Friday, February 11, 2011

What's a Wordyforcer?

I've finally produced working code for the Wordyforcer!  :)

It's not yet in a public-beta state - it still crashes with some regularity, has no GUI to speak of, and is MD5 only right now.

However, it's a heavy-mutation wordlist multihash cracker.

It works as follows:

You provide it with:
- Up to 3 wordlists
- A permutation list
- A cracking mask
- A hash list

The wordlists are standard, newline-separated wordlists.

The permutation list contains, per line, the permutations to apply to the words.  It looks like this:


The first symbol in each line is the "base" symbol, and the subsequent symbols are what it gets mutated to.  So, with this, 'ab' will get tried as ab, aB, Ab, AB, 4b, 4B, @b, @B.

This is applied to *each word in the wordlist* in the generated hashes to try.

Finally, there's the mask, which allows freeform mixing of the following:

?a : All printable US ASCII (95)
?l: All lowercase
?u: All uppercase
?d: Digits 0-9
?s: All symbols
?p: Space character
?W: Word from the first wordlist
?S: Word from the 2nd wordlist
?T: Word from the third wordlist

This allows you to generate masks like:

?W?d?d to find all possible mutated words in your wordlist with two digit suffixes.

Otherwise, it's the same as the standard multiforcer (and may, in fact, get merged into the same code - it uses the same kernels, so there's no point in distributing two 30-40MB binaries...)

Thoughts/comments/suggestions?  I'm hoping to have a usable beta for Linux out in a week or two once I can add some more robustness and a GUI.

There's a forum post up as well:

No comments:

Post a Comment