Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/muesli/crunchy

Finds common flaws in passwords. Like cracklib, but written in Go.
https://github.com/muesli/crunchy

hacktoberfest

Last synced: 13 days ago
JSON representation

Finds common flaws in passwords. Like cracklib, but written in Go.

Host: GitHub
URL: https://github.com/muesli/crunchy
Owner: muesli
License: mit
Created: 2017-08-01T11:37:23.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2023-09-26T12:37:25.000Z (about 1 year ago)
Last Synced: 2024-05-01T18:38:37.930Z (6 months ago)
Topics: hacktoberfest
Language: Go
Homepage:
Size: 75.2 KB
Stars: 380
Watchers: 6
Forks: 19
Open Issues: 5
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

cybersecurity-golang-security - crunchy - Finds common flaws in passwords. Like cracklib (Encryption)
awesome-go-security - crunchy - Finds common flaws in passwords. Like cracklib (Encryption)

README

        crunchy

=======

[![Latest Release](https://img.shields.io/github/release/muesli/crunchy.svg)](https://github.com/muesli/crunchy/releases)

[![GoDoc](https://godoc.org/github.com/golang/gddo?status.svg)](https://godoc.org/github.com/muesli/crunchy)

[![Build Status](https://travis-ci.org/muesli/crunchy.svg?branch=master)](https://travis-ci.org/muesli/crunchy)

[![Coverage Status](https://coveralls.io/repos/github/muesli/crunchy/badge.svg?branch=master)](https://coveralls.io/github/muesli/crunchy?branch=master)

[![Go ReportCard](https://goreportcard.com/badge/muesli/crunchy)](https://goreportcard.com/report/muesli/crunchy)

Finds common flaws in passwords. Like cracklib, but written in Go.

Detects:

 - `ErrEmpty`: Empty passwords

 - `ErrTooShort`: Too short passwords

 - `ErrNoDigits`: Password does not contain any digits

 - `ErrNoSymbols`: Password does not contain any special characters

 - `ErrTooFewChars`: Too few different characters, like "aabbccdd"

 - `ErrTooSystematic`: Systematic passwords, like "abcdefgh" or "87654321"

 - `ErrDictionary`: Passwords from a dictionary / wordlist

 - `ErrMangledDictionary`: Mangled / reversed passwords, like "p@ssw0rd" or "drowssap"

 - `ErrHashedDictionary`: Hashed dictionary words, like "5f4dcc3b5aa765d61d8327deb882cf99" (the md5sum of "password")

 - `ErrFoundHIBP`: Optional hash checks against the haveibeenpwned.com database

Your system dictionaries from `/usr/share/dict` will be indexed. If no dictionaries were found, crunchy only relies on

the regular sanity checks (`ErrEmpty`, `ErrTooShort`, `ErrTooFewChars` and `ErrTooSystematic`). On Ubuntu it is

recommended to install the wordlists distributed with `cracklib-runtime`, on macOS you can install `cracklib-words` from

brew. You could also install various other language dictionaries or wordlists, e.g. from skullsecurity.org.

crunchy uses the WagnerFischer algorithm to find mangled passwords in your dictionaries.

## Installation

Make sure you have a working Go environment (Go 1.2 or higher is required).

See the [install instructions](https://golang.org/doc/install.html).

To install crunchy, simply run:

    go get github.com/muesli/crunchy

## Example

```go

package main

import (

	"github.com/muesli/crunchy"

	"fmt"

)

func main() {

    validator := crunchy.NewValidator()

    err := validator.Check("12345678")

    if err != nil {

        fmt.Printf("The password '12345678' is considered unsafe: %v\n", err)

    }

    err = validator.Check("p@ssw0rd")

    if dicterr, ok := err.(*crunchy.DictionaryError); ok {

        fmt.Printf("The password 'p@ssw0rd' is too similar to dictionary word '%s' (distance %d)\n",

            dicterr.Word, dicterr.Distance)

    }

    err = validator.Check("d1924ce3d0510b2b2b4604c99453e2e1")

    if err == nil {

        // Password is considered acceptable

        ...

    }

}

```

## Custom Options

```go

package main

import (

	"github.com/muesli/crunchy"

	"fmt"

)

func main() {

    validator := crunchy.NewValidatorWithOpts(crunchy.Options{

        // MinLength is the minimum length required for a valid password

        // (must be >= 1, default is 8)

        MinLength: 10,

        // MinDiff is the minimum amount of unique characters required for a valid password

        // (must be >= 1, default is 5)

        MinDiff: 8,

        // MinDist is the minimum WagnerFischer distance for mangled password dictionary lookups

        // (must be >= 0, default is 3)

        MinDist: 4,

        // Hashers will be used to find hashed passwords in dictionaries

        Hashers: []hash.Hash{md5.New(), sha1.New(), sha256.New(), sha512.New()},

        // DictionaryPath contains all the dictionaries that will be parsed

        // (default is /usr/share/dict)

        DictionaryPath: "/var/my/own/dicts",

        // MustContainDigit is a flag to require at least one digit for a valid password

        // (default is false)

        MustContainDigit: true,

        // MustContainSymbol is a flag to require at least one special symbol for a valid password

        // (default is false)

        MustContainSymbol: true,

	// Check haveibeenpwned.com database

	// Default is false

	CheckHIBP: true,

    })

    ...

}

```