Introduction: Password Brute-forcer in Python

Introduction

To be clear, while this is a tutorial for how to create a password brute-forcer, I am not condoning hacking into anyone's systems or accounts. This is a very inefficient method which I decided to upload as I thought that many others may find it to be an interesting task (or just want some nerdy bragging points). If you wish to test it out using pyautogui: I recommend creating a website in html that does not use Capatcha and has a simple password and hosting it locally so that you can attempt to access that. Now before you continue to read on: if you want to create this entirely on your own then I do not recommend continuing to read on past the 1st section (which you will need) as this tutorial will contain many hints as this is relatively advanced programming. Likewise if you just want the code itself do not bother reading the whole (just the 1st part of the 1st section) tutorial as I attach a copy of the code below. There are also certain sections that refer to pyautogui, if you wish to only "print" or match the passwords then ignore these sections but if you want python to use your keyboard to type out the passwords then you will need to follow those instructions.

Step 1: Downloading Modules and Importing Built in Ones.

PyAutoGUI download (ignore this section if you don't want to use the keyboard inputs) you will still need to follow this step if all you want is the code

You will need to import itertools and you may also want to import time but it is not necessary (they are both built in functions)

If you don't want to have any more help than this I would strongly recommend looking into these modules if you are not already familiar with them.

Step 2: Create Your Starting Variables

You will need to create a string called "Alphabet" that contains all of the characters you wish to use. You could also create a list but that would take a lot longer to type out and would be no more effective.

You will also need to create a string under the name "username" that is set to either input or the username you wish to use or if you are not using PyAutoGUI you will want to set a variable called "password" and set it to user input. You do not need have a password function for PyAutoGUI as you would most likely be entering the password into a password input box so instead you have a username for the program to type out.

If you want to time the process (recommended for not using PyAutoGUI) then you will need to create a variable called "start" and assign it the value time.time()

Finally, you will need to create an integer called "CharLength" and assign it a value of 1. This will be used later to tell the in-built function itertools.products() how long the combinations should be. You do not technically need to create this variable but otherwise itertools.products runs through combinations with 0 characters which, when collecting data (e.g. averages) can mess with statistics.

This should look like this (do not read this if you want to do it for yourself):

<p>import pyautogui</p><p>Alphabet = ("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_.")</p><p>CharLength = 1</p><p>username = "pancakehax@gmail.com"</p>

or if you aren't using PyAutoGUI:

<p>Alphabet = ("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_.")</p><p>Password = input("What is your password?\n")
start = time.time()
counter = 1
</p><p>CharLength = 1</p>

Step 3: Creating the Brute-forcer Part 1

You will need to create a "for" loop that continues to run while your CharLength variables is not larger than the maximum number of characters you want (I suggest 25). This is not necessary but if you are planning on leaving it running for a long time then you would most likely want it to stop at some point as once it gets past a certain number of characters, it is most likely not working correctly.

Within this for loop you want to create a variable (i recommend calling it passwords) and assigning it the value itertools.product(Alphabet, repeat = CharLength) the variable will now be a generator from which you need to yield. Remember not to just print this as that will not work.

The way in which you print the products of a generator is:

for i in [generator name]:

<p>print(i)</p>

But this is also not yet perfect as it would return the values "('a',)('b',) ('c',) ('d',)" which would be less than ideal; in order to remove this problem you will need to create a string version of the output and use the ".replace" built in function to remove any parts of the output that are not part of the actual attempt. You should use this format:

i = str(i)<br>i = i.replace(",","")

After this it changes significantly depending on if you are using PyAutoGUI or not; follow the corresponding final part of the tutorial.

Step 4: Creating the Brute Forcer Part 2: With PyAutoGUI

Warning: this step is only for if you are using and have downloaded PyAutoGUI: if you have not then please use the next step instead.

You will now need to use "pyautogui.typewrite()" to type the variable you created under the name username. This is important because most sites have a username box and so you should create one that has the same but if you don't need to use it, just ignore this part. You could do it like this:

pyautogui.typewrite(username)

Afterwards you will need to use the pyautogui functions keyDown and keyUp in order to press the enter key so that the website knows you have finished typing the username.

you will then need to do the same but instead have the program type the password (ensuring it still presses enter).

Step 5: Creating the Brute Forcer Part 2: Without PyAutoGUI

If you are not using pyautogui then you will want to check if the current attempt is equal to the password the user has entered.

If it is then you should create a variable called "end" and assign it the value time.time() then create another variable called "timetaken" and make that end - start; this tells you how long it took to find the password. Then you should tell the user how long it took to find their password as well as how many attempts.

After this you should, using the formula counter/timetaken, tell the user how many attempts were made per second.

Finally you need to print off their password so that they know the program correctly identified their password.

Step 6: How You Code Should Look at the End

If you used PyAutoGUI:

import itertools
import time

import pyautogui

Alphabet = ("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_.")

CharLength = 1

username = "pancakehax@gmail.com"
for Index in range(25):
    passwords = (itertools.product(Alphabet, repeat = Index))
	for i in passwords:
        i = str(i)
        i = i.replace("[", "")
        i = i.replace("]", "")
        i = i.replace("'", "")
        i = i.replace(" ", "")
        i = i.replace(",", "")
        i = i.replace("(", "")
        i = i.replace(")", "")
        pyautogui.typewrite(username)
        pyautogui.keyDown("enter")
        pyautogui.keyUp("enter")
        pyautogui.typewrite(i)
        pyautogui.keyDown("enter")
        pyautogui.keyUp("enter")
    Index += 1

If you did not:

<p>import itertools
import time
Alphabet = ("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_.")
Password = input("What is your password?\n").

start = time.time()

counter = 1</p><p>CharLength = 1

for CharLength in range(25):
    passwords = (itertools.product(Alphabet, repeat = CharLength))
    print("\n \n")
    print("currently working on passwords with ", CharLength, " chars")
    print("We are currently at ", (counter / (time.time() - start)), "attempts per seconds")
    print("It has been ", time.time() - start, " seconds!")
    print("We have tried ", counter, " possible passwords!")
    for i in passwords:
        counter += 1
        i = str(i)
        i = i.replace("[", "")
        i = i.replace("]", "")
        i = i.replace("'", "")
        i = i.replace(" ", "")
        i = i.replace(",", "")
        i = i.replace("(", "")
        i = i.replace(")", "")
        if i == Password:
            end = time.time()
            timetaken = end - start
            print("Found it in ", timetaken, " seconds and ", counter, "attempts")

            print("That is ", counter / timetaken, " attempts per second!")
            print(i)
            input("Press enter when you have finished")
            exit()

Comments

author
ArtemR10 (author)2017-03-26

thx!

author
Kiteman (author)2016-05-05

Welcome, Hax!

(Check your inbox.)

author
Kiteman (author)Kiteman2016-05-05

Oh, and I voted!

author
wold630 (author)2016-05-04

Thanks for sharing!

About This Instructable

2,808views

30favorites

License:

Bio: Just some nerdy ass guy.
More by Pancake Hax:Password brute-forcer in python
Add instructable to: