How to create a Bruteforce password cracker for alphabetical and alphanumerical passwords?

python passwords brute-force cracking
Alex H picture Alex H · Oct 26, 2016 · Viewed 70.6k times · Source

I need to make small programs for school to brute force crack different types of passwords; I'm looking to create a brute force python code that will run through every possible combination of alphabetical and alphanumerical passwords and give me the password and the amount of time it took to crack.

I did the same with purely numerical passwords and got this:

import datetime as dt

Password4 = 123456

def crack_password():
    start = dt.datetime.now()
    for n in range(1000000):
        password_guess = '{0:04d}'.format(n)
             if password_guess == str(Password4):
                end = dt.datetime.now()
                print("Password found: {} in {}".format(password_guess, end - start))
               break
    guesses = crack_password()

I then tried to do something somewhat similar for alphabet/alphanumerical passwords but did not work whatever I tried:

    import random

    letters = [str(i) for i in range('a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p')]
    s = [''.join([a,b,c,d,e,f,g,h]) for a in letters for b in letters for c   in letters for d in letters for e in letters for f in letters for g in letters  for h in letters]
    random.shuffle(s)
    real_password = 'aaaaaaaa'
    i = 0

    for code in s:
        if code == real_password:
            print()
            print('The password is: ', code)
             break
        else:
            i += 1
            print(i, ' failures', end='\r')

It is vital that the program include either number of failures or the time it took to find the password, which is why i can't simply make a password generator.

Please note: I am fairly new to coding and am very grateful for your help :)

Answer

Cory Kramer picture Cory Kramer · Oct 26, 2016

Here's a naiive brute force method that will guess numbers (string.digits) and lower case letters (string.ascii_lowercase). You can use itertools.product with repeat set to the current password length guessed. You can start at 1 character passwords (or whatever your lower bound is) then cap it at a maximum length too. Then just return when you find the match.

import itertools
import string

def guess_password(real):
    chars = string.ascii_lowercase + string.digits
    attempts = 0
    for password_length in range(1, 9):
        for guess in itertools.product(chars, repeat=password_length):
            attempts += 1
            guess = ''.join(guess)
            if guess == real:
                return 'password is {}. found in {} guesses.'.format(guess, attempts)
            print(guess, attempts)

print(guess_password('abc'))

Output

a 1
b 2
c 3
d 4
...
aba 1369
abb 1370
password is abc. found in 1371 guesses.

Related questions

Brute force script in Python 3.2

I'm a beginner in writing code and I've started with Python because it seemed the neatest and the easiest to start with (I currently have Python 3.2). Now I've read some online books and so on about coding in python, I've …

Read More
Getting command-line password input in Python

You know how in Linux when you try some Sudo stuff it tells you to enter the password and, as you type, nothing is shown in the terminal window (the password is not shown)? Is there a way to do …

Read More
Simple way to encode a string according to a password?

Does Python have a built-in, simple way of encoding/decoding strings using a password? Something like this: >>> encode('John Doe', password = 'mypass') 'sjkl28cn2sx0' >>> decode('sjkl28cn2sx0', password = 'mypass') 'John …

Read More