Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/quahac/burp-intruder-hashcat-maskprocessor

Last synced: 2 months ago
JSON representation

Host: GitHub
URL: https://github.com/quahac/burp-intruder-hashcat-maskprocessor
Owner: quahac
Created: 2020-10-04T17:36:07.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2020-10-05T18:39:24.000Z (over 4 years ago)
Last Synced: 2024-08-04T00:06:21.927Z (6 months ago)
Language: Python
Size: 6.38 MB
Stars: 19
Watchers: 2
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-burp-extensions - Hashcat Maskprocessor Intruder Payloads - Burp Hashcat Maskprocessor Extension, inspired by hashcat maskprocessor https://github.com/hashcat/maskprocessor (Payload Generators and Fuzzers / SSRF)

README

        # burp-intruder-hashcat-maskprocessor

Burp Hashcat Maskprocessor Extension, inspired by hashcat maskprocessor https://github.com/hashcat/maskprocessor 

Python code credits to https://github.com/Xvezda/python-maskprocessor (https://pypi.org/project/maskprocessor/) thank you. 

I could use python ```pip install maskprocessor``` on jython and ```import maskprocessor```, but this is easier installation.

My credit goes to Burp Extension self.

How to Install:

![](burp_installation.gif)

How to Use:

![](burp_usage.gif)

Maskprocessor how to

==============

(cloned from https://github.com/hashcat/maskprocessor/blob/master/README.md and edited)

High-Performance word generator with a per-position configureable charset

Mask attack

--------------

Try all combinations from a given keyspace just like in Brute-Force attack, but more specific.

Masks

--------------

For each position of the generated password candidates we need to configure a placeholder. If a password we want to crack has the length 8, our mask must consist of 8 placeholders.

- A mask is a simple string that configures the keyspace of the password candidate engine using placeholders.

- A placeholder can be either a custom charset variable, a built-in charset variable or a static letter.

- A variable is indicated by the ? letter followed by one of the built-in charset (l, u, d, s, a) or one of the custom charset variable names (1, 2, 3, 4).

- A static letter is not indicated by a letter. An exception is if we want the static letter ? itself, which must be written as ??.

Built-in charsets

--------------

- ?l = abcdefghijklmnopqrstuvwxyz

- ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ

- ?d = 0123456789

- ?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

- ?a = ?l?u?d?s

- ?b = 0x00 - 0xff

Custom charsets

--------------

There are four commandline-parameters to configure four custom charsets.

- --custom-charset1=CS

- --custom-charset2=CS

- --custom-charset3=CS

- --custom-charset4=CS

These commandline-parameters have four analogue shortcuts called -1, -2, -3 and -4. You can specify the chars directly on the command line.

**Password length increment** (Not yet)

--------------

Example

--------------

The following commands creates the following password candidates:

- command: ?l?l?l?l?l?l?l?l

- keyspace: aaaaaaaa - zzzzzzzz

- command: -1 ?l?d ?1?1?1?1?1

- keyspace: aaaaa - 99999

- command: password?d

- keyspace: password0 - password9

- command: -1 ?l?u ?1?l?l?l?l?l19?d?d

- keyspace: aaaaaa1900 - Zzzzzz1999

- command: -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2

- keyspace: 00aaaaa - ffZZZZZ

- command: -1 efghijklmnop ?1?1?1

- keyspace: eee - ppp