https://github.com/Hydraze/pack PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through [[Password Pattern Analysis]] of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for [[Hashcat]] family of password crackers. NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient. ## Selecting passwords lists for analysis ================================== Before we can begin using the toolkit we must establish a selection criteria of password lists. Since we are looking to analyze the way people create their passwords, we must obtain as large of a sample of leaked passwords as possible. One such excellent list is based on RockYou.com compromise. This list both provides large and diverse enough collection that provides a good results for common passwords used by similar sites (e.g. social networking). The analysis obtained from this list may not work for organizations with specific password policies. As such, selecting sample input should be as close to your target as possible. In addition, try to avoid obtaining lists based on already cracked passwords as it will generate statistics bias of rules and masks used by individual(s) cracking the list and not actual users. http://thesprawl.org/projects/pack/ ### STATSGEN Generate statistics about the most common length, percentages, character-set and other characteristics of passwords from a provided list. ``` python statsgen.py passwords.txt ``` STATSGEN OPTIONS ``` -o <file.txt> output stats and masks to file --hiderare --minlength= ``` hide stats of passwords with less than 1% of occurrence minimum password length for analysis ``` --maxlength= maximum password length for analysis --charset= --simplemask=password char filter: loweralpha,upperalpha,numeric,special password mask filter: string,digit,special ``` #### STATSGEN EXAMPLES Output stats of passwords.txt to file example.mask: ``` python statsgen.py passwords.txt -o example.mask ``` Hide less than 1% occurrence; only analyze passwords 7 characters and greater: ``` python statsgen.py passwords.txt --hiderare --minlength=7 -o example.mask ``` Stats on passwords with only numeric characters: ``` python statsgen.py passwords.txt --charset=numeric ``` [[Home]]