pipal icon indicating copy to clipboard operation
pipal copied to clipboard
verified publisher icon digininja

Base words (feature request)

Open Lexus89 opened this issue 3 years ago • 13 comments

Hi @digininja First of all thank you for all the hard work you put in this tool. Pipal does a great job analyzing passwords. What I noticed is that the top 10 base words are not really the "base" words. For example, it sometimes happens that "p@ssw0rd" and "p@ssword' are (yes also separately) mentioned as a base word, while you would think in the basis it should be "password" (the others are variations).

Perhaps an idea to merge the functionality of deleet with pipal (https://github.com/digininja/deleet)? It could really improve the value of the output.

Lexus89 avatar Aug 10 '22 13:08 Lexus89

That seems like a reasonable idea, I would just need to fix on a single set of substitutions otherwise it would get too complex.

Substituting 1 for i or l , as long as it is consistent, I don't think would really matter. Swapping 1 for i and saying the base word for 1inked1n is inkedin isn't going to give the correct base, but the human looking at it would be able to understand the mistake and the context.

I'll see what I can get added, I'll probably do it as a new plug in rather than modify the existing so not too break the way it currently works

On Wed, 10 Aug 2022, 14:40 Lexus89, @.***> wrote:

Hi @digininja https://github.com/digininja First of all thank you for all the hard work you put in this tool. Pipal does a great job analyzing passwords. What I noticed is that the top 10 base words are not really the "base" words. For example, it sometimes happens that @." and @.' are (yes also separately) mentioned as a base word, while you would think in the basis it should be "password" (the others are variations).

Perhaps an idea to merge the functionality of deleet with pipal ( https://github.com/digininja/deleet)? It could really improve the value of the output.

— Reply to this email directly, view it on GitHub https://github.com/digininja/pipal/issues/59, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWOHR2D6FERYAL5QULTVYOWMNANCNFSM56ESRGTA . You are receiving this because you were mentioned.Message ID: @.***>

digininja avatar Aug 10 '22 14:08 digininja

Very very late reply - perhaps usable for someone having this issue as well - a comparison to dictionary words may help determining what substitutions were used (for deleet). Convert back to the potential original words, search in a custom dictionary file, and the one found is likely to have the correct base word.

Lexus89 avatar Aug 04 '23 13:08 Lexus89

I've just checked and I've not done anything significant to this code for 10 years! It has probably been about that long since I last touched Ruby for anything more than a few line script.

I'll see if I can remember how any of it works and make some changes.

digininja avatar Aug 04 '23 13:08 digininja

I've just checked and I've not done anything significant to this code for 10 years! It has probably been about that long since I last touched Ruby for anything more than a few line script.

I'll see if I can remember how any of it works and make some changes.

Haha no worries, I didn't even expect a reply as it was so long ago (I do hope it has not been 10 years already haha! Time flies). Just wanted to share the idea, even if for archiving purposes ;)

Lexus89 avatar Aug 04 '23 15:08 Lexus89

It wasn't that long since you did the original comment, but looking at the code dates, it has been that long since any major updates.

On Fri, 4 Aug 2023 at 16:30, Lexus89 @.***> wrote:

I've just checked and I've not done anything significant to this code for 10 years! It has probably been about that long since I last touched Ruby for anything more than a few line script.

I'll see if I can remember how any of it works and make some changes.

Haha no worries, I didn't even expect a reply as it was so long ago (I do hope it has not been 10 years already haha! Time flies). Just wanted to share the idea, even if for archiving purposes ;)

— Reply to this email directly, view it on GitHub https://github.com/digininja/pipal/issues/59#issuecomment-1665793343, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWPZQ2KVZH3266K6YNLXTUIQVANCNFSM56ESRGTA . You are receiving this because you were mentioned.Message ID: @.***>

digininja avatar Aug 04 '23 15:08 digininja

Try the new deleet_checker in here:

https://github.com/digininja/pipal/tree/deleet

digininja avatar Aug 04 '23 15:08 digininja

I've tided up that code, done a few more little fixes, and pushed it all into the main branch.

Hopefully it is all working correctly, any problems, let me know.

digininja avatar Aug 05 '23 20:08 digininja

Thanks a lot! Looking at the output of deleet, it might bring more concrete results when deleet is focusing on the base word output instead of the raw passwords. With some luck this will return 'potato' as the main base word, which can be used for creating new (client tailored) word lists. When deleet-ing those they can also be merged again (p0t4t, p0t@t, etc. => single 'potat' statistic).

Password list

potato123! 123!potato potato! $potato$ p0t4t0 pot@t0 p0t@to2023!

Top 10 base words

potato = 4 (57.14%) p0t4t = 1 (14.29%) pot@t = 1 (14.29%) p0t@to = 1 (14.29%)

Top 10 passwords (from deleet)

potato = 2 (28.57%) potatoi2e! = 1 (14.29%) i2e!potato = 1 (14.29%) potato! = 1 (14.29%) $potato$ = 1 (14.29%) potato2o2e! = 1 (14.29%)

There will be some weird cases like 'p0tat0' => 'potat' (due to ltrim/rtrim), which would make things a bit more complicated, but I am hoping the overall result will be more in line with what to feed to the password cracker. With larger results a print all instead of top X could also be useful.

My apologies for these ideas, I tend to overcomplicate things.. :)

Lexus89 avatar Aug 07 '23 09:08 Lexus89

I'll have a look at doing base words instead of the main word, shouldn't be too hard to do.

You can change the top X with the cap parameter so you get everything.

On Mon, 7 Aug 2023 at 10:09, Lexus89 @.***> wrote:

Thanks a lot! Looking at the output of deleet, it might bring more concrete results when deleet is focusing on the base word output instead of the raw passwords. With some luck this will return 'potato' as the main base word, which can be used for creating new (client tailored) word lists. When deleet-ing those they can also be merged again (p0t4t, @.***, etc. => single 'potat' statistic). Password list

potato123! 123!potato potato! $potato$ p0t4t0 @.*** @.***! Top 10 base words

potato = 4 (57.14%) p0t4t = 1 (14.29%) @.*** = 1 (14.29%) @.*** = 1 (14.29%) Top 10 passwords (from deleet)

potato = 2 (28.57%) potatoi2e! = 1 (14.29%) i2e!potato = 1 (14.29%) potato! = 1 (14.29%) $potato$ = 1 (14.29%) potato2o2e! = 1 (14.29%)

There will be some weird cases like 'p0tat0' => 'potat' (due to ltrim/rtrim), which would make things a bit more complicated, but I am hoping the overall result will be more in line with what to feed to the password cracker. With larger results a print all instead of top X could also be useful.

My apologies for these ideas, I tend to overcomplicate things.. :)

— Reply to this email directly, view it on GitHub https://github.com/digininja/pipal/issues/59#issuecomment-1667486589, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWOKWGU5B76GJMJPLT3XUCWFBANCNFSM56ESRGTA . You are receiving this because you were mentioned.Message ID: @.***>

digininja avatar Aug 07 '23 09:08 digininja

I've just pushed a change that will deleet the base word rather than the main word.

This:

p@ssword
P@ssw0rd1
123Pas5word22
123P@ssw0rd1
fish
pa55word

Used to go to:

password = 2 (33.33%)
passwordi = 1 (16.67%)
i2epassword22 = 1 (16.67%)
i2epasswordi = 1 (16.67%)
fish = 1 (16.67%)

Now goes to:

password = 5 (83.33%)
fish = 1 (16.67%)

digininja avatar Aug 15 '23 16:08 digininja

The base words are detected a lot better now, really useful thanks a lot! Small thing I noticed; sometimes it also prints an empty base word ("" = x%), probably because the string is empty after deleet-ing, but that doesn't really matter it's good enough for me ;)

Lexus89 avatar Aug 16 '23 10:08 Lexus89

I'll get that fixed. I wonder if that effects the other base word checker as well, I'll have a look at the same time.

On Wed, 16 Aug 2023, 11:52 Lexus89, @.***> wrote:

The base words are detected a lot better now, really useful thanks a lot! Small thing I noticed; sometimes it also prints an empty base word ("" = x%), probably because the string is empty after deleet-ing, but that doesn't really matter it's good enough for me ;)

— Reply to this email directly, view it on GitHub https://github.com/digininja/pipal/issues/59#issuecomment-1680384254, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWI3FUMTHQABZOQHIR3XVSQ6TANCNFSM56ESRGTA . You are receiving this because you were mentioned.Message ID: @.***>

digininja avatar Aug 16 '23 11:08 digininja

I've just pushed a fix for this.

digininja avatar Aug 18 '23 14:08 digininja