Analyze wordlists to generate password statistics and hashcat mask files

If you want to analyze wordlists and generate password occurrence statistics and generate advanced masks for hashcat from a wordlist or a cracked hashes file, you would need to use the Password Analysis and Cracking Kit.

As the author specifies in the manual, the PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password attacks by analyzing common ways that people create passwords.

To install use git or if you have Kali, PACK should already be installed and ready to use.

git clone https://gitlab.com/kalilinux/packages/pack.git
Example usage for a wordlist called hashes2.txt:
sudo python ./pack/statsgen.py hashes2.txt --output=hashes2.masks

Generating the hashcat masks file from the hashes2.masks file generated from above:

sudo python ./pack/maskgen.py ./hashes2.masks -o ./hashes1_generated.hcmask --occurrence --pps=100000000

Output:

The result of the last command should be a hashcat compatible hcmask file, which can be used to crack hashes:

Example of a hcmask file:

?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l

The syntax for hashcat mask attack looks like this:

./hashcat.exe -a 3 -m 0 ./hashes1.txt ./masks/hashes2_generated.hcmask -w 3 –status -O

Happy cracking!

Posted in How to.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.