Extract passwords that meet custom complexity rules
Introduction
I regularly use dictionary files in password attacks, sprays etc, but I often find that my target network/application is enforcing some kind of password complexity policy. What this means if you're using something like rockyou.txt, is that over 90% of those passwords are not going to be compliant.
I've looked for a tool which will let me extract passwords that meet a set of complexity rules, but I couldn't find anything. Maybe I need to improve my googling skills.
In the end, I decided to write a simple tool myself.
GetCompliant will extract all passwords from a sourcefile that meet custom complexity rules.
Usage:
_ _ _ _
___ ___ | |_ ___ ___ _____ ___ | ||_| ___ ___ | |_
| . || -_|| _|| _|| . || || . || || || .'|| || _|
| _ ||___||_| |___||___||_|_|_|| _||_||_||__,||_|_||_|
|___| |_|
@_RythmStick
Usage:
-i, --inputfile=VALUE Password File eg. rockyou.txt
-o, --outputfile=VALUE Output File
-f, --forceoverwrite force overwrite if Output file exists
-m, --minlength=VALUE Minimum password Length
-x, --maxlength=VALUE Maximum password Length
-u, --upper must include Uppercase set
-l, --lower must include Lowercase set
-p, --special must include Special Char set
-n, --number must include Number set
-s, --sets=VALUE number of Mandatory sets (default: All Sets)
-h, -?, --help Show Help
Examples
Extract passwords from rockyou.txt that contain 3 out of the following sets: Uppercase, Lowercase, Digits and Symbols, with a minimum length of 7 characters.
comments powered by Disqus