Awesome

burp-intruder-hashcat-maskprocessor

Burp Hashcat Maskprocessor Extension, inspired by hashcat maskprocessor https://github.com/hashcat/maskprocessor

Python code credits to https://github.com/Xvezda/python-maskprocessor (https://pypi.org/project/maskprocessor/) thank you.

I could use python pip install maskprocessor on jython and import maskprocessor, but this is easier installation.

My credit goes to Burp Extension self.

How to Install:

How to Use:

Maskprocessor how to

(cloned from https://github.com/hashcat/maskprocessor/blob/master/README.md and edited)

High-Performance word generator with a per-position configureable charset

Mask attack

Try all combinations from a given keyspace just like in Brute-Force attack, but more specific.

Masks

For each position of the generated password candidates we need to configure a placeholder. If a password we want to crack has the length 8, our mask must consist of 8 placeholders.

• A mask is a simple string that configures the keyspace of the password candidate engine using placeholders.
• A placeholder can be either a custom charset variable, a built-in charset variable or a static letter.
• A variable is indicated by the ? letter followed by one of the built-in charset (l, u, d, s, a) or one of the custom charset variable names (1, 2, 3, 4).
• A static letter is not indicated by a letter. An exception is if we want the static letter ? itself, which must be written as ??.

Built-in charsets

• ?l = abcdefghijklmnopqrstuvwxyz
• ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
• ?d = 0123456789
• ?s = «space»!"#$%&'()*+,-./:;<=>?@[]^_`{|}~
• ?a = ?l?u?d?s
• ?b = 0x00 - 0xff

Custom charsets

There are four commandline-parameters to configure four custom charsets.

• --custom-charset1=CS
• --custom-charset2=CS
• --custom-charset3=CS
• --custom-charset4=CS

These commandline-parameters have four analogue shortcuts called -1, -2, -3 and -4. You can specify the chars directly on the command line.

Password length increment (Not yet)

Example

The following commands creates the following password candidates:

• command: ?l?l?l?l?l?l?l?l

• keyspace: aaaaaaaa - zzzzzzzz

• command: -1 ?l?d ?1?1?1?1?1

• keyspace: aaaaa - 99999

• command: password?d

• keyspace: password0 - password9

• command: -1 ?l?u ?1?l?l?l?l?l19?d?d

• keyspace: aaaaaa1900 - Zzzzzz1999

• command: -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2

• keyspace: 00aaaaa - ffZZZZZ

• command: -1 efghijklmnop ?1?1?1

• keyspace: eee - ppp