Skip to main content

No project description provided

Project description

ComPP

ComPP - Company Passwords Profiler

Build GitHub forks GitHub stars GitHub

PyPI - Python Version

Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.

 ▄████████  ▄██████▄    ▄▄▄▄███▄▄▄▄      ▄███████▄    ▄███████▄ 
███     ██ ███    ███ ▄██▀▀▀███▀▀▀██▄   ███    ███   ███    ███ 
███    █▀  ██     ███ ███   ███   ██    ███    ███    ██    ███ 
███        ███    ███ ███   ███   ███   ███    ███   ███    ███ 
███        ███     ██ ███   ███   ███ ▀█████████▀  ▀█████████▀  
██     █▄  ███    ███ ███   ███   ███   ███          ███        
███    ███ ███    ███ ███    ██   ███   ██           ██         
 ███████▀   ▀██████▀   ▀█   ███   █▀   ▄████▀       ▄████▀  :)    
 
Version : 1.0.5  

usage: compp [-h] [-p PERMUTATIONS] [-c CONFIG] [-l] [-n] [-o OUTPUT] [-v] [input_file]

Company Passwords Profiler (ComPP)

positional arguments:
  input_file            company.json input file

optional arguments:
  -h, --help            show this help message and exit
  -p PERMUTATIONS, --permutations PERMUTATIONS
                        Number of permutations
  -c CONFIG, --config CONFIG
                        Configuration file
  -l, --leet            Add 1337 passwords transformation
  -n, --numbers         Add numbers to password
  -o OUTPUT, --output OUTPUT
                        Directs the output to a file of your choice
  -v, --version         Show the version of this program

What ❓

The tool responds to a need to generate wordlists quickly with few inputs. The generated passwords will contain generic company informations with transformation such as APPNAME2019! or Company75000$.

The main use of the generated wordlist is with remote bruteforce and password spraying attack such as a ssh service or a WordPress website.

This tool aims to replace CeWL because web scrapping is not be the most efficient way to generate a wordlist.

Note: If you have time to perform OSINT research against the targeted users, you may use tools such as CUPP or BEWGor to complete your wordlist.

Install ⚙️

On BlackArch :

BlackArch package

sudo pacman -Syu compp

With PIP from PyPI packages :

PyPI

pip install ComPP

With python from GitHub repository :

GitHub tag (latest SemVer)

git clone git@github.com:sec-it/ComPP.git
cd ComPP
python setup.py install

Inputs 🔡

User inputs can either be filled in the interactive prompt or through a json file. If an input is unknown to the user, it suffices to leave the field empty in order to go to the next field. Here is the full program prompt:

$ compp

 ▄████████  ▄██████▄    ▄▄▄▄███▄▄▄▄      ▄███████▄    ▄███████▄ 
███     ██ ███    ███ ▄██▀▀▀███▀▀▀██▄   ███    ███   ███    ███ 
███    █▀  ██     ███ ███   ███   ██    ███    ███    ██    ███ 
███        ███    ███ ███   ███   ███   ███    ███   ███    ███ 
███        ███     ██ ███   ███   ███ ▀█████████▀  ▀█████████▀  
██     █▄  ███    ███ ███   ███   ███   ███          ███        
███    ███ ███    ███ ███    ██   ███   ██           ██         
 ███████▀   ▀██████▀   ▀█   ███   █▀   ▄████▀       ▄████▀  :)    
 
Version : 1.0.5  

Fill the differents inputs (case insensitive). Leave blank for unknow fields.

[+] Enter company/application names (comma separated): Company,Comp
[+] Enter company zip codes (comma separated): 75,75000
[+] Enter company cities names (comma separated): Paris
[+] Useful keywords (comma separated): Appname

Or

$ compp example.json

Outputs

Output size may vary with the provided options. Here is a preview of what you can expect with the default options:

75#Appname
75000%company
Appname1995?
appname$
appname1995+
CompParis2000
Company75000!
COMPANYAPPNAME2019#
PARISCOMP!
ParisCompany2021_
Paris75000@
...

What are the proposed transformations ?

  1. First, the tool compute case transformation for each fields (lowercase, UPPERCASE and Capitalize). The originals set of fields and the 3 generated sets are added to the wordlist.
  2. Then, the tool apply itertools.combination() on each set with a default size up to 2. The use of such combination avoid having the same word twice in the same password. The generated combinations are added to the wordlist
  3. The tool add a range of years to the previously generated wordlist. The original wordlist is also kept.
  4. The tool add a range of special chars to the previously generated wordlist. The original wordlist is also kept.
  5. (Optional) The tool add a range of numbers to the previously generated wordlist. The original wordlist is also kept.
  6. (Optional) The tool add a l33t transformation to the previously generated wordlist. The original wordlist is also kept.

Author

Made by Alex G. (@zeecka_), pentester at SEC-IT.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ComPP-1.0.5.tar.gz (6.8 kB view details)

Uploaded Source

File details

Details for the file ComPP-1.0.5.tar.gz.

File metadata

  • Download URL: ComPP-1.0.5.tar.gz
  • Upload date:
  • Size: 6.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.6.1 pkginfo/1.7.1 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.2 CPython/3.9.6

File hashes

Hashes for ComPP-1.0.5.tar.gz
Algorithm Hash digest
SHA256 d940965683df73ef009a7da9dd81634ed312aca408b2f5ab56fddf055e745a8d
MD5 0d332688a82321916ba8fed0f63101ed
BLAKE2b-256 53e38c3f279e486797937d3a0e1114558a8da03f54dce5e9f6585c7a6df21540

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page