix - pwd0000 to pwd9999
  cracken pwd?d?d?d?d

  # all passwords of length 8 starting with upper then 6 lowers then digit
  cracken ?u?l?l?l?l?l?l?d

  # same as above, write output to pwds.txt instead of stdout
  cracken -o pwds.txt ?u?l?l?l?l?l?l?d

  # custom charset - all hex values
  cracken -c 0123456789abcdef '?1?1?1?1'

  # 4 custom charsets - the order determines the id of the charset
  cracken -c 01 -c ab -c de -c ef '?1?2?3?4'

  # 4 lowercase chars with years 2000-2019 suffix
  cracken -c 01 '?l?l?l?l20?1?d'

  # starts with firstname from wordlist followed by 4 digits
  cracken -w firstnames.txt '?w1?d?d?d?d'

  # starts with firstname from wordlist with lastname from wordlist ending with symbol
  cracken -w firstnames.txt -w lastnames.txt -c '!@#$' '?w1?w2?1'

  # repeating wordlists multiple times and combining charsets
  cracken -w verbs.txt -w nouns.txt '?w1?w2?w1?w2?w2?d?d?d'

  ## Create Smartlists Subcommand Examples:

  # create smartlist from single file into smart.txt
  cracken create -f rockyou.txt --smartlist smart.txt

  # create smartlist from multiple files with multiple tokenization algorithms
  cracken create -t bpe -t unigram -t wordpiece -f rockyou.txt -f passwords.txt -f wikipedia.txt --smartlist smart.txt

  # create smartlist with minimum subword length of 3 and max numbers-only subwords of size 6
  cracken create -f rockyou.txt --min-word-len 3 --numbers-max-size 6 --smartlist smart.txt

  ## Entropy Subcommand Examples:

  # estimating entropy of a password
  cracken entropy --smartlist vocab.txt 'helloworld123!'

  # estimating entropy of a passwords file with a charset mask entropy (default is hybrid)
  cracken entropy --smartlist vocab.txt -t charset -p passwords.txt

  # estimating the entropy of a passwords file
  cracken entropy --smartlist vocab.txt -p passwords.txt

[Packaged] - Not yet, if thats of interest to Kali we'll package it :)


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-11-22 16:46 cracken New Issue