Passwords Stats Script

Purpose

Simple script that analyses account passwords and generates hashcat masks.

Inspired by statsgen.py.

Install

git clone https://github.com/WhatTheSlime/PassStats/
cd PassStats
python3 pass_stats.py -h

Usage

Analyze a simple list of passwords:

python3 pass_stats.py pass.lst

Analyze a simple list of passwords formated like hashcat pot file (HASH:PASS):

python3 pass_stats.py hash:pass.lst --hashes

Analyze a list of passwords with related user accounts:

python3 pass_stats.py hash:pass.lst --users user:hash.lst

/!\ Statistics may change if --user accounts are specified because one password can be used by many users!

Analyze a list of passwords with related ntds.dit dump (just add stats on non empty hash_lm):

python3 pass_stats.py hash:pass.lst --users ntds.dit --ntds

Join usernames, hashes and password:

python3 pass_stats.py hash:pass.lst --users user:hash.lst --join

Generate Masks

Generate a list of hashcat masks starting with the most used one:

python3 pass_stats.py pass.lst --masks

python3 pass_stats.py hash:pass.lst --users user:hash.lst --masks

/!\ Masks list may change if --user is specified because one password can be used by many users!

Use grep with a regular expession to filter the output of --masks such as:

python3 pass_stats.py pass.lst --masks | grep -E '^(\?[dlsu]){8,12}$'

References:

• Password Analysis and Cracking Kit: https://github.com/iphelix/pack
• Hashcat cracking tool: https://hashcat.net/hashcat/