Skip to main content

creates a massive credential database

Project description

CredentialDatabase

Build Status License: MIT

Create a massive credential database with collections like BreachCompilation or with credentials from password files

Features of CredentialDatabase:

  • develop awesome brute-force/credstuffer attacks which are based on CredentialDatabase
  • build up a huge hash table for SHA1, SHA256, SHA512 and md5 hashes
  • create a REST API interface similar to the ghostproject
  • create a massive password database
  • multithreaded database scripts

BreachCompilation includes billion clear text credentials discovered in a single database (file size: ~42GB)

Content


Installation

installation with pip


pip3 install CredentialDatabase

or from source


sudo python3 setup.py install

or create a wheel for installing the package with pip


sudo python3 setup.py bdist_wheel

install the package with pip


pip3 install CredentialDatabase-1.0.0-py3-none-any.whl

uninstall the package with pip


pip3 uninstall CredentialDatabase

Usage and Examples

BreachCompilationDatabase.py

execute the console script BreachCompilationDatabase


BreachCompilationDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname breachcompilation --breachpath /path/to/BreachCompilation

insert subsequent command to run the script completely in background


nohup BreachCompilationDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname breachcompilation --breachpath /path/to/BreachCompilation &>/dev/null &

or use a tool like screen

Database structure

schemas: 0-9, a-z, symbols (first character from email)
tables: 0-9, a-z, symbols (second character from email)


id | email | password | username | provider | sh1 | sh256 | sh512 | md5 
  • script runtime about 8 days
  • needs disk space for about 569 GB

PasswordDatabase.py

execute the console script PasswordDatabase with --breachpath


PasswordDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname passwords --breachpath /path/to/BreachCompilation

or with --filepath


PasswordDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname passwords --filepath /path/to/CredentialFile --proc 10

insert subsequent command to run the script completely in background


nohup PasswordDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname breachcompilation --breachpath /path/to/BreachCompilation &>/dev/null &

or use a tool like screen

Database structure

schemas: 0-9, a-z, symbols (first character from password)
tables: 0-9, a-z, symbols (second character from password)


password | length | isnumber | issymbol | ts

Postgresql Database Settings

install PostgreSQL dependencies via apt


sudo apt-get install postgresql libpq-dev postgresql-client postgresql-client-common

Follow this tutorial to set up a postgresql environment. For graphical visualization install pgAdmin4.

Postgresql Advanced

create an index only scan for columns email and password


CREATE index idx_pass_email on "a"."d"(email, password);

vacuum the table, so that the visibility map to be up-to-date


VACUUM "a"."d";

Delete a table completely with


drop table "a"."d" cascade

Settings for tuning your postgresql server are here

Logs

logs can be found in /var/log/CredentialDatabase

Troubleshooting

add your current user to group syslog, this allows the application/scripts to create a folder in /var/log. Replace <user> with your current user


sudo adduser <user> syslog

to apply this change, log out and log in again and check with the terminal command groups

Changelog

All changes and versioning information can be found in the CHANGELOG

License

Copyright (c) 2019 Bierschneider Christian. See LICENSE for details

Project details


Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for CredentialDatabase, version 1.0.2
Filename, size File type Python version Upload date Hashes
Filename, size CredentialDatabase-1.0.2-py3-none-any.whl (32.6 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size CredentialDatabase-1.0.2.tar.gz (22.4 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page