API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 5th, 2015
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. """
  2. Transform a password into a Hashcat compatible mask/topology
  3. (http://hashcat.net/wiki/doku.php?id=mask_attack)
  4. and check against the top 100 insecure topologies based on KoreLogic's
  5. PathWell data (http://blog.korelogic.com/blog/2014/04/04/pathwell_topologies/)
  6.  
  7. ***WARNING***
  8. This does not check password length or check for
  9. common or already compromised (pre-hashed) passwords
  10. ***WARNING***
  11.  
  12. # By Stephen Genusa October 2014
  13. # http://development.genusa.com
  14.  
  15. """
  16.  
  17. import os
  18.  
  19. def transform_pwd_to_topo(the_password):
  20. '''Transform a password into as Hashcat mask/PathWell topology'''
  21. lower = 'abcdefghijklmnopqrstuvwxyz'
  22. upper = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
  23. numeric = '0123456789'
  24. special =" !\"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"
  25. pwd_pattern = ""
  26. for cur_char in the_password:
  27. if cur_char in lower:
  28. pwd_pattern += '?l'
  29. elif cur_char in upper:
  30. pwd_pattern += '?u'
  31. elif cur_char in numeric:
  32. pwd_pattern += '?d'
  33. elif cur_char in special:
  34. pwd_pattern += '?s'
  35. # Hashcat built-in charsetsmask types have been exhausted and
  36. # the current character is something else so create a custom
  37. # charset place holder
  38. else:
  39. pwd_pattern += '?1'
  40. return pwd_pattern
  41.  
  42.  
  43. def is_pwd_topo_insecure(the_pwd_topo):
  44. '''Check to see if the password appears in the KoreLogic top 100 insecure topologies'''
  45. data_path = os.path.join(os.getcwd(), 'insecure_topos.txt')
  46. if not os.path.exists(data_path):
  47. raise Exception("Topo data file not found. Halting.")
  48. topo_patterns = open(data_path, 'r').read().splitlines()
  49. if the_pwd_topo in topo_patterns:
  50. return topo_patterns.index(the_pwd_topo)+1
  51. else:
  52. return 0
  53.  
  54.  
  55.  
  56. def check_password(the_pwd):
  57. '''Report on a given password's security based on the KoreLogic PathWell data'''
  58. pwd_topo = transform_pwd_to_topo(the_pwd)
  59. print "The password transformation for", '"' + the_pwd + '"', "is", pwd_topo
  60. topo_rank = is_pwd_topo_insecure(pwd_topo)
  61. if topo_rank:
  62. print "The password", the_pwd, "uses an insecure PathWell password topology ranked", '#' + str(topo_rank)
  63. else:
  64. print "The password", the_pwd, "uses a secure topology"
  65.  
  66.  
  67. check_password('Denver14')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!