rad10 / brutesleuth Goto Github PK
View Code? Open in Web Editor NEWMaking bruteforce wordlists smarter, not harder
License: GNU General Public License v3.0
Making bruteforce wordlists smarter, not harder
License: GNU General Public License v3.0
The tool and library are all built to be fully compatible with f-strings. This allows for any given unknown to be filled and guided utilizing F-strings to get all possible combinations of the password that are desired. All the internal generation tools utilized for permutation are all independant of the process used to collect the values, so it would be a great idea to include functionality to convert a regex string into a permutatable engine. It'll allow higher access and control over what strings may be available.
The permutative chains that were used to create the lists given were built as iterators due to the potential scale of the number of passwords generated. If you ran for an 8 character password that contains some combination of lowercase alphanumeric characters (both lowercase and numbers), you would get a list of this many passwords:
(26 + 10)^8 = 36^8 = 2,821,907,456
This will not only fill up anyones harddrive very quickly, those passwords cannot be held in memory. This process was handled by making every combination generate the next pair manually rather than holding each combination in memory. The problem we face here is that itertools.product
is taking all the iterators its given and secretly putting every combination into memory when its not supposed to. The easiest (yet most obnoxious) way to deal with this is to remove product all together and implement a different that acts just like product but on a genuine iterative standpoint.
The tool can already make masks based off of F-strings, but one thing that might be more useful to people is a way to get a wordlist based off a given mask. Hashcat and John will use a mask to make their own wordlist that can only be accessible to themselves, but there are many bruteforce tools that cannot even utilize masks to generate their own wordlists. What would be helpful is a way to take a mask and create all possible passwords based off of it.
In order to build an RPM file, a PKGBUILD file is required to know how to compile and install the package on systems such as Arch Linux. One of the next steps I should work on is Adding these files to make AUR able to easily build this tool
There is starting to be quite a lot of functions that this tools API provides, and a lot more are planned for the future. Because if this, it would be a good idea to write a docs folder and/or a wiki section to document all the functions and what they do.
What I want is to use GitHub Actions to make all releases include a deb package that GitHub automatically compiles then attaches it to the release. I have found that it is both difficult to make github compile source into a Debian package and make discord automatically attach a file to a release. Once I can figure out these two problems, a lot of problems down the future will become manageable.
Since the codes file structure is already in the form of a pip package, what would be helpful is a hook to automatically take every release tag and automatically build python packages. This will best be done using GitHub Actions.
With some of the combinations that this program creates, it can output billions of different combinations, but we only want a select amount. It would be a good idea to implement an argument to tell the generator to stop after N iterations.
Something that is going to be important if this project is going to be both a tool and a library is openness and accessability to contribute to this project. I am not going to be able to make everything perfect. There will be problems that I cant solve, features that I cant imagine, and efficiencies that are beyond my skill level. I would love to allow contributions from people, so I need to make guidelines on how contributing should go.
The readme not only is outdated, but is not a sexy look. The readme should be vamped up with some of these additions in order to draw in peoples interest while also describing a lot more. The readme can only be considered finished once these are done:
There have been multiple times where I go to use this tool and I have to stop it because it takes too long to make all the given passwords and I need to do something else. What would be really helpful in this case is a way for me to go back to where I was without restarting the whole process. A simple solution would be to provide an argument that tells the program where to start in the process.
One crucial piece in all big projects is a testing framework that can take any changes or improvements and can check that any new or changed code still works as intended. These modules that I make for testing the functionality of both the given application and individual library components is crucial for insuring that all code produced works as intended.
Since the project includes binaries that are intended to be run by the commandline, it will be a great inclusion to keep an up to date man page for all executables that are included by this project. This can (and will) be utilized by the RPM and DEB packages created for this project.
Often times, the passwords are so big that it is unrealistic to store all of them on a hard drive. Less than half of all the combinations of 8 characters between a-z0-9 took up roighly 12.9GB on my hard drive.
The reality of the matter is that if This tool is going to make large wordlists for bruteforcers like john and hashcat, it needs to be able to make them generate the next password for storage/memory sake. The best way to do this is to take a string with all its constants and unknown variables and create a rules list for either program to follow the steps to make the next password as instructed.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.