Password & Cracking

Depix: Recovers passwords from pixelized screenshots.

GitHub - spipm/Depixelization_poc: Depix is a PoC for a technique to recover plaintext from pixelized screenshots.GitHub

bopscrk: Before Outset PaSsword CRacKing is a tool to generate smart and powerful wordlists for targeted attacks.

spraygen: Password list generator for password spraying - prebaked with goodie.

cook: Easily create word's permutation and combination to generate complex wordlists and passwords.

crackpkcs12: A multithreaded program to crack PKCS#12 files (p12 and pfx extensions) by Aestu.

crackpkcs12 -d dictionary.txt certificate.pfx

hashcat: This is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.

Linux:
hashcat hash.txt -a 0 -m 3200 -w 4 --username -r /usr/share/hashcat/rules/best64.rule wordlist.txt --force

-r option will permutate the words, e.g:
password, password!, password1, password21, password30

Windows:
hashcat64.exe -a 0 --session=2021-04-02 -m 3200 -w 4 --username --force --status --status-timer=60 -p : -O --hwmon-disable -o "C:\Users\xxx\Desktop\cracked.txt" --outfile-format=3 -r "C:\Users\xxx\Desktop\hashcat-5.1.0\rules\nsav2.rule" "C:\Users\xxx\Desktop\hash.txt" "C:\Users\xxx\Desktop\wordlist.txt"

pack: PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

python statsgen.py rockyou.txt

pipal: Pipal, THE password analyser.

GitHub - digininja/pipal: Pipal, THE password analyserGitHub

Script to keep repetition of NTDS passwords when cracked with hashcat before analyze them with pipal:

#script to count repetitions of cracked passwords
import sys

if len(sys.argv) != 3:
    print("Usage: python script.py arg1[ntds_file] arg2[cracked_file]")
    print("Please provide exactly 2 arguments.")
    sys.exit(1)

if __name__ == "__main__":
	ntds_hashes = {}
	cracked_hashes= {}
	file_name_ntds = sys.argv[1]
	file_name_cracked= sys.argv[2]
	file_name_output = "output.txt"

	with open(file_name_output, 'w') as output_file:

	#open ntds file and compare if the hash is in cracked
		with open(file_name_ntds, 'r') as ntds_file:
			for line_ntds in ntds_file:
				parts = line_ntds.strip().split(':')
				with open(file_name_cracked, 'r') as cracked_file:
					for line_cracked in cracked_file:
						parts1 = line_cracked.strip().split(':')
						if parts[3] == parts1[0]:
						    output_file.write(parts1[1]+"\n")

BridgeKeeper: Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format.

$ python3 bridgekeeper.py --file names.txt --format {f}{last}@example.com --output example-employees/ --debug

Name: John Adams Smith
{f}{last}                   > jsmith
{f}{m}.{last}               > ja.smith
{f}{last}[4]@example.com    > [email protected]