psudohash is a password checklist generator for orchestrating brute drive assaults. It imitates sure password creation patterns generally utilized by people, like substituting a phrase’s letters with symbols or numbers, utilizing char-case variations, including a standard padding earlier than or after the phrase and extra. It’s keyword-based and extremely customizable.
Pentesting Company Environments
System directors and different staff typically use a mutated model of the Firm’s title to set passwords (e.g. [email protected]_2022). That is generally the case for community gadgets (Wi-Fi entry factors, switches, routers, and many others), software and even area accounts. With probably the most primary choices, psudohash can generate a wordlist with all potential mutations of 1 or a number of key phrases, based mostly on frequent character substitution patterns (customizable), case variations, strings generally used as padding and extra. Check out the next instance:
The script features a primary character substitution schema. You may add/modify character substitution patterns by enhancing the supply and following the info construction logic introduced under (default):
transformations = [
{'a' : '@'},
{'b' : '8'},
{'e' : '3'},
{'g' : ['9', '6']},
{'i' : ['1', '!']},
{'o' : '0'},
{'s' : ['$', '5']},
{'t' : '7'}
]
People
On the subject of individuals, i believe all of us have (roughly) set passwords utilizing a mutation of a number of phrases that imply one thing to us e.g., our title or spouse/child/pet/band names, sticking the 12 months we have been born on the finish or perhaps an excellent safe padding like “[email protected]#”. Nicely, guess what?
Set up
No particular necessities. Simply clone the repo and make the script executable:
git clone https://github.com/t3l3machus/psudohash
cd ./psudohash
chmod +x psudohash.py
Utilization
./psudohash.py [-h] -w WORDS [-an LEVEL] [-nl LIMIT] [-y YEARS] [-ap VALUES] [-cpb] [-cpa] [-cpo] [-o FILENAME] [-q]
The assistance dialog [ -h, –help ] consists of utilization particulars and examples.
Utilization Suggestions
- Combining choices
--yearsand--append-numberingwith a--numbering-limit≥ final two digits of any 12 months enter, will more than likely produce duplicate phrases due to the mutation patterns applied by the device. - If you happen to add customized padding values and/or modify the predefined frequent padding values within the supply code, together with a number of elective parameters, there’s a small likelihood of duplicate phrases occurring. psudohash consists of phrase filtering controls however for velocity’s sake, these are restricted.
Future
I am gathering data concerning generally used password creation patterns to reinforce the device’s capabilities.
