Craken – Smart Hybrid Password List Creation Tool and Fast Password Wordlist Generator

Cracken (Hybrid Password Wordlist Generator)

Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust. This tool is helping you to perform Password Brute Force attack. Inspired by great tools like maskprocessor, hashcat, Crunch and HuggingFace’s tokenizers.

What? Why? Woot??

At DeepSec2021 we presented a new method for analysing passwords as Hybrid-Masks exploiting common substrings in passwords by utilizing NLP tokenizers.

Our method splits a password into its subwords instead of just a characters mask. HelloWorld123! splitted into ['Hello', 'World', '123!'] as these three subwords are very common in other passwords.

Hybrid Masks & Smartlists

• Smartlists – Compact & representative subword lists created from passwords by utilizing NLP tokenizers
• Hybrid-Mask – A representation of a password as a combination of wordlists & characters (e.g. ?w1?w2?l?d)

Analyzing RockYou Passwords with Smartlists & Hybrid-Masks:

Cracken is used for:

• Generating Hybrid-Masks very VERY FAST
• Building Smartlists – compact & representative list of subwords from given passwords files (using HuggingFace’s tokenizers)
• Analyzing passwords for their Hybrid-Masks – building statistics for better password candidates (again very fast)

Possible workflows with Cracken:

Simple:

1. Generate wordlist candidates from a hybrid mask – e.g. cracken -w rockyou.txt -w 100-most-common.txt '?w1?w2?d?d?d?d?s'
2. You can pipe the passwords Cracken generates into hashcat, john or your favorite password cracker

Advanced:

1. Create a Smartlist from existing passwords – cracken create
2. Analyze a passwords list of plaintext passwords – cracken entropy
3. use most frequent Hybrid-Masks to generate password candidates fast – cracken generate -i hybrid-masks.txt

Installation

Install Cracken or compile from source

Download Binary (Linux Only Currently)

download latest release from releases

Build From Source (All Platforms)

Cracken is written in Rust and needs rustc to get compiled. Cracken should support all Platforms that Rust support.

Installation instructions for cargo

There are two options building from source – installing with cargo from crates.io (preferred) or compiling manually from source.

Usage

run Cracken:

generate all words of length 8 starting with uppercase followed by 6 lowercase chars and then a digit:

generate words from two wordlists with year suffix (1000-2999) <firstname><lastname><year>

create a Smartlist of size 50k from subwords extracted from rockyou.txt

Demo

Performance

As of writing this, Cracken is probably the world’s fastest wordlist generator:

THIS PROJECT MUST BE USED FOR LEGAL PURPOSES ONLY