Created
February 3, 2016 02:12
-
-
Save cwade12c/b767bfa06049708d9e6b to your computer and use it in GitHub Desktop.
Old-school python implementation of Password Factory v1.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#pf Series v1, by cwade12c. | |
#OpenSource, fully commented - learn from the code, and enjoy! | |
#First, lets import our modules. | |
import sys #system module, for use of exit and whatnot | |
import hashlib #hashlib module, for use of md5, sha1, sha256, sha512 | |
import base64 #base64 module, for use of base64 | |
import time #time module, for use of keeping track of time and sleeping | |
import string #string module... guess what this is for? | |
import re #regexp module, for use of finding and replacing, etc. | |
from pyDes import * #DES module, for use of DES and Triple-DES | |
from random import * #random module, for use of random integers | |
from binascii import unhexlify as unhex #mv-age :] binascii modules, for use of converting between binary and ASCII | |
#End import | |
#Global Declarations - these are variables and whatnot | |
alpha_l = 'abcdefghijklmnopqrstuvwxyz' | |
abc = '[a-z]' | |
DEF = '[A-Z]' #used to be EFG ... abcEFG... gonna leave this comment in for the lol | |
sym = '[!@#$%^&*()-_=+~]' | |
num = '[1234567890]' | |
alpha_c = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' | |
numerals = '1234567890' | |
symbols = '!@#$%^&*()-_=+~' | |
total = int('5') #we start @ 5 for our password strength total. Note that 5 is a very low score. | |
crypto = '' #Our global string to use for crypto'func'ing (cool word haha) raw user imputs. | |
#End declarations | |
#Newline | |
def n(): #now we can just type in n() at anytime, instead of typing... print '\n'... will save some time, haha. :] | |
print '\n' | |
#Just in case we want to clear the screen if it becomes messy... think of clear or cls | |
def wipe(): | |
print '\n' * 100 | |
#RC4 Module - Concept by Thimo Kraemer | |
def rc4(data, key): | |
x = 0 | |
box = range(256) | |
for i in range(256): | |
x = (x + box[i] + ord(key[i % len(key)])) % 256 | |
box[i], box[x] = box[x], box[i] | |
x = 0 | |
y = 0 | |
out = [] | |
for char in data: | |
x = (x + 1) % 256 | |
y = (y + box[x]) % 256 | |
box[x], box[y] = box[y], box[x] | |
out.append(chr(ord(char) ^ box[(box[x] + box[y]) % 256])) | |
return ''.join(out) | |
def Wade(): | |
print ''' | |
::: ::: ::: ::::::::: :::::::::: | |
:+: :+: :+: :+: :+: :+: :+: | |
+:+ +:+ +:+ +:+ +:+ +:+ +:+ | |
+#+ +:+ +#+ +#++:++#++: +#+ +:+ +#++:++# | |
+#+ +#+#+ +#+ +#+ +#+ +#+ +#+ +#+ | |
#+#+# #+#+# #+# #+# #+# #+# #+# | |
### ### ### ### ######### ########## | |
''' | |
#Lets create our own "Welcome message" module, using def(define): | |
def Welcome(): | |
print 'Password Factory v1.2 by cwade12c for http://haxme.org/' | |
print 'All systems go!' | |
print 'http://www.gnu.org/licenses/gpl.html' | |
print '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' | |
n() | |
print '-agen = alphanumeric password generation' | |
print '-fgen = full standard password generation' | |
print '-hgen = full standard password generation + hash' | |
print '-c = hash && cipher output of any given string' | |
print '-s = check how strong a password is' | |
print '-w = create a memorable & secure password via a wizard' | |
print '-b = run benchmarking tool' | |
print '-a = about this software' | |
print '-h = help' | |
n() | |
#Lets create a test module, in which the user will know if their computer supports certain crypto functions or not | |
def chkmod(): | |
gstring = "".join(choice(alpha_l + alpha_c + numerals + symbols) for x in range(randint(24,24))) #it's global string silly... ++ 16 chars for appropriate bytes for des key | |
sexyhexy = gstring.encode('hex') #take note of how we hex given values. 'sometext'.encode('hex') | |
n() | |
print 'G-String: ' + gstring #rawr | |
print 'G-String(Hex): ' + sexyhexy | |
print 'MD5 chk: ' + hashlib.md5(gstring).hexdigest() + ' [OK]' | |
print 'SHA1 chk: ' + hashlib.sha1(gstring).hexdigest() + ' [OK]' | |
print 'SHA256 chk: ' + hashlib.sha256(gstring).hexdigest() + ' [OK]' | |
print 'SHA512 chk: ' + hashlib.sha512(gstring).hexdigest() + ' [OK]' | |
print 'Base64 chk: ' + base64.b64encode(gstring) + ' [OK]' | |
dk = triple_des(unhex(sexyhexy)) #we are going to use our custom triple_des function, and unhex our variable 'sexyhexy'. 'sexyhexy' is our DES key! | |
d1 = dk.encrypt(gstring) #here we encrypt any given data (in this case, variable 'gstring') via Triple-DES. | |
print ("DES3 chk: %r" % d1) + ' [OK]' | |
r1 = rc4(gstring,sexyhexy) | |
print ("RC4 chk: %r" %r1) + ' [OK]' | |
#Lets be able to benchmark generation speed. This isn't the actual benchmarking module, BUT - this is for startup, to make sure everything is working okay. | |
#If the computer can't get passed this part, then it probably shouldn't be running Password Factory. :[ | |
def stretch(): | |
stretchcount = int(1) #We start our counter at 1. | |
start_s = time.clock() #We also start our timer. | |
while stretchcount != int('250'): #We are going to keep looping the below code for this "while" block, until stretchcount == 100. Note that each loop + 1 | |
stretchmark = "".join(choice(alpha_l + alpha_c + numerals + symbols) for x in range(randint(12,24))) #Gotta love those stretchmarks. :) | |
print stretchmark | |
stretchcount = stretchcount + 1 #+1. So this will loop 99 more times. | |
stop_s = time.clock() #After looping is finished, stop timing, and assign time value to a stop_s variable. | |
n() #\n | |
calculate = ('%f' % (stop_s-start_s)) #Creating a new var for convinience called "calculate". This takes the start time of the loop at matches it with the end time. | |
print 'Hashlib, Triple-DES, RC4, 250 passwords generated in ' + calculate + ' seconds.' | |
print 'All good.' | |
time.sleep(1) #We should be all good now. Sleep for 1 second to prevent any freakouts or epilepsy attacks. | |
wipe() #wipe the screen, to keep things clean, I'm a rhyming machine! | |
#Lets create our own module to crypt a given string our user imputs. | |
#We do this to keep our code clean, so our code is less repetitive. :) | |
def gethash(): | |
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" | |
print "#############################Hash Outputs############################" | |
print "md5 ~> " + hashlib.md5(crypto).hexdigest() #notice hexdigest() | |
print "sha1 ~> " + hashlib.sha1(crypto).hexdigest() #works with each | |
print "sha256 ~> " + hashlib.sha256(crypto).hexdigest() #crypto func | |
print "sha512 ~> " + hashlib.sha512(crypto).hexdigest() #from hashlib | |
print "#############################Base64##################################" | |
print "base64 ~> " + base64.b64encode(crypto) #base64 uses .b64encode | |
print "#############################Triple-DES##############################" | |
des_key = "".join(choice(alpha_l + alpha_c + numerals + symbols) for x in range(randint(24,24))) #24 byte key | |
des_iv = "".join(choice(numerals) for x in range(randint(8,8))) #8 byte IV | |
dk = triple_des(des_key, CBC, (des_iv), pad=None, padmode=PAD_PKCS5) #triple_des whatever our key is with our IV, set PAD to none, and PADmode to PKCS5 | |
d1 = dk.encrypt(crypto) #Now encrypt, and assign to a variable ready for output | |
print ("DES3 ~> %r" %d1) #This prints our encrypted data | |
print ("DES3 Initialization Vector ~> " + des_iv) #this prints out IV | |
print ("DES3 Mode ~> CBC") #this shows our mode - the mode is important to the user. | |
print ("DES3 Key ~> " + des_key) #this shows the key - it is hard to decrypt without the key! | |
print "#############################RC4#####################################" | |
rc4_key = "".join(choice(alpha_l + alpha_c + numerals + symbols) for x in range(randint(16,32))) | |
rc4_output = rc4(crypto,rc4_key) | |
print ("RC4 ~> %r" %rc4_output) | |
print ("RC4 Key ~> " + rc4_key) | |
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" | |
#thanks to jlm and his guide for stripping the first letter from every word | |
def wtrim( s ): #make it a module, named wtrim | |
return ''.join( [ lett[0] for lett in s.split() ] ) #this wil strip letter "0" from each word | |
#end | |
#Begin Application | |
chkmod() | |
stretch() | |
Wade() | |
Welcome() | |
#End Begin | |
done = False #Lets assign a False input to var done | |
while not done: #So while done is... False, then the below code will keep looping. | |
command = raw_input('-> ') #raw_input is good for a string, and is safer to use most of the time. | |
if command == '-c': | |
instance_c = raw_input('String: ') | |
crypto = instance_c | |
gethash() | |
elif command == '-agen': | |
instance_amount = input('Length: ') #I use input instead of raw_input for integers. | |
draw_amount = "".join(choice(alpha_l + alpha_c + numerals) for x in range(randint(instance_amount,instance_amount))) #look at our global declarations. | |
print draw_amount | |
elif command == '-fgen': | |
instance_amount = input('Length: ') | |
draw_amount = "".join(choice(alpha_l + alpha_c + numerals + symbols) for x in range(randint(instance_amount,instance_amount))) | |
print draw_amount | |
elif command == '-hgen': | |
instance_amount = input('Length: ') | |
draw_amount = "".join(choice(alpha_l + alpha_c + numerals + symbols) for x in range(randint(instance_amount,instance_amount))) | |
print "Your password is: " + draw_amount | |
crypto = draw_amount | |
gethash() | |
elif command == '-h': | |
print '-agen = alphanumeric password generation' | |
print '-fgen = full standard password generation' | |
print '-hgen = full standard password generation + hash' | |
print '-c = hash && cipher output of any given string' | |
print '-s = check how strong a password is' | |
print '-w = create a memorable & secure password via a wizard' | |
print '-a = about this software' | |
print '-h = help' | |
elif command == '-a': | |
print 'Password Factory v1.2 by cwade12c for http://haxme.org/' | |
print '+++++++++++++++++++++++++++++++++++++++++++++++++++++++' | |
print 'Release notes: This is coming together well. I will be' | |
print 'implementing a stronger CL system for you all... in' | |
print 'which you can just type -md5 "somestring" and get' | |
print 'an output like that. :)' | |
print 'Also, be on the lookout for implemented bruteforcing.' | |
print 'If you paid for this tool, then you got scammed.' | |
print '+++++++++++++++++++++++++++++++++++++++++++++++++++++++' | |
elif command == 'exit': | |
sys.exit() #exit application | |
elif command == '-s': | |
total = int('5') | |
passstr = raw_input('Enter in a password: ') | |
#This password strength checker uses basic and random math I came up with. I mostly did a lot of trial and error, and didn't plan it out. | |
#For the most post, this is accurate math; if you would like to improve it, PLEASE, do so. | |
if len(passstr) < 4: | |
total = total - 5 | |
if len(passstr) > 3 and len(passstr) < 6: | |
total = total + 1 | |
if len(passstr) > 5 and len(passstr) < 8: | |
total = total + 1 | |
if len(passstr) > 7 and len (passstr) < 10: | |
total = total + 2 | |
if len(passstr) > 9: | |
total = total + 3 | |
if re.search(''+abc,passstr) and re.search(''+DEF,passstr) and re.search('.'+sym,passstr) and re.search(''+num,passstr): | |
total = total + 4 | |
elif re.search(''+abc,passstr) and re.search(''+DEF,passstr) and re.search('.'+sym,passstr): | |
total = total + 3 | |
elif re.search(''+abc,passstr) and re.search(''+num,passstr) and re.search('.'+sym,passstr): | |
total = total + 3 | |
elif re.search(''+EFG,passstr) and re.search('.'+sym,passstr) and re.search(''+num,passstr): | |
total = total + 3 | |
elif re.search(''+abc,passstr) and re.search(''+DEF,passstr) and re.search(''+num,passstr): | |
total = total + 2 | |
elif re.search(''+abc,passstr): | |
total = total - 2 | |
elif re.search(''+DEF,passstr): | |
total = total - 2 | |
elif re.search(''+sym,passstr): | |
total = total - 2 | |
elif re.search(''+num,passstr): | |
total = total - 2 | |
else: total = total + 1 | |
if total < 6: | |
sresult = 'Weak' | |
elif total < 7 and total > 5: | |
sresult = 'Poor' | |
elif total < 8 and total > 6: | |
sresult = 'Vulnerable' | |
elif total < 10 and total > 7: | |
sresult = 'Decent' | |
elif total < 11 and total > 9: | |
sresult = 'Good' | |
elif total < 12 and total > 10: | |
sresult = 'Great' | |
elif total > 11: | |
sresult = 'Strong' | |
print 'Your password is: ' + sresult | |
print 'Shall we crypt it? [y/n]' | |
hspass = raw_input('-> ') | |
if hspass == ('y') or hspass == ('Y'): | |
crypto = passstr | |
gethash() | |
else: | |
print 'zZz...' | |
#This is a fun idea. | |
elif command == '-w': | |
print 'Welcome to the Password Factory Wizard.' | |
print 'This wizard will help you create a secure and MEMORABLE password.' + '\n' | |
print 'Lets start this off. What is the name of your favorite sports star?' | |
sport = raw_input('-> ') | |
print 'Good. Now, what is your favorite beverage?' | |
drink = raw_input('-> ') | |
print 'What is your favorite number?' | |
fnum = input('-> ') | |
print 'What is your favorite number x 2? [e.g. Fav number is 4, answer is 8]' | |
fnum2 = input('-> ') | |
print 'Who is your favorite singer?' | |
sing = raw_input('-> ') | |
print 'Type three symbols that you will remember.' | |
favs = raw_input('-> ') | |
nsport = wtrim( sport ) | |
ndrink = wtrim( drink ) | |
nsing = wtrim( sing ) | |
mempass = '\nYour memorable password is: ' + nsport.upper() + ndrink.lower() + str(fnum) + str(favs) + nsing + str(fnum2) | |
print mempass | |
print 'This will reside to: ' + sport.upper() + ' - ' + drink.lower() + ' - ' + str(fnum) + ' - ' + str(favs) + ' - ' + sing + ' - ' + str(fnum2) + '\n' | |
print 'Shall we crypt it? [y/n]' | |
wspass = raw_input('-> ') | |
if wspass == ('y') or wspass == ('Y'): | |
crypto = mempass | |
gethash() | |
else: | |
print 'zZz...' | |
elif command == '-b': | |
print 'Full benchmark + diagnostics coming in the next release! Hoorah!' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment