Craken – Smart Hybrid Password List Creation Tool and Fast Password Wordlist Generator

Craken Rockyou Hybrid Wordlist - Smart Hybrid Password List Creation Tool and Fast Password Wordlist Generator

Cracken (Hybrid Password Wordlist Generator)

Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust. This tool is helping you to perform Password Brute Force attack. Inspired by great tools like maskprocessorhashcatCrunch and HuggingFace’s tokenizers.

What? Why? Woot??

At DeepSec2021 we presented a new method for analysing passwords as Hybrid-Masks exploiting common substrings in passwords by utilizing NLP tokenizers.

Our method splits a password into its subwords instead of just a characters mask. HelloWorld123! splitted into ['Hello', 'World', '123!'] as these three subwords are very common in other passwords.

Hybrid Masks & Smartlists

  • Smartlists – Compact & representative subword lists created from passwords by utilizing NLP tokenizers
  • Hybrid-Mask – A representation of a password as a combination of wordlists & characters (e.g. ?w1?w2?l?d)

Analyzing RockYou Passwords with Smartlists & Hybrid-Masks:

Craken Rockyou Hybrid Wordlist - Smart Hybrid Password List Creation Tool and Fast Password Wordlist Generator

Cracken is used for:

  • Generating Hybrid-Masks very VERY FAST
  • Building Smartlists – compact & representative list of subwords from given passwords files (using HuggingFace’s tokenizers)
  • Analyzing passwords for their Hybrid-Masks – building statistics for better password candidates (again very fast)

Possible workflows with Cracken:

Simple:

  1. Generate wordlist candidates from a hybrid mask – e.g. cracken -w rockyou.txt -w 100-most-common.txt '?w1?w2?d?d?d?d?s'
  2. You can pipe the passwords Cracken generates into hashcatjohn or your favorite password cracker

Advanced:

  1. Create a Smartlist from existing passwords – cracken create
  2. Analyze a passwords list of plaintext passwords – cracken entropy
  3. use most frequent Hybrid-Masks to generate password candidates fast – cracken generate -i hybrid-masks.txt

Installation

Install Cracken or compile from source

Download Binary (Linux Only Currently)

download latest release from releases

Build From Source (All Platforms)

Cracken is written in Rust and needs rustc to get compiled. Cracken should support all Platforms that Rust support.

Installation instructions for cargo

There are two options building from source – installing with cargo from crates.io (preferred) or compiling manually from source.

Usage

run Cracken:

generate all words of length 8 starting with uppercase followed by 6 lowercase chars and then a digit:

cracken -o pwdz.lst ‘?u?l?l?l?l?l?l?d’

generate words from two wordlists with year suffix (1000-2999) <firstname><lastname><year>

cracken –wordlist firstnames.txt –wordlist lastnames.lst –charset ’12’ ‘?w1?w2?1?d?d?d’

create a Smartlist of size 50k from subwords extracted from rockyou.txt

cracken create -f rockyou.txt -m 50000 –smartlist smart.lst

Demo

Craken Demo - Smart Hybrid Password List Creation Tool and Fast Password Wordlist Generator

Performance

As of writing this, Cracken is probably the world’s fastest wordlist generator:

Craken - Smart Hybrid Password List Creation Tool and Fast Password Wordlist Generator

THIS PROJECT MUST BE USED FOR LEGAL PURPOSES ONLY


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × three =