Home

Awesome

rulesfinder

Machine-learn password mangling rules!

This tool finds efficient password mangling rules (for John the Ripper or Hashcat) for a given dictionary and a list of passwords.

The tool is currently alpha quality.

tl;dr

You need the rust toolchain to build this tool. You can either directly install:

cargo install --git https://github.com/synacktiv/rulesfinder
ulimit -d 8388608  # limit memory usage to 8GBB
rulesfinder -w path/to/wordlist --cleartexts path/to/cleartexts -n 50 -t 7 --minsize 3 | tee result

Or, after cloning this repository:

ulimit -d 8388608  # limit memory usage to 8GBB
cargo run --release --  -w path/to/wordlist --cleartexts path/to/cleartexts -n 50 -t 7 --minsize 3 | tee result

Here, 50 is the cutoff value, meaning that a rule has to crack at least 50 passwords to be kept, and 7 is the number of threads.

Beware, this program can use a lot of memory very quickly!

What is it?

A long form article can be read here. It explains what the idea behind the tool is, and what it does.

Performance

All measurements have been conducted on my laptop while I am doing something else with it. These measurements are just here to illustrate what you should expect with regards to resource usage.

Memory usage for the first phase

Cleartext sizeCleartext wordsminsize=3minsize=4minsize=5minsize=6
11.264 MB1M words3767MB3245MB2732MB2255MB
16.9 MB1.5M words7365MB6262MB5273MB4742MB
22.528 MB2M words9263MB5273MB6518MB5389MB
42.848 MB3.8M words14347MB4742MB10529MB8885MB

The processing is two parts:

The above estimated passwords cracked column is the amount of passwords in the cleartext corpus that would have been cracked with the generated rules using the given dictionary. As with all things machine learning it does not directly reflect the ruleset performance. Increasing this value mindlessly will be counter productive, as it will lead to:

As a rule of thumb, I recommend: