Path Text Only

#!/usr/bin/env python
#PATH created by F8lerror
#Follow me on Twitter @f8lerror

import subprocess
import string
import re
from collections import Counter
import argparse


hcpath = ''

if hcpath is '':
    print "\nHEY! You need to put the path to hashcat in the script. In the hcpath parameter"



parser = argparse.ArgumentParser(description='Password Analysis To Hashcat (PATH):\nGenerate Hashcat Masks From A Wordlist Start a BruteForce Attack With The Results')
parser.add_argument('-i','--input', help='Input File Name for Mask Analysis', required=False)
parser.add_argument('-t','--top', help='How Many Values Outputed Default 10', required=False)
parser.add_argument('-o','--output', help='Output File Name', required=False)
parser.add_argument('-c','--crackmode', action='store_true', help='Enables Brute ForceCrack Mode', required=False)
parser.add_argument('-s','--sdict', help='Initial Dictionary', required=False)
parser.add_argument('-p','--phash', help='Password Hash Type', required=False)
parser.add_argument('-l','--hashlist', help='List of Hashes', required=False)
parser.add_argument('-r','--rules', help='Apply Rules to Inital Dictionary', required=False)
parser.add_argument('-u','--usage', action='store_true', help='How to Use This Tool', required=False)


args = parser.parse_args()

if args.usage is True:
    print '-'*80+'\n'
    print 'This was designed to help automate the process of cracking passwords. \nBy analyzing the output of cracked password PATH initiates brute force with the results\n\n'
    print 'Example: Already have some passwords cracked: \n\t\"./toolname -i listofcrackedpasswords -l listofhashes -o outputfile -p hashtype -c\" \n\tThis will analyze the list and start a brute force against the top 10 most common hash masks'
    print '\nExample: Fresh list of hashes: \n\t\"./toolname -l listofhashes -o outputfile -p hashtype -s bigdictonary -c\" \n\t This attack will do a dictonary attack first, then using what was cracked\n\t by the dictonary analyze the output and perform a brute force against the top 10 most common hash masks'
    print '\n\nTo use rules add the -r flag to the dictonary attack\n'
    print 'This has only been tested with the following hash types:\n\t0 = MD5\n\t1000 = NTLM\n\t3000 = LM\n'


def cracker():
    flist = []
    for line in ifile:
            line2 = re.sub(dhash, '', line)
            res = []
            for letter in line2.rstrip():
               
                if re.search(ualpha, letter):
                    res.append('?u')
                if re.search(lalpha, letter):
                    res.append('?l')
                if re.search(ldigit, letter):
                    res.append('?d')
                if re.search(splist, letter):
                    res.append('?s')
            nlist = ''.join(res)
            flist.append(nlist)
           
   
    flist1 = '\n'.join(flist)
    cnt = Counter()
    for zlist in flist:
        cnt[zlist] += 1


    backtolist = cnt.items()

    sortme = sorted(backtolist, key=lambda tup: tup[1], reverse=True)
    if sortme:   
        print '\n'
        print '-'*80
        print 'Top '+str(num)+' Hashcat Masks with Frequency Count'
        print '-'*80
        print '\n'
        for key, value in  sortme[0:num]:
            print key +' ('+ str(value) +')'
        usedmask = []


           
        if args.crackmode is True:
            if args.phash is None:
                print '\nOops! I need a hashtype. Hint: -p'
            elif args.output is None:
                print '\nOops! I need an output file. Hint: -o'
            elif args.hashlist is None:
                print '\nOops! I need something to crack. Hint: -l'
            else:
                for mask in sortme[0:num]:
                    print '\n'
                    print '-'*80
                    print 'Now Brute Forcing With '+mask[0]
                    print '-'*80
                    print '\n'
                    subprocess.call([hcpath, '--remove', '--hash-type', args.phash, '--attack-mode', '3', '--outfile', args.output, args.hashlist ,mask[0]])           
           
       

if args.top is None:
    num = 10
else:
    num = int(args.top)

splist = r"[\W_]"
ualpha = r"[A-Z]"
lalpha = r"[a-z]"
ldigit = r"[0-9]"
dhash = r"^[a-f0-9]*:"



if args.sdict:
    if args.rules:
        print '\n'+'-'*80
        print 'Starting Dictionary Attack'
        print '-'*80+'\n'
        if args.phash is None:
            print 'Oops! I need a hashtype. Hint: -p'
        elif args.output is None:
            print 'Oops! We need an output file. Hint: -o'
        elif args.hashlist is None:
            print 'Oops! I need something to crack. Hint: -l'
        else:
            subprocess.call([hcpath, '--remove', '--hash-type', args.phash, '--outfile', args.output, args.hashlist ,args.sdict])
            print '\n'+'-'*80
            print 'Starting Dictionary with Rule Attack'
            print '-'*80+'\n'
            subprocess.call([hcpath, '--remove', '--hash-type', args.phash, '-r', args.rules, '--outfile', args.output, args.hashlist ,args.sdict])
            try:
                ifile = open(args.output, 'r')
                cracker()
            except IOError, err:
                print '\n'+'-'*80+'\n'+'The file doesn\'t exsist.\n'+'-'*80+'\n'
    else:
        print '\n'+'-'*80
        print 'Starting Dictionary Attack'
        print '-'*80+'\n'
        if args.phash is None:
            print 'Oops! I need a hashtype. Hint: -p'
        elif args.output is None:
            print 'Oops! We need an output file. Hint: -o'
        elif args.hashlist is None:
            print 'Oops! I need something to crack. Hint: -l'
        else:
            subprocess.call([hcpath, '--remove', '--hash-type', args.phash, '--outfile', args.output, args.hashlist ,args.sdict])
            try:
                ifile = open(args.output, 'r')
                cracker()
                ifile.close()
            except IOError, err:
                print '\n'+'-'*80+'\n'+'The file doesn\'t exsist.\n'+'-'*80+'\n'

if args.input:
    try:
        ifile = open(args.input, 'r')
        cracker()
    except IOError, err:
        print '\n'+'-'*80+'\n'+'The file doesn\'t exsist.\n'+'-'*80+'\n'

No comments:

Post a Comment