View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007455Kali LinuxQueued Tool Additionpublic2021-11-22 16:462022-05-04 12:54
Reportercracken Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status acknowledgedResolutionopen 
Summary0007455: Cracken - A Data Driven Approach for Password Cracking
Description

[Name] - Cracken

[Version] - v1.0.1 (git tag)

[Homepage] - https://github.com/shmuelamar/cracken/tree/v1.0.1

[Download] - https://github.com/shmuelamar/cracken/releases/tag/v1.0.0 OR crates.io https://crates.io/crates/cracken/1.0.1

[Author] - Shmuel Amar & Or Safran

[Licence] - MIT

[Description] -

Cracken is used for:

* Generating Hybrid-Masks very VERY FAST superherozapdash (see performance section)
* Building Smartlists - compact & representative list of subwords from given passwords files (using hugs HuggingFace's tokenizers)
* Analyzing passwords for their Hybrid-Masks - building statistics for better password candidates (again very fast)

Demo on asciinema - https://asciinema.org/a/W8tIemGMzAEuNBvHbii7rcIds

[Dependencies] - all dependencies for build defined on Cargo.toml. The final binary does not require anything else.

[Similar tools] - What other tools are out there? maskprocessor, crunch, princeprocessor

[Activity] - Project started around 2019, we actively developed it and released it as part of our DeepSec2021 talk - https://deepsec.net/speaker.html#PSLOT517

[How to install] -
full description here - https://github.com/shmuelamar/cracken#installation

Option 0000001 - install from crates.io (preferred)
$ cargo install cracken

Option #2 - install with cargo:

  1. build from source

$ git clone https://github.com/shmuelamar/cracken
$ cd cracken
$ cargo build --release

[How to use]

run Cracken:

Example 0000001 - generate all words of length 8 starting with uppercase followed by 6 lowercase chars and then a digit:

$ cracken -o pwdz.lst '?u?l?l?l?l?l?l?d'

Example #2 - generate words from two wordlists with year suffix (1000-2999) <firstname><lastname><year>

$ cracken --wordlist firstnames.txt --wordlist lastnames.lst --charset '12' '?w1?w2?1?d?d?d'

Example #3 - create a Smartlist of size 50k from subwords extracted from rockyou.txt

$ cracken create -f rockyou.txt -m 50000 --smartlist smart.lst

Example 0000004 - estimate the entropy of hybrid mask of the password HelloWorld123! using a smartlist

$ cracken entropy -f smart.lst 'HelloWorld123!'

hybrid-min-split: ["hello", "world1", "2", "3", "!"]
hybrid-mask: ?w1?w1?d?d?s
hybrid-min-entropy: 42.73

charset-mask: ?l?l?l?l?l?l?l?l?l?l?d?d?d?s
charset-mask-entropy: 61.97

Even more examples:

Example Usage:

Generate Subcommand Examples:

all digits from 00000000 to 99999999

cracken ?d?d?d?d?d?d?d?d

all digits from 0 to 99999999

cracken -m 1 ?d?d?d?d?d?d?d?d

words with pwd prefix - pwd0000 to pwd9999

cracken pwd?d?d?d?d

all passwords of length 8 starting with upper then 6 lowers then digit

cracken ?u?l?l?l?l?l?l?d

same as above, write output to pwds.txt instead of stdout

cracken -o pwds.txt ?u?l?l?l?l?l?l?d

custom charset - all hex values

cracken -c 0123456789abcdef '?1?1?1?1'

4 custom charsets - the order determines the id of the charset

cracken -c 01 -c ab -c de -c ef '?1?2?3?4'

4 lowercase chars with years 2000-2019 suffix

cracken -c 01 '?l?l?l?l20?1?d'

starts with firstname from wordlist followed by 4 digits

cracken -w firstnames.txt '?w1?d?d?d?d'

starts with firstname from wordlist with lastname from wordlist ending with symbol

cracken -w firstnames.txt -w lastnames.txt -c '!@#$' '?w1?w2?1'

repeating wordlists multiple times and combining charsets

cracken -w verbs.txt -w nouns.txt '?w1?w2?w1?w2?w2?d?d?d'

Create Smartlists Subcommand Examples:

create smartlist from single file into smart.txt

cracken create -f rockyou.txt --smartlist smart.txt

create smartlist from multiple files with multiple tokenization algorithms

cracken create -t bpe -t unigram -t wordpiece -f rockyou.txt -f passwords.txt -f wikipedia.txt --smartlist smart.txt

create smartlist with minimum subword length of 3 and max numbers-only subwords of size 6

cracken create -f rockyou.txt --min-word-len 3 --numbers-max-size 6 --smartlist smart.txt

Entropy Subcommand Examples:

estimating entropy of a password

cracken entropy --smartlist vocab.txt 'helloworld123!'

estimating entropy of a passwords file with a charset mask entropy (default is hybrid)

cracken entropy --smartlist vocab.txt -t charset -p passwords.txt

estimating the entropy of a passwords file

cracken entropy --smartlist vocab.txt -p passwords.txt

[Packaged] - Not yet, if thats of interest to Kali we'll package it :)

Activities

cracken

cracken

2022-02-28 08:43

reporter   ~0015819

hi, can someone please take a look on this tool? thanks
g0tmi1k

g0tmi1k

2022-03-25 13:42

administrator   ~0015942

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

Issue History

Date Modified Username Field Change
2021-11-22 16:46 cracken New Issue
2022-02-28 08:43 cracken Note Added: 0015819
2022-03-25 13:42 g0tmi1k Note Added: 0015942
2022-03-25 13:42 g0tmi1k Category New Tool Requests => Queued Tool Addition
2022-05-04 12:54 g0tmi1k Status new => acknowledged