kali工具箱

PACK Package Description

PACK was developed in order to aid in a password cracking competition “Crack Me If You Can” that occurred during Defcon 2010. The goal of this toolkit is to aid in preparation for the “better than bruteforce” password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for tools such as oclHashcat. NOTE: This tool itself can not crack passwords, but helps other tools crack more passwords faster.

Source: http://thesprawl.org/projects/pack/
PACK Homepage | Kali PACK Repo

Author: iphelix
License: GPLv3

Tools included in the pack package

dictstat – Generate dictionary file statistics

[email protected]:~# dictstat -h

[?] Psyco is not available. Install Psyco on 32-bit systems for faster parsing.

Usage: dictstat [options] passwords.txt



Options:

  --version             show program's version number and exit

  -h, --help            show this help message and exit

  -l 8, --length=8      Password length filter.

  -c loweralpha, --charset=loweralpha

                        Password charset filter.

  -m stringdigit, --mask=stringdigit

                        Password mask filter

  -o masks.csv, --maskoutput=masks.csv

                        Save masks to a file

maskgen – Generate hashcat masks

[email protected]:~# maskgen -h

Usage: maskgen [options] masksfile.csv



Options:

  --version             show program's version number and exit

  -h, --help            show this help message and exit

  --minlength=8         Minimum password length

  --maxlength=8         Maximum password length

  --mintime=MINTIME     Minimum time to crack

  --maxtime=MAXTIME     Maximum time to crack

  --complexity=COMPLEXITY

                        maximum password complexity

  --occurence=OCCURENCE

                        minimum times mask was used

  --checkmask=?u?l ?l ?l ?l ?l ?d

                        check mask coverage

  --showmasks           Show matching masks

  --pps=1000000000      Passwords per Second

policygen – Generate hashcat masks

[email protected]:~# policygen -h

Usage: policygen [options]



Type --help for more options



Options:

  --version             show program's version number and exit

  -h, --help            show this help message and exit

  --length=8            Password length

  -o masks.txt, --output=masks.txt

                        Save masks to a file

  --pps=1000000000      Passwords per Second

  -v, --verbose



  Password Policy:

    Define the minimum (or maximum) password strength policy that you

    would like to test



    --mindigits=1       Minimum number of digits

    --minlower=1        Minimum number of lower-case characters

    --minupper=1        Minimum number of upper-case characters

    --minspecial=1      Minimum number of special characters

    --maxdigits=3       Maximum number of digits

    --maxlower=3        Maximum number of lower-case characters

    --maxupper=3        Maximum number of upper-case characters

    --maxspecial=3      Maximum number of special characters

dictstat Usage Example

Generate statistics for passwords with a length of 10 (-l 10) contained in the rockyou wordlist (rockyou.txt):

[email protected]:~# dictstat -l 10 rockyou.txt 

[?] Psyco is not available. Install Psyco on 32-bit systems for faster parsing.

[*] Analyzing passwords: rockyou.txt

[+] Analyzing 14% (2013690/14344392) passwords

    NOTE: Statistics below is relative to the number of analyzed passwords, not total number of passwords



[*] Line Count Statistics...

[+]                        10: 100% (2013690)



[*] Mask statistics...

[+]               stringdigit: 37% (750966)

[+]                  alldigit: 23% (478224)

[+]                 allstring: 22% (452145)

[+]                 othermask: 04% (90240)

[+]               digitstring: 03% (78964)

[+]         stringdigitstring: 02% (59783)

[+]       stringspecialstring: 01% (33178)

[+]        stringspecialdigit: 01% (25295)

[+]             stringspecial: 01% (22176)

[+]          digitstringdigit: 00% (17290)

[+]      specialstringspecial: 00% (3459)

[+]             specialstring: 00% (1767)

[+]                allspecial: 00% (203)



[*] Charset statistics...

[+]             loweralphanum: 41% (836189)

[+]                   numeric: 23% (478224)

[+]                loweralpha: 20% (416961)

[+]      loweralphaspecialnum: 03% (66553)

[+]         loweralphaspecial: 02% (55720)

[+]             mixedalphanum: 02% (54199)

[+]             upperalphanum: 02% (47431)

[+]                upperalpha: 00% (19723)

[+]                mixedalpha: 00% (15461)

[+]      mixedalphaspecialnum: 00% (9014)

[+]         mixedalphaspecial: 00% (6856)

[+]      upperalphaspecialnum: 00% (3699)

[+]         upperalphaspecial: 00% (3457)

[+]                   special: 00% (203)



[*] Advanced Mask statistics...

[+]      ?d?d?d?d?d?d?d?d?d?d: 23% (478224)

[+]      ?l?l?l?l?l?l?l?l?l?l: 20% (416961)

[+]      ?l?l?l?l?l?l?l?l?d?d: 10% (213117)

[+]      ?l?l?l?l?l?l?d?d?d?d: 07% (160596)

[+]      ?l?l?l?l?l?l?l?l?l?d: 06% (129833)

[+]      ?l?l?l?l?l?l?l?d?d?d: 04% (87613)

[+]      ?l?l?l?l?d?d?d?d?d?d: 01% (33277)

policygen Usage Example

Generate Hashcat masks with a length of 8 (–length=8) and containing at least 1 uppercase letter (–minupper 1) and at least 1 digit (–mindigit 1), saving the masks to a file (-o complexity.hcmask):

[email protected]:~# policygen --length=8 --minupper 1 --mindigit 1 -o complexity.hcmask

[*] Password policy:

[+] Password length: 8

[+] Minimum strength: lower: 0, upper: 1, digits: 1, special: 0

[+] Maximum strength: lower: 8, upper: 8, digits: 8, special: 8

[*] Total Masks:  65536 Runtime: [76d|1834h|110078m|6604680s]

[*] Policy Masks: 52670 Runtime: [40d|977h|58659m|3519568s]

[email protected]:~# head complexity.hcmask 

?l?l?l?l?l?l?u?d

?l?l?l?l?l?l?d?u

?l?l?l?l?l?u?l?d

?l?l?l?l?l?u?u?d

?l?l?l?l?l?u?d?l

?l?l?l?l?l?u?d?u

?l?l?l?l?l?u?d?d

?l?l?l?l?l?u?d?s

?l?l?l?l?l?u?s?d

?l?l?l?l?l?d?l?u