{"id":18792173,"url":"https://github.com/matrixfox/cowpatty","last_synced_at":"2026-01-31T11:32:25.582Z","repository":{"id":151026863,"uuid":"67296869","full_name":"matrixfox/cowpatty","owner":"matrixfox","description":null,"archived":false,"fork":false,"pushed_at":"2016-09-03T15:25:59.000Z","size":119,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"debian","last_synced_at":"2025-06-14T14:07:01.508Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/matrixfox.png","metadata":{"files":{"readme":"README","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-09-03T15:20:33.000Z","updated_at":"2023-03-05T03:29:02.000Z","dependencies_parsed_at":null,"dependency_job_id":"f61ccffd-5222-4120-baba-4d57dad7eea1","html_url":"https://github.com/matrixfox/cowpatty","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/matrixfox/cowpatty","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrixfox%2Fcowpatty","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrixfox%2Fcowpatty/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrixfox%2Fcowpatty/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrixfox%2Fcowpatty/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/matrixfox","download_url":"https://codeload.github.com/matrixfox/cowpatty/tar.gz/refs/heads/debian","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrixfox%2Fcowpatty/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28940450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T10:18:23.202Z","status":"ssl_error","status_checked_at":"2026-01-31T10:18:22.693Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T21:18:39.016Z","updated_at":"2026-01-31T11:32:25.566Z","avatar_url":"https://github.com/matrixfox.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"coWPAtty - Brute-force dictionary attack against WPA-PSK.\n\nCopyright(c) 2004-2005, Joshua Wright \u003cjwright@hasborg.com\u003e\n\n$Id: README,v 4.0 2006-07-28 12:23:48 jwright Exp $\n\n--------------------------------------------------------------------------------\n\nINTRO\n\nRight off the bat, this code isn't very useful.  The PBKDF2 function makes\n4096 SHA-1 passes for each passphrase, which takes quite a bit of time.  On\nmy Pentium II development system, I'm getting ~4 passphrases/second.\nThe SHA-1 code I'm using has been optimized to the best of my ability (which\nisn't saying that much), but I doubt if it would be possible to optimize it\nsuch that the tool experiences an exponential performance increase.\n\nHowever, if you are auditing WPA-PSK or WPA2-PSK networks, you can use\nthis tool to identify weak passphrases that were used to generate the\nPMK.  Supply a libpcap capture file that includes the 4-way handshake, a\ndictionary file of passphrases to guess with, and the SSID for the\nnetwork:\n\n$ ./cowpatty -r eap-test.dump -f dict -s somethingclever\ncowpatty 4.0 - WPA-PSK dictionary attack. \u003cjwright@hasborg.com\u003e\n\nCollected all necessary data to mount crack against WPA/PSK passphrase.\nStarting dictionary attack.  Please be patient.\n\nThe PSK is \"family movie night\".\n\n4087 passphrases tested in 59.05 seconds:  69.22 passphrases/second\n$\n\nThe files \"dict\" and \"eap-test.dump\" are included with this distribution\nfor testing purposes.  If your SSID has spaces or other non-ASCII characters,\nenclose it in quotes so the shell doesn't interpret it as multiple parameters.\n\n\nThis tool can also accept dictionary words from STDIN, allowing us to utilize\na tool such as John the Ripper to create lots of word permutations from a\ndictionary file:\n\n$ john -wordfile:dictfile -rules -session:johnrestore.dat -stdout:63 | \\\n   cowpatty -r eap-test.dump -f - -s somethingclever\n\nIn the default configuration of John the Ripper, common permutations of\ndictionary words will be sent as potential passwords to coWPAtty.  For\nexample, here is a list of the words John will create from the input word\n\"password\":\n\njwright@mercury:~$ echo password \u003eword\njwright@mercury:~$ john -session:/tmp/delme -wordfile:word -rules -stdout\npassword\nPassword\npasswords\npassword1\nPassword1\ndrowssap\n1password\nPASSWORD\npassword2\npassword!\npassword3\npassword7\npassword9\npassword5\npassword4\npassword8\npassword6\npassword0\npassword.\npassword?\npsswrd\ndrowssaP\nDrowssap\npassworD\n2password\n4password\nPassword2\nPassword!\nPassword3\nPassword9\nPassword5\nPassword7\nPassword4\nPassword6\nPassword8\nPassword.\nPassword?\nPassword0\n3password\n7password\n9password\n5password\n6password\n8password\nPasswords\npassworded\npasswording\nPassworded\nPasswording\nwords: 49  time: 0:00:00:00 100%  w/s: 49.00  current: Passwording\njwright@mercury:~$\n\nJohn the Ripper is available at http://www.openwall.com/john/.\n\n\nNote that it is also possible to mount a precomputed attack against the PSK.\nThe PBKDF2 algorithm used to generate the PMK takes two non-fixed inputs: the\npassphrase and the network SSID.  For a given SSID, we can precompute all the\nPMK's from a dictionary file with the \"genpmk\" tool:\n\n$ ./genpmk\ngenpmk 1.0 - WPA-PSK precomputation attack. \u003cjwright@hasborg.com\u003e\ngenpmk: Must specify a dictionary file with -f\nUsage: genpmk [options]\n\n\t-f \tDictionary file\n\t-d \tOutput hash file\n\t-s \tNetwork SSID\n\t-h \tPrint this help information and exit\n\t-v \tPrint verbose information (more -v for more verbosity)\n\t-V \tPrint program version and exit\n\nAfter precomputing the hash file, run cowpatty with the -d argument.\n$ ./genpmk -f dict -d hashfile -s somethingclever\ngenpmk 1.0 - WPA-PSK dictionary attack. \u003cjwright@hasborg.com\u003e\nFile hashfile does not exist, creating.\n\u003csnip\u003e\n\n4090 passphrases tested in 322.79 seconds:  12.67 passphrases/second\n$\n\nOnce the hashfile is created with the PMK's, we can use it with cowpatty:\n\n$ ./cowpatty -r eap-test.dump -d hashfile -s somethingclever\ncowpatty 3.1 - WPA-PSK dictionary attack. \u003cjwright@hasborg.com\u003e\n\nCollected all necessary data to mount crack against WPA/PSK passphrase.\nStarting dictionary attack.  Please be patient.\n\nThe PSK is family movie night\".\n\n4087 passphrases tested in 0.21 seconds:  19096.17 passphrases/second\n$\n\n\nThe attack isn't accelerated dramatically with the precomputation attack since\nwe still have to spend the time precomputing the PMK with the genpmk utility,\nbut we only have to do this once for each SSID.  This allows us to precompute\nhash files with common SSID's such as \"linksys\" and \"tsunami\".  If you spend\nthe time precomputing big dictionaries, please drop me a copy.\n\n\nREFERENCE\n\nSee Robert Moskowitz's paper \"Weakness in Passphrase Choice in WPA Interface\"\nfor more information on WPA-PSK attacks at \nhttp://wifinetnews.com/archives/002452.html.\n\n\nTHANKS\n\nMy sincere thanks to dragorn for merging in the assembly SHA1 code, and to\nRandy Chou for advice on optimizing the pbkdf2 function.  Also thanks to\nrenderman for the inspiration to add the precomputation code.  Thanks to h1kari\nand beetle for their respective foo.\n\n\nQUESTIONS, COMMENTS, CONCERNS\n\nPlease contact jwright@hasborg.com with any questions, comments or concerns.\nMy PGP key is located at http://802.11ninja.net/pgpkey.html.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatrixfox%2Fcowpatty","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmatrixfox%2Fcowpatty","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatrixfox%2Fcowpatty/lists"}