• Stars
    star
    482
  • Rank 91,212 (Top 2 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

可以自定义规则的密码字典生成器,支持图形界面 A password-generator that base on the rules that you specified

passmaker

项目地址:https://github.com/bit4woo/passmaker

运行环境:python 2.7.*

0x0、目的

该脚本的主要目标是根据定制的规则来组合生成出密码字典,主要目标是针对企业,希望对安全人员自查“符合密码策略的弱密码”有所帮助。

0x1、规则

使用的核心是密码规则的指定,程序将根据你指定的规则来生成密码。比如:

  • domain+常规弱密码(666666、88888888)
  • domain+键盘弱密码(11qaz2wsx 、zxcv)
  • domain+特殊字符(!@#$)+常规弱密码 (666666、88888888)
  • domain+特殊字符(!@#$)+年份(2017、2018)
  • 等等其他规则

0x2、使用

下载项目源码

git clone https://github.com/bit4woo/passmaker
cd passmaker
python passmaker.py #方法一,需先修改配置文件,要求一定的python基础知识
python passmaker.py -i #方法二,命令行交互方式
python passmaker.py -g #方法三,通过图形界面方式,MAC OS下可能会有问题

方法一:通过config.py

通过修改config.py中的参数,然后直接运行python passmaker.py来生成密码字典。

screnshot_config

其实详细说明已经写在配置文件的注释中了,如下:

#第一步,定义种子(seed),密码的基本组成部分,必须是字典类型
domain= ["baidu.com","badidu"]
year = ["2015","2016","2017"]
special_letter = ["!","@","#","$","%",]
keyboard_walk = open('./seed/4_keyboard_walk.txt').readlines()
common_number = open('./seed/common_number.txt').readlines()
chinese_last_name = open('./seed/Chinese_last_name_top100.txt').readlines()
common_english_name = open('./seed/english_name.txt').readlines()


#第二步,定义密码的组成规则,这里用到的seed字段,都必须在第一步中定义好,而且是字典类型
#rule_list = ["domain+special_letter+year","domain+special_letter+keyboard_walk","domain+special_letter+common_number","domain+year","topic+special_letter+year","topic+special_letter+keyboard_walk","topic+special_letter+common_number","topic+year"]
rule_list = ["domain+special_letter+year"]
keep_in_order = True #以上的规则,是否保持原顺序,如果为False 将对每个规则中的seed进行排列组合后生产密码。


#第三步,对以上生成的密码再进行一些变形处理,变形后的密码不会覆盖之前的记录,而是新增一条。
capitalize = False  #是否进行首字母大写处理
leet = False       #是否进行变形处理
leet2num = {"a":"4",
            "i":"1",
            "e":"3",
            "t":"7",
            "o":"0",
            "s":"5",
            "g":"9",
            "z":"2"}

leet2string ={
            "O" : "()",
            "U" : "|_|",
            "D" : "|)",
            "W" : "\/\/",
            "S" : "$",
            }

leet_rule = leet2num #这个配置参数会被用于程序中,上面leet2num、leet2string是为了供你参考


#第四步,将一些常规的,可直接使用的密码字典合入最终的文件中。
additional_list = ["weak_pass_chinese.txt","weak_pass_top100.txt"]

#第五步,也是最后一步,根据以下密码规则约束,对以上生成的密码进行过滤处理,删除不满足条件的
#常见的密码要求:大写字母、小写字母、特殊符号、数字,四种包含三种
enable_filter = False
min_lenth = 1
filter_rule = {"Upper_letter": False, "Lower_letter": True, "Special_char": False, "Nummber": False}
kinds_needed = 3  # 四者包含其三

方法二:命令行交互

通过运行python passmaker.py -i来通过交互模式配置其中参数,然后生成密码字典。

screnshot

方法三:图形界面

通过运行python passmaker.py -g 来启用图形界面配置其中参数,然后运行生成密码字典。

image-20220729182813850

image-20220729182925355

image-20220729182941113

image-20220729183024073

image-20220729183108447

0x3、作者

bit4woo

如果有好的建议,欢迎通过issue提交给我,谢谢!

More Repositories

1

domain_hunter_pro

domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
Java
1,421
star
2

knife

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
Java
1,175
star
3

teemo

A Domain Name & Email Address Collection Tool
Python
932
star
4

Fiora

Fiora:漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行,也可作为burp插件使用。
Java
890
star
5

Summit_PPT

各种安全大会PPT PDF
Ruby
886
star
6

reCAPTCHA

reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件
Java
749
star
7

domain_hunter

A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
Java
652
star
8

burp-api-drops

burp插件开发指南
Java
511
star
9

code2sec.com

xmind\code\articles for my personal blog 个人博客上的资源备份存储,也是个人分享的汇总
Python
205
star
10

u2c

Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】
Java
165
star
11

Java_deserialize_vuln_lab

Java 反序列化学习的实验代码 Java_deserialize_vuln_lab
Java
83
star
12

ReSign

A burp extender that recalculate signature value automatically after you modified request parameter value.
Java
60
star
13

burp_collaborator_http_api

Burp Suite Collaborator HTTP API
Java
46
star
14

burp-api-common

common methods that used by my burp extension projects
Java
42
star
15

secqa

解答开发关于安全漏洞的常见问题
41
star
16

GUI_Burp_Extender_para_encrypter

Burp_Extender_para_encrypter
Java
40
star
17

Burp_Extender_random_X-Forward-For

a Burp Extender that add an random X-Forward-For IP address for each request
Java
32
star
18

CVE-2020-13925

16
star
19

ShowMeData

数据提取和处理工具
Java
9
star
20

log4jScan

Java
7
star
21

2redis

save burp traffic to redis 将burp的流量保存到redis
Java
7
star
22

theHarvester

theHarvester that change from https://github.com/laramies/theHarvester. add proxy option to cross GFW
Python
7
star
23

Ashe

Add Scan Task To WVS
Python
6
star
24

IdentityCardNumberBruter

To Find Possibe ID Card Number
Python
5
star
25

HTTP_Basic_Auth_Bruter

HTTP Basic Auth Bruter
Python
4
star
26

Burp_Extender_sign_recalculater_python

To Recalculate sign in http request
Python
3
star
27

utilbox

python 常用 函数
Python
2
star
28

bit4woo

2
star
29

LoadFromXmind

To Load Github Scripts From Xmind Index
Python
1
star