Cracken (Hybrid Password Wordlist Generator)
Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust. This tool is helping you to perform Password Brute Force attack. Inspired by great tools like maskprocessor, hashcat, Crunch and HuggingFace’s tokenizers.
What? Why? Woot??
At DeepSec2021 we presented a new method for analysing passwords as Hybrid-Masks exploiting common substrings in passwords by utilizing NLP tokenizers.
Our method splits a password into its subwords instead of just a characters mask. HelloWorld123! splitted into ['Hello', 'World', '123!'] as these three subwords are very common in other passwords.
Hybrid Masks & Smartlists
- Smartlists – Compact & representative subword lists created from passwords by utilizing NLP tokenizers
- Hybrid-Mask – A representation of a password as a combination of wordlists & characters (e.g.
?w1?w2?l?d)
Analyzing RockYou Passwords with Smartlists & Hybrid-Masks:
Cracken is used for:
- Generating
Hybrid-Masksvery VERY FAST - Building
Smartlists– compact & representative list of subwords from given passwords files (using HuggingFace’s tokenizers) - Analyzing passwords for their
Hybrid-Masks– building statistics for better password candidates (again very fast)
Possible workflows with Cracken:
Simple:
- Generate wordlist candidates from a hybrid mask – e.g.
cracken -w rockyou.txt -w 100-most-common.txt '?w1?w2?d?d?d?d?s' - You can pipe the passwords Cracken generates into
hashcat,johnor your favorite password cracker
Advanced:
- Create a Smartlist from existing passwords –
cracken create - Analyze a passwords list of plaintext passwords –
cracken entropy - use most frequent
Hybrid-Masksto generate password candidates fast –cracken generate -i hybrid-masks.txt
Installation
Install Cracken or compile from source
Download Binary (Linux Only Currently)
download latest release from releases
Build From Source (All Platforms)
Cracken is written in Rust and needs rustc to get compiled. Cracken should support all Platforms that Rust support.
Installation instructions for cargo
There are two options building from source – installing with cargo from crates.io (preferred) or compiling manually from source.
Usage
run Cracken:
generate all words of length 8 starting with uppercase followed by 6 lowercase chars and then a digit:
generate words from two wordlists with year suffix (1000-2999) <firstname><lastname><year>
create a Smartlist of size 50k from subwords extracted from rockyou.txt
Demo
Performance
As of writing this, Cracken is probably the world’s fastest wordlist generator:
THIS PROJECT MUST BE USED FOR LEGAL PURPOSES ONLY
