PolicyGen

Description

PolicyGen – A lot of the mask and dictionary attacks will fail in the corporate environment with minimum password complexity requirements. Instead of resorting to a pure bruteforcing attack, we can leverage known or guessed password complexity rules to avoid trying password candidates that are not compliant with the policy or inversely only audit for noncompliant passwords. Using PolicyGen, you will be able to generate a collection of masks following the password complexity in order to significantly reduce the cracking time.

Usage

Syntax

policygen.py [options]

Options

  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -o masks.hcmask, --outputmasks=masks.hcmask
                        Save masks to a file
  --pps=1000000000      Passwords per Second
  --showmasks           Show matching masks
  --noncompliant        Generate masks for noncompliant passwords
  -q, --quiet           Don't show headers.

  Password Policy:
    Define the minimum (or maximum) password strength policy that you
    would like to test

    --minlength=8       Minimum password length
    --maxlength=8       Maximum password length
    --mindigit=1        Minimum number of digits
    --minlower=1        Minimum number of lower-case characters
    --minupper=1        Minimum number of upper-case characters
    --minspecial=1      Minimum number of special characters
    --maxdigit=3        Maximum number of digits
    --maxlower=3        Maximum number of lower-case characters
    --maxupper=3        Maximum number of upper-case characters
    --maxspecial=3      Maximum number of special characters

Example

cyborg@cyborg:~$ sudo policygen --minlength 5 --minlength 7 --minlower 2 --minupper 1 -o complex.hcmask 
                       _ 
     Policy Gen 0.0.2  | |
      _ __   __ _  ___| | _
     | '_ \ / _` |/ __| |/ /
     | |_) | (_| | (__|   < 
     | .__/ \__,_|\___|_|\_\
     | |                    
     |_| [email protected]


[*] Saving generated masks to [complex.hcmask]
[*] Using 1,000,000,000 keys/sec for calculations.
[*] Password policy:
    Pass Lengths: min:7 max:8
    Min strength: l:2 u:1 d:None s:None
    Max strength: l:None u:None d:None s:None
[*] Generating [compliant] masks.
[*] Generating 7 character password masks.
[*] Generating 8 character password masks.
[*] Total Masks:  81920 Time: 77 days, 14:13:58
[*] Policy Masks: 43681 Time: 48 days, 4:18:34

 

0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?