View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007455 | Kali Linux | [All Projects] Queued Tool Addition | public | 2021-11-22 16:46 | 2022-05-04 12:54 |
| Reporter | cracken | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | acknowledged | Resolution | open | ||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0007455: Cracken - A Data Driven Approach for Password Cracking | ||||
| Description | [Name] - Cracken [Version] - v1.0.1 (git tag) [Homepage] - https://github.com/shmuelamar/cracken/tree/v1.0.1 [Download] - https://github.com/shmuelamar/cracken/releases/tag/v1.0.0 OR crates.io https://crates.io/crates/cracken/1.0.1 [Author] - Shmuel Amar & Or Safran [Licence] - MIT [Description] - Cracken is used for: * Generating Hybrid-Masks very VERY FAST superherozapdash (see performance section) * Building Smartlists - compact & representative list of subwords from given passwords files (using hugs HuggingFace's tokenizers) * Analyzing passwords for their Hybrid-Masks - building statistics for better password candidates (again very fast) Demo on asciinema - https://asciinema.org/a/W8tIemGMzAEuNBvHbii7rcIds [Dependencies] - all dependencies for build defined on Cargo.toml. The final binary does not require anything else. [Similar tools] - What other tools are out there? maskprocessor, crunch, princeprocessor [Activity] - Project started around 2019, we actively developed it and released it as part of our DeepSec2021 talk - https://deepsec.net/speaker.html#PSLOT517 [How to install] - full description here - https://github.com/shmuelamar/cracken#installation Option 0000001 - install from crates.io (preferred) $ cargo install cracken Option #2 - install with cargo: 2. build from source $ git clone https://github.com/shmuelamar/cracken $ cd cracken $ cargo build --release [How to use] run Cracken: Example 0000001 - generate all words of length 8 starting with uppercase followed by 6 lowercase chars and then a digit: $ cracken -o pwdz.lst '?u?l?l?l?l?l?l?d' Example #2 - generate words from two wordlists with year suffix (1000-2999) <firstname><lastname><year> $ cracken --wordlist firstnames.txt --wordlist lastnames.lst --charset '12' '?w1?w2?1?d?d?d' Example #3 - create a Smartlist of size 50k from subwords extracted from rockyou.txt $ cracken create -f rockyou.txt -m 50000 --smartlist smart.lst Example 0000004 - estimate the entropy of hybrid mask of the password HelloWorld123! using a smartlist $ cracken entropy -f smart.lst 'HelloWorld123!' hybrid-min-split: ["hello", "world1", "2", "3", "!"] hybrid-mask: ?w1?w1?d?d?s hybrid-min-entropy: 42.73 -- charset-mask: ?l?l?l?l?l?l?l?l?l?l?d?d?d?s charset-mask-entropy: 61.97 # Even more examples: Example Usage: ## Generate Subcommand Examples: # all digits from 00000000 to 99999999 cracken ?d?d?d?d?d?d?d?d # all digits from 0 to 99999999 cracken -m 1 ?d?d?d?d?d?d?d?d # words with pwd prefix - pwd0000 to pwd9999 cracken pwd?d?d?d?d # all passwords of length 8 starting with upper then 6 lowers then digit cracken ?u?l?l?l?l?l?l?d # same as above, write output to pwds.txt instead of stdout cracken -o pwds.txt ?u?l?l?l?l?l?l?d # custom charset - all hex values cracken -c 0123456789abcdef '?1?1?1?1' # 4 custom charsets - the order determines the id of the charset cracken -c 01 -c ab -c de -c ef '?1?2?3?4' # 4 lowercase chars with years 2000-2019 suffix cracken -c 01 '?l?l?l?l20?1?d' # starts with firstname from wordlist followed by 4 digits cracken -w firstnames.txt '?w1?d?d?d?d' # starts with firstname from wordlist with lastname from wordlist ending with symbol cracken -w firstnames.txt -w lastnames.txt -c '[email protected]#$' '?w1?w2?1' # repeating wordlists multiple times and combining charsets cracken -w verbs.txt -w nouns.txt '?w1?w2?w1?w2?w2?d?d?d' ## Create Smartlists Subcommand Examples: # create smartlist from single file into smart.txt cracken create -f rockyou.txt --smartlist smart.txt # create smartlist from multiple files with multiple tokenization algorithms cracken create -t bpe -t unigram -t wordpiece -f rockyou.txt -f passwords.txt -f wikipedia.txt --smartlist smart.txt # create smartlist with minimum subword length of 3 and max numbers-only subwords of size 6 cracken create -f rockyou.txt --min-word-len 3 --numbers-max-size 6 --smartlist smart.txt ## Entropy Subcommand Examples: # estimating entropy of a password cracken entropy --smartlist vocab.txt 'helloworld123!' # estimating entropy of a passwords file with a charset mask entropy (default is hybrid) cracken entropy --smartlist vocab.txt -t charset -p passwords.txt # estimating the entropy of a passwords file cracken entropy --smartlist vocab.txt -p passwords.txt [Packaged] - Not yet, if thats of interest to Kali we'll package it :) | ||||
|
|
hi, can someone please take a look on this tool? thanks |
|
|
@kali-team, please could this be packaged up. @author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging |