Rust-based password mutator for brute force attacks

Overview

PWFuzz-RS

A Rust-based password mutator for brute force attacks

Disclaimer

This tool works, but was mainly an experiment. Please do not expect frequent updates to it.

About

So you're brute-forcing a web app or other target. Sure you have a wordlist, maybe even a large one, but what about variations? Tossing ! or year numbers on there? Adding random numbers? It would be great to have an easy way to mutate existing password lists to add variations. Hashcat has rule-based attacks, but what about for non-hash passwords?

That's what pwfuzz-rs is about.

Installation

There are binaries available for Linux and Windows over on Releases.

You can of course build from source, but hey, it's a Rust tool, so you can also just cargo install pwfuzz-rs!

Usage

pwfuzz-rs -w wordlist.txt -r rules.json [-i iterations]

pwfuzz-rs accepts the following arguments:

  • -w --wordlist: Path to wordlist
  • -r --rules-file: Path to JSON rules file
  • -i --iterations: Number of iterations to run mutations
  • -h --help: Help

The output will be to stdout, but you can use any Unix tool you like to redirect it!

Rules

Let's talk about Rules.

pwfuzz-rs supports the following rules:

  • Append [string]: Append the given string
  • Prepend [string]: Append the given string
  • Upper: Uppercase the word
  • Lower: Lowercase the word
  • Insert [string] [idx]: Insert the given string and index idx (Skips on index failure)
  • AppendRandom [range]: Append a random number from 0-range
  • Prepend [range]: Append a random number from 0-range

The Rules File

The Rules Files is a JSON file that expects an author key and a rules key. This example shows all rule variants.

{
    "author": "Your Name <Your Email>",
    "rules": [
        {
            "Append": "!"
        },
        {
            "Prepend": "1"
        },
        "Upper", // no args means no object needed
        "Lower",
        {
            "Insert": ["%", 4] // inserts "%" at index 4
        },
        {
            "AppendRandom": 100
        },
        {
            "PrependRandom": 100
        }
    ]
}

Given the list:

letmein
iamgod
password

These rules produce:

letmein
iamgod
password
letmein!
iamgod!
password!
1letmein
1iamgod
1password
LETMEIN
IAMGOD
PASSWORD
letmein
iamgod
password
letm%ein
iamg%od
pass%word
letmein20
iamgod17
password79
18letmein
97iamgod
65password

Iterations

But what if we want to apply rules on rules on rules on rules?

I got you, fam.

Passing -i allows you to iteratively apply rules to newly-generated mutations. So if we pass -i 3 to the above list, we get 1500 unique passwords!

You might also like...
A simple password manager written in Rust
A simple password manager written in Rust

ripasso A simple password manager written in Rust. The root crate ripasso is a library for accessing and decrypting passwords stored in pass format (G

A password manager coded in rust

pasman A password manager coded in rust Install Dependency rust Shell git clone https://github.com/AMTitan/pasman.git cd pasman cargo build --release

A Rust port of the password primitives used in Django Project.

Rust DjangoHashers A Rust port of the password primitives used in Django Project. Django's django.contrib.auth.models.User class has a few methods to

A lightning-fast password generator and manager written in Rust
A lightning-fast password generator and manager written in Rust

Passlane A lightning-fast password manager for the command line Features Generate passwords Place the generated password into the clipboard Save previ

A pretty simple tool for password generation, written in Rust.

passwdgen A pretty simple tool for password generation, written in Rust. Usage: passwdgen - a pretty simple tool for password generation Usage: passw

A very fast Rust tool to crack a password protected PDF (Dangerous ☠️)
A very fast Rust tool to crack a password protected PDF (Dangerous ☠️)

DOCBOT A PDF password cracking tool with multi-threading capabilities, featuring password format generators for commonly used patterns and dictionary

An implementation of the OPAQUE password-authenticated key exchange protocol

The OPAQUE key exchange protocol OPAQUE is an asymmetric password-authenticated key exchange protocol. It allows a client to authenticate to a server

🐴 RusTOTPony — CLI manager of one-time password generators aka Google Authenticator

🐴 RusTOTPony CLI manager of time-based one-time password generators. It is a desktop alternative for Google Authenticator. Installation Arch Linux Pa

A safe implementation of the secure remote password authentication and key-exchange protocol (SRP), SRP6a and legacy are as features available.

Secure Remote Password (SRP 6 / 6a) A safe implementation of the secure remote password authentication and key-exchange protocol (SRP version 6a). Ver

Comments
  • Satisfy clippy, and some other housekeeping

    Satisfy clippy, and some other housekeeping

    Just a few clean-ups:

    • Removal of unused imports
    • &String to &str for function parameters
    • Removed unreachable code (enum was fully covered, so the _ case is never possible)
    • Replace single character string literal with char
    • Remove immediately dereferenced references in apply and push_str calls
    • Changed path: String to path: P where P: AsRef<Path>

    Not Done

    • Any revisions to Cargo.toml for
      • Version
      • Authorship
    • Programmatic tests (though I did run the example without issue). I may write unit tests later if you're interested
    opened by anthonyjmartinez 1
Owner
Michael Taggart
Michael Taggart
Tool written in Rust to perform Password Spraying attacks against Azure/Office 365 accounts

AzurePasswordSprayer Tool written in Rust to perform Password Spraying attacks against Azure/Office 365 accounts. It is multi threaded and makes no co

Pierre 7 Feb 27, 2024
An extensible and practical demonstration of constructing evm-based sandwich attacks built with ethers-rs and Huff language.

subway-rs • Construct evm-based sandwich attacks using Rust and Huff. Getting Started subway-rs is a port of libevm's original subway, implemented wit

refcell.eth 230 Apr 25, 2023
A Bitcoin wallet collider that brute forces random wallet addresses written in Rust.

Plutus-Rustus Bitcoin Brute Forcer A Bitcoin wallet collider that brute forces random wallet addresses written in Rust. This is a straight port of Plu

null 46 Dec 23, 2022
A mnemonic brute forcing tool for nano and banano.

brute a mnemonic brute forcing tool for nano and banano. What is brute? It is a mnemonic brute forcing tool which can be used to recover an account fr

null 8 Nov 30, 2022
Ruo is a dictionary-based password cracker written in rust 🦀 .

Ruo is a dictionary-based password cracker written in rust ?? . The primary purpose is to crack weak hashes/commonly used passwords.

Asjid Kalam 10 Mar 6, 2022
A terminal-based password manager, generator, and importer/exporter (Firefox, Chrome) backed with a concurrent hashmap

rucksack A terminal-based password manager, generator, and importer/exporter (Firefox, Chrome) backed with a concurrent hashmap Features Password gene

null 6 Jan 18, 2023
Master Password in Pure Rust

Master Password •••| This is the Rust version of the original found here. This can be used as a drop-in replacement for the reference C version, offer

Rust India 34 Apr 13, 2022
A Rust port of the password primitives used in Django Project.

Rust DjangoHashers A Rust port of the password primitives used in Django Project. Django's django.contrib.auth.models.User class has a few methods to

Ronaldo Ferreira 52 Nov 17, 2022
The simple password manager for geeks, built with Rust.

Rooster Rooster is a simple password manager for geeks (it works in the terminal). Rooster is made available free of charge. You can support its devel

Conrad Kleinespel 131 Dec 25, 2022
A simple password manager written in rust

Passman - A password manager written in rust. How to use?: USAGE: passman option Currently available options are: new - initalize passman with a new m

Strawkage 7 Aug 26, 2021