rad10 / brutesleuth Goto Github PK

Since the codes file structure is already in the form of a pip package, what would be helpful is a hook to automatically take every release tag and automatically build python packages. This will best be done using GitHub Actions.

There is starting to be quite a lot of functions that this tools API provides, and a lot more are planned for the future. Because if this, it would be a good idea to write a docs folder and/or a wiki section to document all the functions and what they do.

Often times, the passwords are so big that it is unrealistic to store all of them on a hard drive. Less than half of all the combinations of 8 characters between a-z0-9 took up roighly 12.9GB on my hard drive.

The reality of the matter is that if This tool is going to make large wordlists for bruteforcers like john and hashcat, it needs to be able to make them generate the next password for storage/memory sake. The best way to do this is to take a string with all its constants and unknown variables and create a rules list for either program to follow the steps to make the next password as instructed.

The permutative chains that were used to create the lists given were built as iterators due to the potential scale of the number of passwords generated. If you ran for an 8 character password that contains some combination of lowercase alphanumeric characters (both lowercase and numbers), you would get a list of this many passwords:

(26 + 10)^8 = 36^8 = 2,821,907,456

This will not only fill up anyones harddrive very quickly, those passwords cannot be held in memory. This process was handled by making every combination generate the next pair manually rather than holding each combination in memory. The problem we face here is that itertools.product is taking all the iterators its given and secretly putting every combination into memory when its not supposed to. The easiest (yet most obnoxious) way to deal with this is to remove product all together and implement a different that acts just like product but on a genuine iterative standpoint.

The readme not only is outdated, but is not a sexy look. The readme should be vamped up with some of these additions in order to draw in peoples interest while also describing a lot more. The readme can only be considered finished once these are done:

• Better title and logo (possible use of png art)
• Labels for survivability: build, test coverage, pypi, license. Like shown on pwntools
• table of contents
• what is BruteSleuth
• Why use BruteSleuth
• How to use BruteSleuth
• Examples
• How to install BruteSleuth
• Contribution
• Credits

In order to build an RPM file, a PKGBUILD file is required to know how to compile and install the package on systems such as Arch Linux. One of the next steps I should work on is Adding these files to make AUR able to easily build this tool

Since the project includes binaries that are intended to be run by the commandline, it will be a great inclusion to keep an up to date man page for all executables that are included by this project. This can (and will) be utilized by the RPM and DEB packages created for this project.

There have been multiple times where I go to use this tool and I have to stop it because it takes too long to make all the given passwords and I need to do something else. What would be really helpful in this case is a way for me to go back to where I was without restarting the whole process. A simple solution would be to provide an argument that tells the program where to start in the process.

With some of the combinations that this program creates, it can output billions of different combinations, but we only want a select amount. It would be a good idea to implement an argument to tell the generator to stop after N iterations.

Something that is going to be important if this project is going to be both a tool and a library is openness and accessability to contribute to this project. I am not going to be able to make everything perfect. There will be problems that I cant solve, features that I cant imagine, and efficiencies that are beyond my skill level. I would love to allow contributions from people, so I need to make guidelines on how contributing should go.

The tool can already make masks based off of F-strings, but one thing that might be more useful to people is a way to get a wordlist based off a given mask. Hashcat and John will use a mask to make their own wordlist that can only be accessible to themselves, but there are many bruteforce tools that cannot even utilize masks to generate their own wordlists. What would be helpful is a way to take a mask and create all possible passwords based off of it.

The tool and library are all built to be fully compatible with f-strings. This allows for any given unknown to be filled and guided utilizing F-strings to get all possible combinations of the password that are desired. All the internal generation tools utilized for permutation are all independant of the process used to collect the values, so it would be a great idea to include functionality to convert a regex string into a permutatable engine. It'll allow higher access and control over what strings may be available.

What I want is to use GitHub Actions to make all releases include a deb package that GitHub automatically compiles then attaches it to the release. I have found that it is both difficult to make github compile source into a Debian package and make discord automatically attach a file to a release. Once I can figure out these two problems, a lot of problems down the future will become manageable.

One crucial piece in all big projects is a testing framework that can take any changes or improvements and can check that any new or changed code still works as intended. These modules that I make for testing the functionality of both the given application and individual library components is crucial for insuring that all code produced works as intended.