WeakPF – The Weak Password Finder
Brief:
One of the first things I usually do at the beginning of every Penetration Test engagement is online password guessing. Password guessing is usually one of the easiest methods to hack systems and always leads to sensitive information. WeakPF is a black box Weak Password Finder written in Python which is specifically designed to find protected network services and try to crack them by combining the powers of Nmap (the de-facto standard tool for network exploration) and Online Password Guessing tools such as Ncrack. It’s intended to be used by penetration testers or windows administrators. The code base is Open Source and licensed under the GPLv3.
Current Features include:
- Network exploration for Windows SMB services (Future features will support more services)
- SMB password guessing
Download:
WeakPF is hosted on Google Code at http://weak-password-finder.googlecode.com/files/weakpf.py
Installation:
- WeakPF requires both nmap and ncrack to work:
To install nmap: http://nmap.org/download.html
To install ncrack: http://nmap.org/ncrack/
- “cd” to the directory where you downloaded weakpf.py and type:
Prior to running WeakPF, you will have to create a small password file. It’s always better to keep the password list as small and relative as possible.
Tested on Ubuntu Linux and Mac OSX
Screenshot & Usage:
The tool is user interactive. You don’t have to memorize CMD switches.
Future versions:
If you find this tool useful and would like to see new features, please do let us know by commenting, contributing and reporting bugs. Some of the features I plan to include in future versions:
- Ability to produce relative password lists
- Ability to assess more services, including Telnet, SSH and VNC
- Much much more.
8 Comments
Trackbacks/Pingbacks
- BarCamp Kuwait Three | BarCamp Kuwait - [...] Weak Password Finder, by Ali Al-Hebshi. [...]
Leave a Comment
Advertisement
Excellent tool. Really helps in minimizing time required to build IP lists.
Would love to see future versions.
Thanks Nabil.
Really great work
. This tools dose not solve big problem but it minimize time and combine the power of two tools (nmap & ncrack). I tested the tool and it works like a charm. I have the following comments on the tool:
1. To support more protocols which I know is the plan for future releases
2. Give time elapsed for each cracking progress.
3. Hmmm, let’s say we have different machines with SMB enabled when cracking them do you give the whole list to ncrack or machine by machine?
Good luck
Glad you find it useful, Muhanad. Please find below my feedback on points you raised:
1. Will do in future versions.
2. That will be useful big time. I’ll think of ways to accomplish this!
3. That’s right. The whole list, neat and clean, is given to Ncrack. Ncrack will attack IP’s, one by one, but if you have multiple usernames, it’ll try first username with the first password, the second username again with first password…etc. So, it’s smart to keep most common passwords at the beginning of the list so they will be tried out first.
Thanx.
It’s cool wrapper
. Use subprocess instead of os and use ‘not’ statement instead of is ” or == ”.
. Just use the class.inst
Also like what Muhanad said let it support more protocols.
what’s the need of the disable method ?
Good luck with it.
Thanks Ahmed, will consider points raised in future versions.
Excellent tool. Much need in the industry. Good work
Running it against a large network segment with a small but related password list and “Administrator” account never failed me. Thanks.