Breaking News



Cracken is a snappy password wordlist generator, Smartlist creation and password hybrid-mask analysis instrument written in herbal safe Rust (further on be in contact/). Inspired by way of great tools like maskprocessor, hashcat, Crunch and

What? Why? Woot??

At DeepSec2021 we introduced a brand spanking new method for analysing passwords as Hybrid-Masks exploiting conventional substrings in passwords by way of the usage of NLP tokenizers (further knowledge on be in contact/).

Our method splits a password into its subwords instead of just a characters mask. HelloWorld123! splitted into ['Hello', 'World', '123!'] as the ones 3 subwords are slightly same old in a lot of passwords.

Hybrid Masks & Smartlists

  • Smartlists – Compact & promoting information subword lists constituted of passwords by way of the usage of NLP tokenizers

  • Hybrid-Mask – A representation of a password as a mix of wordlists & characters (e.g. ?w1?w2?l?d)

Examining RockYou Passwords with Smartlists & Hybrid-Masks:

complete table proper right kind proper right here

Cracken is used for:

Imaginable workflows with Cracken:

Simple:

  1. Generate wordlist candidates from a hybrid mask – e.g. cracken -w rockyou.txt -w 100-most-common.txt '?w1?w2?d?d?d?d?s'
  2. You’ll be able to pipe the passwords Cracken generates into hashcat, john or your favorite password cracker

Difficult:

  1. Create a Smartlist from supply passwords – cracken create
  2. Analyze a passwords tick list of plaintext passwords – cracken entropy
  3. use most popular Hybrid-Masks to generate password candidates speedy – cracken generate -i hybrid-masks.txt

For extra details see Usage section

Getting Started

download (linux only lately): latest release

for additonal arrange conceivable alternatives see arrange section

run Cracken:

generate all words of length 8 starting with uppercase followed by way of 6 lowercase chars and then a digit:

$ cracken -o pwdz.lst '?u?l?l?l?l?l?l?d'

generate words from two wordlists with twelve months suffix (1000-2999) <firstname><lastname><twelve months>

$ cracken --wordlist firstnames.txt --wordlist lastnames.lst --charset '12' '?w1?w2?1?d?d?d'

create a Smartlist of size 50k from subwords extracted from rockyou.txt

$ cracken create -f rockyou.txt -m 50000 --smartlist very good.lst

estimate the entropy of hybrid mask of the password HelloWorld123! the usage of a smartlist

$ cracken entropy -f very good.lst 'HelloWorld123!'

hybrid-min-split: ["hello", "world1", "2", "3", "!"]
hybrid-mask: ?w1?w1?d?d?s
hybrid-min-entropy: 42.73
--
charset-mask: ?l?l?l?l?l?l?l?l?l?l?d?d?d?s
charset-mask-entropy: 61.97

Potency

As of penning this, Cracken is maximum surely the field’s fastest wordlist generator:

Cracken has spherical 25% upper potency over hashcat’s speedy maskprocessor thats written in C.

Cracken can generate spherical 2 GB/s in line with core.

further details on benchmarks/

Why tempo is very important? A typical GPU can check out billions passwords in line with 2d depending on the password hash function. When the wordlist generator produces fewer words in line with 2d than the cracking instrument can take care of – the cracking tempo will degrade.

Hybrid-Masks Analysis Potency

Cracken uses A* algorithm to research passwords very speedy. it will to look out the minimal Hybrid-Mask of passwords file at price of ~100k Passwords/sec (cracken entropy -f words1.txt -f words2.txt ... -p pwds.txt)

Arrange

arrange Cracken or acquire from provide

Download Binary (Linux Simplest This present day)

download latest release from releases

Bring together From Provide (All Platforms)

Cracken is written in Rust and needs rustc to get compiled. Cracken will have to support all Platforms that Rust support.

arrange instructions for cargo

there are two conceivable alternatives building from provide – putting in place with cargo from crates.io (most up to date) or compiling manually from provide.

1. arrange from crates.io (most up to date)

arrange with cargo:

2. carry in combination from provide

clone Cracken:

$ git clone https://github.com/shmuelamar/cracken

carry in combination Cracken:

$ cd cracken
$ cargo carry in combination --release

run it:

$ ./objective/release/cracken --help

Usage Wisdom

generator USAGE: cracken [SUBCOMMAND] FLAGS: -h, –help Prints lend a hand knowledge -V, –version Prints version knowledge SUBCOMMANDS: generate (default) – Generates newline separated words in line with given mask and wordlist data create Create a brand spanking new smartlist from input file(s) entropy Computes the estimated entropy of password or password file. The entropy of a password is the log2(len(keyspace)) of the password. There are two sorts of keyspace size estimations: * mask – keyspace of every char (digit=10, lowercase=26…). * hybrid – finding minimal reduce up into subwords and charsets. For specific subcommand lend a hand run: cracken –help Example Usage: ## Generate Subcommand Examples: # all digits from 00000000 to 99999999 cracken ?d?d?d?d?d?d?d?d # all digits from 0 to 99999999 cracken -m 1 ?d?d?d?d?d?d?d?d # words with pwd prefix – pwd0000 to pwd9999 cracken pwd?d?d?d?d # all passwords of length 8 starting with upper then 6 lowers then digit cracken ?u?l?l?l?l?l?l?d # an an an identical as above, write output to pwds.txt instead of stdout cracken -o pwds.txt ?u?l?l?l?l?l?l?d # custom charset – all hex values cracken -c 0123456789abcdef ‘?1?1?1?1’ # 4 custom charsets – the order determines the identity of the charset cracken -c 01 -c ab -c de -c ef ‘?1?2?3?4’ # 4 lowercase chars with years 2000-2019 suffix cracken -c 01 ‘?l?l?l?l20?1?d’ # starts with firstname from wordlist followed by way of 4 digits cracken -w firstnames.txt ‘?w1?d?d?d?d’ # starts with firstname from wordlist with lastname from wordlist completing with symbol cracken -w firstnames.txt -w lastnames.txt -c ‘[email protected]#$’ ‘?w1?w2?1’ # repeating wordlists a few events and combining charsets cracken -w verbs.txt -w nouns.txt ‘?w1?w2?w1?w2?w2?d?d?d’ ## Create Smartlists Subcommand Examples: # create smartlist from single file into very good.txt cracken create -f rockyou.txt –smartlist very good.txt # create smartlist from a few data with a few tokenization algorithms cracken create -t bpe -t unigram -t wordpiece -f rockyou.txt -f passwords.txt -f wikipedia.txt –smartlist very good.txt # create smartlist with minimum subword length of 3 and max numbers-only subwords of size 6 cracken create -f rockyou.txt –min-word-len 3 –numbers-max-size 6 –smartlist very good.txt ## Entropy Subcommand Examples: # estimating entropy of a password cracken entropy –smartlist vocab.txt ‘helloworld123!’ # estimating entropy of a passwords file with a charset mask entropy (default is hybrid) cracken entropy –smartlist vocab.txt -t charset -p passwords.txt # estimating the entropy of a passwords file cracken entropy –smartlist vocab.txt -p passwords.txt cracken-v1.0.0 linux-x86_64 compiler: rustc 1.56.1 (59eed8a2a 2021-11-01) further knowledge at: https://github.com/shmuelamar/cracken “>

$ cracken --help
Cracken v1.0.0 - a snappy password wordlist generator

USAGE:
cracken [SUBCOMMAND]

FLAGS:
-h, --help Prints lend a hand knowledge
-V, --version Prints version knowledge

SUBCOMMANDS:
generate (default) - Generates newline separated words in line with given mask and wordlist data
create Create a brand spanking new smartlist from input file(s)
entropy
Computes the estimated entropy of password or password file.
The entropy of a password is the log2(len(keyspace)) of the password.

There are two sorts of keyspace size estimations:
* mask - keyspace of every char (digit=10, lowercase=26...).
* hybrid - finding minimal reduce up into subwords and charsets.

For specific subcommand lend a hand run: cracken <subcommand> --help

Example U sage:

## Generate Subcommand Examples:

# all digits from 00000000 to 99999999
cracken ?d?d?d?d?d?d?d?d

# all digits from 0 to 99999999
cracken -m 1 ?d?d?d?d?d?d?d?d

# words with pwd prefix - pwd0000 to pwd9999
cracken pwd?d?d?d?d

# all passwords of length 8 starting with upper then 6 lowers then digit
cracken ?u?l?l?l?l?l?l?d

# an an an identical as above, write output to pwds.txt instead of stdout
cracken -o pwds.txt ?u?l?l?l?l?l?l?d

# custom charset - all hex values
cracken -c 0123456789abcdef '?1?1?1?1'

# 4 custom charsets - the order determines the identity of the charset
cracken -c 01 -c ab -c de -c ef '?1?2?3?4'

# 4 lowercase chars with years 2000-2019 suffix
cracken -c 01 '?l?l?l?l20?1?d'

# starts with firstname from wordlist followed by way of 4 digits
cracken -w firstnames.txt '?w1?d?d?d?d'

# starts with firstname from wordlist with lastname from wordlist completing with symbol
cracken -w firstnames.txt -w lastnames.txt -c '[email protected]#$' '?w1?w2?1'

# repeating wordlists a few events and combining charsets
cracken -w verbs.txt -w nouns.txt '?w1?w2?w1?w2?w2?d?d?d'

## Create Smartlists Subcommand Examples:

# create smartlist from single file into very good.txt
cracken create -f rockyou.txt --smartlist very good.txt

# create smartlist from a few data with a few tokenization algorithms
cracken create -t bpe -t unigram -t wordpiece -f rockyou.txt -f passwords.txt -f wikipedia.txt --smartlist very good.txt

# create smartlist with minimum subword length of 3 and max numbers-only subwords of size 6
cracken create -f rockyou.txt --min-word-len 3 --numbers-max-size 6 --smartlist very good.txt

## Entropy Subcommand Examples:

# estimating entropy of a password
cracken entropy --smartlist vocab.txt 'helloworld123!'

# estimating entropy of a passwords file with a charset mask entropy (default is hybrid)
cracken entropy --smartlist vocab.txt -t charset -p passwords.txt

# estimating the entropy of a passwords file
cracken entropy --smartlist vocab.txt -p passwords.txt

cracken-v1.0.0 linux-x86_64 compiler: rustc 1.56.1 (59eed8a2a 2021-11-01)
further knowledge at: https://github.com/shmuelamar/cracken

Generate Subcommand Usage Wisdom

$ cracken generate --help
cracken-generate
(default) - Generates newline separated words in line with given mask and wordlist data

USAGE:
cracken generate [FLAGS] [OPTIONS] <mask> --masks-file <masks-file>

FLAGS:
-h, --help
Prints lend a hand knowledge

-s, --stats
prints the number of words this command will generate and exits

-V, --version
Prints version knowledge

OPTIONS:
-c, --custom-charset <custom-charset>...
custom charset (string of chars). up to 9 custom charsets - ?1 to ?9. use ?1 on the mask for the principle charset

-i, --masks-file <masks-file>
a file containing masks to generate

-x, --maxlen <max-length>
maximum length of the mask to start out out out from

-m, --minlen & lt;min-length>
minimum length of the mask to start out out out from

-o, --output-file <output-file>
output file to put in writing the wordlist to, defaults to stdout

-w, --wordlist <wordlist>...
filename containing newline (0xA) separated words. believe: lately all wordlists loaded to memory

ARGS:
<mask>
the wordlist mask to generate.
available masks are:
builtin charsets:
?d - digits: "0123456789"
?l - lowercase: "abcdefghijklmnopqrstuvwxyz"
?u - uppercase: "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
?s - symbols: " !"#$%&'()*+,-./:;<=>[email protected][]^_`~"
?a - all characters: ?d + ?l + ?u + ?s
?b - all binary values: (0-255)

custom charset s ?1 to ?9:
?1 - first custom charset specified by --charset 'mychars'

wordlists ?w1 to ?w9:
?w1 - first wordlist specified by --wordlist 'my-wordlist.txt'

Create Smartlist Subcommand Usage Wisdom

$ cracken create --help  
cracken-create
Create a brand spanking new smartlist from input file(s)

USAGE:
cracken create [FLAGS] [OPTIONS] --file <file>... --smartlist <smartlist>

FLAGS:
-h, --help Prints lend a hand knowledge
-q, --quiet disables printing building bar
-V, --version Prints version knowledge

OPTIONS:
-f, --file <file>... input filename, may also be specified a few events for a few data
--min-frequency <min_frequency> minimum frequency of a understand, comparable only for BPE tokenizer
-l, --min-word-len <min_word_len> filters words shorter than the required length
--numbers-max-size <numbers_max_size> filters numbers (all digits) longer than the required size
-o, --smartlist <smartlist> output smartlist filename
-t, --tokenizer <tokeniz er>... tokenizer to use, may also be specified a few events.
one amongst: bpe,unigram,wordpiece [default: bpe] [possible values: bpe, unigram, wordpiece]
-m, --vocab-max-size <vocab_max_size> max vocabulary size

Entropy Subcommand Usage Wisdom

$ cracken entropy --help
cracken-entropy

Computes the estimated entropy of password or password file.
The entropy of a password is the log2(len(keyspace)) of the password.

There are two sorts of keyspace size estimations:
* mask - keyspace of every char (digit=10, lowercase=26...).
* hybrid - finding minimal reduce up into subwords and charsets.

USAGE:
cracken entropy [FLAGS] [OPTIONS] <password> --smartlist <smartlist>...

FLAGS:
-h, --help Prints lend a hand knowledge
-s, --summary output summary of entropy for password
-V, --version Prints version knowledge

OPTIONS:
-t, --mask-type <mask_type> type of mask to output, one amongst: charsets(charsets only), hybrid(charsets+wordlists) [possible values: hybrid, charset]
-p, --passwords-file <passwords-file> newline separated password file to estimate entropy for
-f, --smartlist <smartlist>... smartlist input file to estimate entropy with, a newline separated text file

ARGS:
<password> password to

License

Cracken is permitted underneath MIT. THIS PROJECT MUST BE USED FOR LEGAL PURPOSES ONLY

Contributing

Cracken is underneath lively building, if you wish to lend a hand beneath is this the partial roadmap for this undertaking. Feel free to place up PRs and open issues.




Leave a Reply

Your email address will not be published. Required fields are marked *

Donate Us

X