-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpassuggestor.py
166 lines (101 loc) · 4.75 KB
/
passuggestor.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/bin/env python
import sys
import argparse
import datetime
# Author : A-AFTAHI
# Date : 12/02/2023
# This simple script aims to help you perform a custom dictionnary attack against Domain and applications passwords of a given organisation. It takes the name of the organisation, it's password policy and the year of the script's execution
# and comes up with a list of potential passwords combining the company name with numbers and special caracters making sure that these passwords comply with password policy.
# Usage : python3 passuggestor.py -c <corp name> -p <minimum password length> -y <year> -o <output file name>
# CMapping : This method uses Character substitution ro suggest some common alternatives which can be used for specific letters in a password replacing them with numbers and special characters
def CMapping (corp):
L = [corp]
Lchar = ['o', 's', 'e', 'a', 'i', 't', 'g', 'G']
Lspecial = ['0', '$', '3', '@', '1', '7', '9', '6']
for i in range(len(Lchar)):
if Lchar[i] in corp:
counter = corp.count(Lchar[i])
L.append(corp.replace(Lchar[i], Lspecial[i], 1))
if counter > 1:
L.append(corp.replace(Lchar[i], Lspecial[i]))
return L
# NameFormatting : This method takes the company's name including character subsitution options and produces diffrent versions based on letters case
def NameFormatting (corpL):
L = []
for corp in corpL:
lower = corp.lower()
upper = corp.upper()
Fupper = corp.capitalize()
backwards = corp[::-1]
L.append(lower)
L.append(upper)
L.append(Fupper)
return L
# Padding : This method checks the length of each suggested password to verify if it complies with the password policy. If doesn't we append some characters to it until it's inline with the policy.
def padding (password, policy):
Lpassword = password
while len(Lpassword) < policy :
Lpassword = Lpassword + '@'
return Lpassword
# SuggPass This is the main method which combines all the outputs of the other functions and suggest passwords
def SuggPass (corpL, policy, year):
passwords = []
Links = ['@', '.', '-', '_','']
Lcorp = corpL
Lpolicy = policy
Lyear = year
for corp in Lcorp:
for Link in Links:
password1 = corp + Link + str(Lyear) # password with this year
passwords.append(padding(password1, Lpolicy))
password2 = corp + Link + str(Lyear-1) # password with last year
passwords.append(padding(password2, Lpolicy))
password3 = corp + Link + str(Lyear-2) # password with 2 years before
passwords.append(padding(password3, Lpolicy))
password4 = corp + Link + str(1)
passwords.append(padding(password4, Lpolicy))
password5 = corp + Link + str(123)
passwords.append(padding(password5, Lpolicy))
password6 = corp + Link + 'adm'
passwords.append(padding(password6, Lpolicy))
password7 = corp + Link + 'pass'
passwords.append(padding(password7, Lpolicy))
password8 = corp + Link + 'svc'
passwords.append(padding(password8, Lpolicy))
password9 = 'adm' + Link + corp
passwords.append(padding(password9, Lpolicy))
password10 = 'pass' + Link + corp
passwords.append(padding(password10, Lpolicy))
password11 = 'svc' + Link + corp
passwords.append(padding(password11, Lpolicy))
return passwords
# That's the Main
def main():
CurrentYear = datetime.date.today().strftime("%Y")
# handling parameters
argParser = argparse.ArgumentParser()
argParser.add_argument("-c", "--corp", help="company's name")
argParser.add_argument("-p", "--policy", default=8, type=int, help="The password's minimal length indicated in the password policy. The default value is 8")
argParser.add_argument("-y", "--year", default=CurrentYear, type=int, help="The year of reference you want the passwords to be based on. The fault value is the current year.")
argParser.add_argument("-o", "--out", help="The output file. If not specified the output will be printed in the terminal")
try:
args = argParser.parse_args()
corp = args.corp
policy = args.policy
year = args.year
corpList = NameFormatting(CMapping(corp)) # The corporation names list
passwordList = SuggPass(corpList, policy, year) # The list of passwords
# Handling the final output
if args.out != None:
fil = open(args.out,'w')
for password in passwordList:
fil.write(password+"\n")
fil.close()
else:
for password in passwordList:
print(password)
except AttributeError:
argParser.print_help()
sys.exit(0)
if __name__ == "__main__":
main()