Wenn ihr ein Programm sucht mit dem man eine Liste mit Passworten einmal relativ gut Statistisch auswerten kann dürfte dieses Tool eine echte Empfehlung für dich sein!
Zum Anfang gleich einmal noch der Download Link zum Ersteller der Datei:http://www.digininja.org/
Um die Funktion einmal zu zeigen habe ich hier eine "kleine" Beispieldatei. Zum Überblick hier einmal die Daten der Datei:
-Herkunft: unbekannt (irgend ein Forum?)
-Download: http://www.skullsecurity.org/ (unter anderem hier)
-Anzahl der Passworte: 184'389
-Größe der Datei: 1,50 MB
 |
| Die Textdatei. |
./pipal.rb [Link zur Datei]Un das war es dann auch schon. Nun beginnt Pipal die Datei zu analysieren. Das kann abhängig von der Anzahl der Worte relativ lange dauern. In meinem Beispiel dauert es rund 4 Minuten. Dabei kann es vereinzelt Probleme geben wenn das Programm bestimmte Zeichen nicht erkennt. Das ist allerdings relativ egal da das Programm dann einfach diese Worte weglässt.
 |
| Nach den rund 4 Minuten kann wir das Ergebnis betrachten. |
Was wir nun zuerst einmal sehen das die Datei anscheinend schon "gereinigt" wurde und somit alle Duplikate gelöscht wurden.
Total entries = 184373
Total unique entries = 184373
Top 10 passwords
123456 = 1 (0.0%)
password = 1 (0.0%)
phpbb = 1 (0.0%)
qwerty = 1 (0.0%)
12345 = 1 (0.0%)
12345678 = 1 (0.0%)
letmein = 1 (0.0%)
111111 = 1 (0.0%)
1234 = 1 (0.0%)
123456789 = 1 (0.0%)
Top 10 base words
phpbb = 332 (0.18%)
password = 89 (0.05%)
dragon = 76 (0.04%)
pass = 70 (0.04%)
mike = 69 (0.04%)
blue = 67 (0.04%)
test = 66 (0.04%)
qwerty = 59 (0.03%)
alex = 58 (0.03%)
alpha = 53 (0.03%)
Password length (length ordered)
1 = 33 (0.02%)
2 = 137 (0.07%)
3 = 777 (0.42%)
4 = 4597 (2.49%)
5 = 8199 (4.45%)
6 = 42066 (22.82%)
7 = 32730 (17.75%)
8 = 55337 (30.01%)
9 = 19185 (10.41%)
10 = 11897 (6.45%)
11 = 4934 (2.68%)
12 = 2506 (1.36%)
13 = 1019 (0.55%)
14 = 516 (0.28%)
15 = 233 (0.13%)
16 = 126 (0.07%)
17 = 37 (0.02%)
18 = 28 (0.02%)
19 = 10 (0.01%)
20 = 9 (0.0%)
21 = 6 (0.0%)
22 = 3 (0.0%)
23 = 4 (0.0%)
25 = 2 (0.0%)
27 = 3 (0.0%)
28 = 2 (0.0%)
32 = 4 (0.0%)
Password length (count ordered)
8 = 55337 (30.01%)
6 = 42066 (22.82%)
7 = 32730 (17.75%)
9 = 19185 (10.41%)
10 = 11897 (6.45%)
5 = 8199 (4.45%)
11 = 4934 (2.68%)
4 = 4597 (2.49%)
12 = 2506 (1.36%)
13 = 1019 (0.55%)
3 = 777 (0.42%)
14 = 516 (0.28%)
15 = 233 (0.13%)
2 = 137 (0.07%)
16 = 126 (0.07%)
17 = 37 (0.02%)
1 = 33 (0.02%)
18 = 28 (0.02%)
19 = 10 (0.01%)
20 = 9 (0.0%)
21 = 6 (0.0%)
23 = 4 (0.0%)
32 = 4 (0.0%)
22 = 3 (0.0%)
27 = 3 (0.0%)
25 = 2 (0.0%)
28 = 2 (0.0%)
|
|
|
| |
| |
| |
|||
|||
|||
|||
||||
||||
|||||
||||||
||||||||
|||||||||||||||||||||||||||||||||
000000000011111111112222222222333
012345678901234567890123456789012
One to six characters = 55803 (30.27%)
One to eight characters = 143868 (78.03%)
More than eight characters = 40505 (21.97%)
Only lowercase alpha = 76041 (41.24%)
Only uppercase alpha = 1706 (0.93%)
Only alpha = 77747 (42.17%)
Only numeric = 20728 (11.24%)
First capital last symbol = 225 (0.12%)
First capital last number = 4749 (2.58%)
Months
january = 8 (0.0%)
february = 3 (0.0%)
march = 23 (0.01%)
april = 48 (0.03%)
may = 171 (0.09%)
june = 56 (0.03%)
july = 27 (0.01%)
august = 22 (0.01%)
september = 3 (0.0%)
october = 15 (0.01%)
november = 7 (0.0%)
december = 6 (0.0%)
Days
monday = 12 (0.01%)
tuesday = 2 (0.0%)
wednesday = 1 (0.0%)
thursday = 3 (0.0%)
friday = 11 (0.01%)
saturday = 1 (0.0%)
sunday = 5 (0.0%)
Months (Abreviated)
jan = 341 (0.18%)
feb = 42 (0.02%)
mar = 1406 (0.76%)
apr = 108 (0.06%)
may = 171 (0.09%)
jun = 190 (0.1%)
jul = 158 (0.09%)
aug = 83 (0.05%)
sept = 17 (0.01%)
oct = 69 (0.04%)
nov = 161 (0.09%)
dec = 120 (0.07%)
Days (Abreviated)
mon = 953 (0.52%)
tues = 3 (0.0%)
wed = 69 (0.04%)
thurs = 6 (0.0%)
fri = 169 (0.09%)
sat = 187 (0.1%)
sun = 299 (0.16%)
Includes years
1975 = 82 (0.04%)
1976 = 80 (0.04%)
1977 = 96 (0.05%)
1978 = 118 (0.06%)
1979 = 142 (0.08%)
1980 = 130 (0.07%)
1981 = 139 (0.08%)
1982 = 142 (0.08%)
1983 = 168 (0.09%)
1984 = 176 (0.1%)
1985 = 171 (0.09%)
1986 = 152 (0.08%)
1987 = 183 (0.1%)
1988 = 165 (0.09%)
1989 = 139 (0.08%)
1990 = 127 (0.07%)
1991 = 115 (0.06%)
1992 = 82 (0.04%)
1993 = 49 (0.03%)
1994 = 41 (0.02%)
1995 = 25 (0.01%)
1996 = 38 (0.02%)
1997 = 56 (0.03%)
1998 = 49 (0.03%)
1999 = 79 (0.04%)
2000 = 428 (0.23%)
2001 = 236 (0.13%)
2002 = 268 (0.15%)
2003 = 235 (0.13%)
2004 = 180 (0.1%)
2005 = 199 (0.11%)
2006 = 145 (0.08%)
2007 = 91 (0.05%)
2008 = 30 (0.02%)
2009 = 26 (0.01%)
2010 = 57 (0.03%)
2011 = 48 (0.03%)
2012 = 45 (0.02%)
2013 = 27 (0.01%)
2014 = 9 (0.0%)
2015 = 16 (0.01%)
2016 = 12 (0.01%)
2017 = 17 (0.01%)
2018 = 16 (0.01%)
2019 = 26 (0.01%)
2020 = 47 (0.03%)
Years (Top 10)
2000 = 428 (0.23%)
2002 = 268 (0.15%)
2001 = 236 (0.13%)
2003 = 235 (0.13%)
2005 = 199 (0.11%)
1987 = 183 (0.1%)
2004 = 180 (0.1%)
1984 = 176 (0.1%)
1985 = 171 (0.09%)
1983 = 168 (0.09%)
Single digit on the end = 14447 (7.84%)
Two digits on the end = 18112 (9.82%)
Three digits on the end = 9637 (5.23%)
Last number
0 = 7753 (4.21%)
1 = 13572 (7.36%)
2 = 8735 (4.74%)
3 = 9313 (5.05%)
4 = 6279 (3.41%)
5 = 6408 (3.48%)
6 = 5991 (3.25%)
7 = 6472 (3.51%)
8 = 5726 (3.11%)
9 = 6728 (3.65%)
|
|
|
|
|
|||
||||
||||
|||||||| |
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
0123456789
Last digit
1 = 13572 (7.36%)
3 = 9313 (5.05%)
2 = 8735 (4.74%)
0 = 7753 (4.21%)
9 = 6728 (3.65%)
7 = 6472 (3.51%)
5 = 6408 (3.48%)
4 = 6279 (3.41%)
6 = 5991 (3.25%)
8 = 5726 (3.11%)
Last 2 digits (Top 10)
23 = 3027 (1.64%)
00 = 2185 (1.19%)
01 = 1992 (1.08%)
12 = 1817 (0.99%)
11 = 1620 (0.88%)
99 = 1341 (0.73%)
21 = 1150 (0.62%)
13 = 1095 (0.59%)
69 = 1052 (0.57%)
88 = 1028 (0.56%)
Last 3 digits (Top 10)
123 = 2164 (1.17%)
000 = 708 (0.38%)
234 = 477 (0.26%)
007 = 449 (0.24%)
001 = 430 (0.23%)
666 = 397 (0.22%)
321 = 286 (0.16%)
101 = 284 (0.15%)
002 = 274 (0.15%)
111 = 261 (0.14%)
Last 4 digits (Top 10)
1234 = 424 (0.23%)
2000 = 377 (0.2%)
2002 = 215 (0.12%)
2003 = 202 (0.11%)
2001 = 181 (0.1%)
2005 = 166 (0.09%)
2004 = 153 (0.08%)
1987 = 141 (0.08%)
1988 = 133 (0.07%)
1985 = 132 (0.07%)
Last 5 digits (Top 10)
12345 = 110 (0.06%)
23456 = 68 (0.04%)
54321 = 25 (0.01%)
11111 = 23 (0.01%)
21984 = 21 (0.01%)
00000 = 18 (0.01%)
11988 = 16 (0.01%)
21985 = 15 (0.01%)
23123 = 14 (0.01%)
11984 = 13 (0.01%)
Character sets
loweralpha: 76041 (41.24%)
loweralphanum: 65827 (35.7%)
numeric: 20728 (11.24%)
mixedalphanum: 8886 (4.82%)
mixedalpha: 4948 (2.68%)
upperalphanum: 2186 (1.19%)
upperalpha: 1706 (0.93%)
loweralphaspecialnum: 1393 (0.76%)
loweralphaspecial: 1383 (0.75%)
mixedalphaspecialnum: 483 (0.26%)
mixedalphaspecial: 268 (0.15%)
specialnum: 191 (0.1%)
special: 61 (0.03%)
upperalphaspecialnum: 48 (0.03%)
upperalphaspecial: 37 (0.02%)
Character set ordering
allstring: 82695 (44.85%)
stringdigit: 47849 (25.95%)
alldigit: 20728 (11.24%)
othermask: 12032 (6.53%)
stringdigitstring: 11274 (6.11%)
digitstring: 5490 (2.98%)
digitstringdigit: 2180 (1.18%)
stringspecialstring: 837 (0.45%)
stringspecialdigit: 521 (0.28%)
stringspecial: 489 (0.27%)
specialstring: 116 (0.06%)
specialstringspecial: 101 (0.05%)
allspecial: 61 (0.03%)
Hashcat masks (Top 10)
?l?l?l?l?l?l: 18462 (10.01%)
?l?l?l?l?l?l?l?l: 17481 (9.48%)
?l?l?l?l?l?l?l: 13981 (7.58%)
?l?l?l?l?l?l?l?l?l: 8045 (4.36%)
?d?d?d?d?d?d: 7726 (4.19%)
?l?l?l?l?l?l?l?l?l?l: 5253 (2.85%)
?l?l?l?l?l: 5249 (2.85%)
?d?d?d?d?d?d?d?d: 5116 (2.77%)
?l?l?l?l?l?l?d?d: 4956 (2.69%)
?l?l?l?l?l?d?d: 3149 (1.71%)
Was wir nun erst einmal sehen sind viele Werte.
Dabei gibt es nun viele die für uns sehr nützlich sind. Zum einen die häufigsten Passwortlängen, die verteilung von groß-, klein- und gemixt geschrieben Worten. Die beste Maske für Hashcat um hier die Passworte am schnellsten knacken zu können usw..
Hier nun gut zu sehen mit der Maske "?l?l?l?l?l?l" (Worte bis 6 Zeichen länge, alles klein) hätten wir hier schon einmal rund 10% aller Passworte geknackt. Zusammen genommen also alle Worte bis 9 Zeichen und nur Kleinschreibung hätten wir nun über 31% der Passworte geknackt. Mit Hashcat wäre das nicht einmal ein halber Tag "Arbeit". Außerdem sieht man relativ gut das über 70% aller Passworte nur 8 Zeichen oder kürzer waren.
Also dann viel Spaß beim Auswerten eurer Listen. Eure Ergebnisse könnt ihr mir gern schicken ich würde in diesem Zusammenhang selbst gern einmal eine "Sinnvolle" große Wortliste erstellen um diese dann ebenfalls auswerten zu können bzw. die euch hier zur Verfügung zu stellen.
Keine Kommentare:
Kommentar veröffentlichen