When cracking passwords, efficiency is everything. You've spend hard earned money on GPUs, you may as well optimise your password lists to make sure that you don't waste time hashing passwords that are out of policy for your target organisation. So that's simple enough with a few grep and sed commands but after a while you start to feel lazy and script it. Thats why I've added password policy script to my password munging script . Using the policy script is pretty straightforward: ./policy.py -luns passwords.txt -o passwordsinpolicy.txt The switches are as follows: -l --lowercase passwords must include lowercase letters -u --uppercase passwords must include uppercase letters -n --numeric password must include numbers -s --special passwords must include special characters All of the above are switched on by default. The input file must have each password on a separate line. There are also the following optional switches: -m --min minimu
Thoughts on InfoSec, OpSec and Red Teaming