Alex H Alex H - 1 month ago 6
Python Question

How to create a Bruteforce password cracker for alphabetical and alphanumerical passwords?

I need to make small programs for school to brute force crack different types of passwords; I'm looking to create a brute force python code that will run through every possible combination of alphabetical and alphanumerical passwords and give me the password and the amount of time it took to crack.

I did the same with purely numerical passwords and got this:

import datetime as dt

Password4 = 123456

def crack_password():
start = dt.datetime.now()
for n in range(1000000):
password_guess = '{0:04d}'.format(n)
if password_guess == str(Password4):
end = dt.datetime.now()
print("Password found: {} in {}".format(password_guess, end - start))
break
guesses = crack_password()


I then tried to do something somewhat similar for alphabet/alphanumerical passwords but did not work whatever I tried:

import random

letters = [str(i) for i in range('a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p')]
s = [''.join([a,b,c,d,e,f,g,h]) for a in letters for b in letters for c in letters for d in letters for e in letters for f in letters for g in letters for h in letters]
random.shuffle(s)
real_password = 'aaaaaaaa'
i = 0

for code in s:
if code == real_password:
print()
print('The password is: ', code)
break
else:
i += 1
print(i, ' failures', end='\r')


It is vital that the program include either number of failures or the time it took to find the password, which is why i can't simply make a password generator.

Please note: I am fairly new to coding and am very grateful for your help :)

Answer

Here's a naiive brute force method that will guess numbers (string.digits) and lower case letters (string.ascii_lowercase). You can use itertools.product with repeat set to the current password length guessed. You can start at 1 character passwords (or whatever your lower bound is) then cap it at a maximum length too. Then just return when you find the match.

import itertools
import string

def guess_password(real):
    chars = string.ascii_lowercase + string.digits
    attempts = 0
    for password_length in range(1, 9):
        for guess in itertools.product(chars, repeat=password_length):
            attempts += 1
            guess = ''.join(guess)
            if guess == real:
                return 'password is {}. found in {} guesses.'.format(guess, attempts)
            print(guess, attempts)

print(guess_password('abc'))

Output

a 1
b 2
c 3
d 4
...
aba 1369
abb 1370
password is abc. found in 1371 guesses.