{"id":13531577,"url":"https://github.com/digininja/pipal","last_synced_at":"2025-04-13T04:58:35.615Z","repository":{"id":3651263,"uuid":"4719116","full_name":"digininja/pipal","owner":"digininja","description":"Pipal, THE password analyser","archived":false,"fork":false,"pushed_at":"2023-08-27T20:08:22.000Z","size":219,"stargazers_count":641,"open_issues_count":8,"forks_count":120,"subscribers_count":40,"default_branch":"master","last_synced_at":"2025-04-13T04:58:30.250Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"www.digininja.org/projects/pipal.php","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/digininja.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null},"funding":{"github":"digininja","custom":"https://digi.ninja"}},"created_at":"2012-06-19T20:58:50.000Z","updated_at":"2025-03-18T15:13:47.000Z","dependencies_parsed_at":"2023-07-05T20:32:16.002Z","dependency_job_id":"89d177cb-a233-4d87-870e-fb22f0eab88f","html_url":"https://github.com/digininja/pipal","commit_stats":{"total_commits":120,"total_committers":17,"mean_commits":"7.0588235294117645","dds":"0.43333333333333335","last_synced_commit":"3b9950d536c0ddd4baa09fcdff7993750f7e4d17"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digininja%2Fpipal","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digininja%2Fpipal/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digininja%2Fpipal/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digininja%2Fpipal/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/digininja","download_url":"https://codeload.github.com/digininja/pipal/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248665761,"owners_count":21142123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T07:01:04.085Z","updated_at":"2025-04-13T04:58:35.589Z","avatar_url":"https://github.com/digininja.png","language":"Ruby","funding_links":["https://github.com/sponsors/digininja","https://digi.ninja"],"categories":["Ruby","\u003ca id=\"862af330f45f21fbb0d495837fc7e879\"\u003e\u003c/a\u003e工具","Security","Wordlist tools"],"sub_categories":["\u003ca id=\"20bf2e2fefd6de7aadbf0774f4921824\"\u003e\u003c/a\u003e未分类-Password","Analysis"],"readme":"# Pipal, Password Analyser\n\nCopyright(c) 2022, Robin Wood \u003crobin@digi.ninja\u003e\n\nOn most internal pen-tests I do, I generally manage to get a password dump from\nthe DC. To do some basic analysis on this I wrote Counter and since I originally\nreleased it I've made quite a few mods to it to generate extra stats that are\nuseful when doing reports to management.\n\nRecently a good friend, n00bz, asked on Twitter if anyone had a tool that he\ncould use to analyse some passwords he had. I pointed him to Counter and said if\nhe had any suggestions for additions to let me know. He did just that and over\nthe last month between us we have come up with a load of new features which we\nboth think will help anyone with a large dump of cracked passwords to analyse.\nWe also got some input from well known password analysts\n[Matt Weir](http://reusablesec.blogspot.com/) and Martin Bos who I'd like to give\na big thanks to.\n\nI have to point out before going on, all this tool does is to give you the stats\nand the information to help you analyse the passwords. The real work is done by\nyou in interpreting the results, I give you the numbers, you tell the story.\n\nSeeing as there have been so many changes to the underlying code I also decided\nto change the name (see below) and do a full new release.\n\nSo, what does this new version do? The best way to describe it is to see some\nexamples so go to the [Pipal project page](http://digi.ninja/projects/pipal.php)\nfor a full walk through of a sample analysis.\n\n## Install / Usage\n\nThe app will only work with `Ruby 1.9.x` and newer, if you try to run it in any previous\nversions you will get a warning and the app will close.\n\nPipal is completely self contained and requires no gems installing so should\nwork on any vanilla Ruby install.\n\nUsage is fairly simple, `-?` will give you full instructions:\n\n```ruby\n$ ./pipal.rb -?\npipal 2.0 Robin Wood (robin@digi.ninja) (http://digi.ninja)\n\nUsage: pipal [OPTION] ... FILENAME\n        --help, -h: show help\n        --top, -t X: show the top X results (default 10)\n        --output, -o : output to file\n        --external, -e : external file to compare words against\n\t\t--gkey \u003cGoogle Maps API key\u003e: to allow zip code lookups (optional)\n\n        FILENAME: The file to count\n```\n\nWhen you run the app you'll get a nice progress bar which gives you a rough idea\nof how long the app will take to run. If you want to stop it at any point\nhitting Ctrl-c will stop the parsing and will dump out the stats generated so\nfar.\n\nThe progress bar is based on a line count from the file which it gets this using\nthe wc command. If it can't find wc it will make a guess at the number of lines\nbased on the file size and an average line length of 8 bytes so the progress bar\nmay not be fully accurate but should still give you an idea.\n\n[The Google Maps API](https://developers.google.com/maps/) key is supposed to be\nused by Google to only allow access to their API to registered users.\nI assumed this was true and registered for a key\nbut in putting together this release I found that it will take any value and\nstill do the look up. This may be a bug at the Google end or deliberate and may\nchange any any time so I'd suggest grabbing a key just in case. To use it you\ncan either edit the script and put the key into the constant on line 35 or you\ncan pass it on the command line every time. If you are going to hope that you\ndon't need a valid key then just put X in as the value as without something\nPipal won't try to perform a look up.\n\n## Enabling Checkers\n\nCheckers are the scripts that do the actual work, to understand how these work, see the [README_modular.md](README_modular.md) file.\n\n## Version History\n\nVersion 2 - Two big changes, the first a massive speed increase. This patch was\nsubmitted by Stefan Venken who said a small mention would be good enough, I want\nto give him a big mention. Running through the LinkedIn lists would have taken\nmany many hours on version 1, version 2 went through 3.5 million records in\nabout 15 minutes. Thank you.\n\nSecond change is the addition of US area and zip code lookups. This little\nfeature gives some interesting geographical data when ran across password lists\noriginating in the US. The best example I've seen of this is the dump from the\nMilitary Singles site where some passwords could be obviously seen to be grouped\naround US military bases. People in the UK don't have the same relationship with\nphone numbers so I know this won't work here but if anyone can suggest any other\nareas where this might be useful then I'll look at building in some kind of\nlocation awareness feature so you can specify the source of the list and get\nresults customized to the correct area or just run every area and see if a\npattern emerges.\n\nA non-code-base change is for version 2 is the move from hosting the code myself\nto github. This is my first github hosted project so I may get things wrong, if\nI do, sorry. A number of people asked how they could submit patches so this\nseems like the best way to do it, lets hope it works out.\n\nVersion 1 - Was a proof of concept, written fairly in a fairly verbose way so not\nvery optimised. Took off way more than I expected it would and gathered a lot of\ncommunity support.\n\n## Feedback/Todo\n\nIf you have a read through the source for Pipal you'll notice that it isn't very\nefficient at the moment. The way I built it was to try to keep each chunk of\nstats together as a distinct group so that if I wanted to add a new, similar,\ngroup then it was easy to just copy and paste the group. Now I've got a working\napp and I know roughly what I need in the different group types I've got an idea\non how to rewrite the main parser to make it much more efficient and hopefully\nmulti-threaded which should speed up the processing by a lot for large lists.\n\nI could have made these changes before releasing version 1.0 but I figured\nbefore I do I want to get as much feedback as possible from users about the\nfeatures already implemented and about any new features they would like to see\nso that I can bundle all these together into version 2. So, please get in touch\nif there is a set of stats that you'd like to see included.\n\nOne other thing I know needs fixing, Pipal doesn't handle certain character\nencodings very well. If anyone knows how to correctly deal with different\nencoding types, especially with regards to regular expressions, please let me\nknow.\n\n## Licence\n\nThis project released under the\n[Creative Commons Attribution-Share Alike 2.0 UK: England \u0026 Wales](http://creativecommons.org/licenses/by-sa/2.0/uk/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdigininja%2Fpipal","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdigininja%2Fpipal","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdigininja%2Fpipal/lists"}