gentle_brute 0.0.1

data/.gitignore

@@ -0,0 +1,6 @@
+.komodotools
+*.komodoproject
+old/
+*.txt
+*.gem
+Gemfile.lock

data/Gemfile

@@ -0,0 +1 @@
+gemspec

data/bin/GentleBrute

@@ -0,0 +1,297 @@
+#!/usr/bin/env ruby
+
+require 'digest/md5'
+require 'slop'
+require 'gentle_brute'
+require 'curses'
+include Curses
+
+def pretty_time_string time
+    hours = (time/3600).to_i
+    minutes = (time/60 - hours * 60).to_i
+    seconds = (time - (minutes * 60 + hours * 3600))
+    "%02d:%02d:%02d" % [hours, minutes, seconds]
+end
+
+def crack_md5_list file_path
+    if not File.exists? file_path
+	puts "[!] ERROR: '#{file_path}' does not exist."
+	return
+    end
+
+    target_hashes = File.read(file_path).split("\n")
+    unbroken_hashes = target_hashes.dup
+    cracked_hashes = {}
+    b = GentleBrute::BruteForcer.new
+    start_time = Time.now.to_f
+
+    Curses.init_screen()
+    Curses.noecho()
+    Curses.stdscr.nodelay = 1
+    Curses.curs_set(1)
+
+    Curses.start_color
+    # Determines the colors in the 'attron' below
+    Curses.init_pair(COLOR_GREEN,COLOR_GREEN,COLOR_BLACK) 
+    Curses.init_pair(COLOR_RED,COLOR_RED,COLOR_BLACK)
+
+    win = Curses::Window.new(0, 0, 0, 0)  
+    win.setpos(1, 0)
+    win.addstr("== Attempting to crack target hashes using heuristic brute forcing ==".center(Curses.cols))
+    win.setpos(2, 0)
+    win.addstr("(Press 'q' to quit at any time)".center(Curses.cols))
+    win.setpos(4, 0)
+    header = "Phrase | MD5 Hash (Phrase)                | MD5 Hash (Target)"
+    divider = ("-" * 77) + "  "
+    while header.length < divider.length
+	header += " "
+    end
+    win.addstr(header.rjust(Curses.cols))
+    win.setpos(5, 0)
+    win.addstr(divider.rjust(Curses.cols))
+
+    while unbroken_hashes.length > 0
+	break if Curses.getch == ?q
+	phrase = b.next_valid_phrase
+	attempt_hash = Digest::MD5.hexdigest(phrase)
+	output_phrase = phrase
+
+	row = 6
+	target_hashes.each do | target_hash |
+	    if cracked_hashes.key? target_hash
+		new_phrase = cracked_hashes[target_hash]
+		new_hash = target_hash
+		line = "#{new_phrase} | #{new_hash} | #{target_hash}   "
+		offset = (line.rjust(Curses.cols).length) - line.length
+		win.setpos(row, offset)
+		win.attron(color_pair(COLOR_GREEN)|A_NORMAL){
+		    win.addstr(new_phrase)
+		}
+		win.addstr(" | ")
+		win.attron(color_pair(COLOR_GREEN)|A_NORMAL){
+		    win.addstr(new_hash)
+		}
+		win.addstr(" | ")
+		win.attron(color_pair(COLOR_GREEN)|A_NORMAL){
+		    win.addstr(target_hash)
+		}
+	    else
+		line = "#{output_phrase} | #{attempt_hash} | #{target_hash}   "
+		win.setpos(row, 0)
+		win.addstr(line.rjust(Curses.cols))
+	    end
+	    
+	    if attempt_hash == target_hash
+		unbroken_hashes.delete target_hash
+		cracked_hashes[target_hash] = output_phrase
+	    end
+
+	    row += 1
+	end
+
+	# Add time elapsed information
+	win.setpos(row, 0)
+	win.addstr(divider.rjust(Curses.cols))
+	row += 1
+	time_elapsed = Time.now.to_f - start_time
+	time_elapsed_string = "Time Elapsed: #{pretty_time_string time_elapsed}   "
+	win.setpos(row, 0)
+	win.addstr(time_elapsed_string.rjust(Curses.cols))
+	row += 1
+	win.setpos(row, 0)
+	win.addstr(divider.rjust(Curses.cols))
+
+	win.refresh
+    end
+    win.refresh
+    win.close
+
+    puts
+    puts "[+] Password cracking finished"
+    if cracked_hashes.keys.length > 0
+	formatted_date = Time.now.strftime("%m_%d_%Y_%H_%M")
+	file_name = "passwords-#{formatted_date}.txt"
+	results = []
+	cracked_hashes.keys.each do | cracked_hash |
+	    result = "#{cracked_hashes[cracked_hash]}\t#{cracked_hash}"
+	    results << result
+	end
+	File.open(file_name, "w") { |f| f.write results.join "\n" }
+	puts "[+] Saved results to #{file_name}"
+    end
+end
+
+Slop.parse :help => true do | opts |
+    opts.banner "GentleBrute [options]"
+
+    opts.on "word-list=", "Generate a word list of valid English-like words and phrases for a given length" do | length |
+	length = length.to_i
+	start_time = Time.now.to_f
+
+	puts "[+] Generating valid words with a length #{length} characters."
+	words = []
+	b = GentleBrute::BruteForcer.new(start_length=length)
+	print "\r[+] Words generated: #{words.length}"
+	while true
+	    phrase = b.next_valid_phrase
+	    break if phrase.length > length
+	    words << phrase
+	    print "\r[+] Words generated: #{words.length}"
+	end
+	puts ", Finished!"
+	puts "-" * 60
+
+	puts "[+] Generated #{words.length} potential passphrases"
+	chars = ('a'..'z').to_a + ["'"]
+	potential_combinations = chars.length ** length
+	puts "[+] There are #{potential_combinations} total potential combinations for the length you provided"
+	percent = 100 - ((words.length * 100)/potential_combinations)
+	puts "[+] Gentle-Brute reduced the number of hashes you would need to try by #{percent}%"
+	puts "-" * 50
+
+	puts "[+] Saved generated words to the file, words-#{length}.txt"
+	File.open("words-#{length}.txt", "w") { |f| f.write words.join "\n" }
+
+	puts "[+] Total time spent: #{Time.now.to_f-start_time}"
+    end
+
+    opts.on "cross-compare-crack=", "Cross compare brute force cracking times for a given md5 hash between GentleBrute, and regular brute forcing." do | target_hash |
+	start_length = 1
+	puts "-" * 75
+	puts "[+] Attempting to crack target hash using heuristic brute forcing."
+	start_time = Time.now.to_f
+	b = GentleBrute::BruteForcer.new(start_length)
+
+	puts
+	puts "  Phrase | MD5 Hash (Phrase)                | MD5 Hash (Target)"
+	puts "  " + ("-" * 75)
+	while true
+	    phrase = b.next_valid_phrase
+	    attempt_hash = Digest::MD5.hexdigest(phrase)
+	    output_phrase = phrase
+	    while output_phrase.length < 8
+		output_phrase = " " + output_phrase
+	    end
+	    print "\r#{output_phrase} | #{attempt_hash} | #{target_hash}"
+	    break if attempt_hash == target_hash
+	end
+	time_difference = Time.now.to_f - start_time
+	puts
+	puts
+	puts "[+] Crack Succeeded in #{pretty_time_string time_difference}"
+	puts "-" * 75
+	puts
+
+	puts "-" * 75
+	puts "[+] Attempting to crack target hash using standard brute forcing"
+	start_time = Time.now.to_f
+	odometer = GentleBrute::Odometer.new(start_length, heuristic=false)
+	puts
+	puts "  Phrase | MD5 Hash (Phrase)                | MD5 Hash (Target)"
+	puts "  " + ("-" * 75)
+	while true
+	    odometer.increment
+	    phrase = odometer.string_for_odometer
+	    attempt_hash = Digest::MD5.hexdigest(phrase)
+	    output_phrase = phrase
+	    while output_phrase.length < 8
+		output_phrase = " " + output_phrase
+	    end
+	    print "\r#{output_phrase} | #{attempt_hash} | #{target_hash}"
+	    break if attempt_hash == target_hash
+	end
+	time_difference1 = Time.now.to_f - start_time
+	puts
+	puts
+	puts "[+] Crack Succeeded in #{pretty_time_string time_difference1}"
+	puts "-" * 75
+	puts
+
+	puts "-" * 75
+	puts "[+] GentleBrute was #{pretty_time_string(time_difference1-time_difference)} faster"
+	percent = 100 - ((time_difference*100)/time_difference1)
+	puts "[+] That's a speed improvement of %d%% compared to standard brute forcing!" % percent
+	puts "-" * 75
+    end
+
+    opts.on "validate=", "Test whether a given word or phrase is considered valid" do | word |
+	cpa_threshold = 24
+	word_analyzer = GentleBrute::WordAnalyzer.new cpa_threshold
+	if word_analyzer.is_valid_word? word.dup
+	    puts "[+] \"#{word}\" is a valid English-like word or phrase."
+	else
+	    puts "[+] \"#{word}\" is NOT a valid English-like word or phrase."
+	end
+    end
+
+    opts.on "crack-md5=", "Crack a single MD5 password hash" do | target_hash |
+	start_length = 1
+	puts "-" * 75
+	puts "[+] Attempting to crack target hash using heuristic brute forcing."
+	start_time = Time.now.to_f
+	b = GentleBrute::BruteForcer.new(start_length)
+
+	puts
+	puts "  Phrase | MD5 Hash (Phrase)                | MD5 Hash (Target)"
+	puts "  " + ("-" * 75)
+	while true
+	    phrase = b.next_valid_phrase
+	    attempt_hash = Digest::MD5.hexdigest(phrase)
+	    output_phrase = phrase
+	    while output_phrase.length < 8
+		output_phrase = " " + output_phrase
+	    end
+	    print "\r#{output_phrase} | #{attempt_hash} | #{target_hash}"
+	    break if attempt_hash == target_hash
+	end
+	time_difference = Time.now.to_f - start_time
+	puts
+	puts
+	puts "[+] Crack Succeeded in #{pretty_time_string time_difference}"
+	puts "-" * 75
+	puts
+    end
+
+    opts.on "crack-md5-list=", "Crack a series of MD5 password hashes in a given file." do | file_path |
+	crack_md5_list file_path
+    end
+
+    opts.on "rainbow-table", "Build MD5 hash rainbow table." do
+        start_length = 1
+	puts "-" * 75
+	puts "[+] Creating rainbow table using heuristic brute force phrase creation."
+	puts "[+] Saving results to 'rainbow_table.txt'"
+	puts "[+] Press Ctrl-C to stop at any time."
+	start_time = Time.now.to_f
+	b = GentleBrute::BruteForcer.new(start_length)
+
+        table_file = File.open("rainbow_table.txt", "w")
+
+	puts
+	puts "  Phrase | MD5 Hash (Phrase)                | Time Elapsed"
+	puts "  " + ("-" * 75)
+	begin
+            while true
+                phrase = b.next_valid_phrase
+                attempt_hash = Digest::MD5.hexdigest(phrase)
+                output_phrase = phrase
+                while output_phrase.length < 8
+                    output_phrase = " " + output_phrase
+                end
+                time_elapsed = Time.now.to_f - start_time
+                print "\r#{output_phrase} | #{attempt_hash} | #{pretty_time_string time_elapsed}"
+                table_file.write("#{phrase}\t#{attempt_hash}\n")
+            end
+	rescue Interrupt
+            puts
+            puts
+            puts "[+] Table generating stopped."
+        end
+
+	table_file.close()
+    end
+
+    opts.on_empty do
+      puts opts.help
+    end
+end

data/gentle_brute.gemspec

@@ -0,0 +1,12 @@
+Gem::Specification.new do |s|
+  s.name = 'gentle_brute'
+  s.version = '0.0.1'
+  s.summary = 'The better brute force algorithm'
+  s.description = 'A heuristic brute forcing algorithm for Ruby that generates brute force passphrases that adhere to the rules of English-like words and phrases.'
+  s.authors = ["Brandon Smith"]
+  s.email = 'brandon.smith@studiobebop.net'
+  s.files = `git ls-files`.split("\n")
+  s.homepage = 'http://github.com/jamespenguin/gentle-brute'
+  s.executables << 'GentleBrute'
+  s.requirements << 'slop >= 2.3.1'
+end

data/lib/gentle_brute/cpa_analyzer.rb

@@ -0,0 +1,70 @@
+module GentleBrute
+  class CPAAnalyzer
+    NEIGHBORS_PATH = File.expand_path('../resources/neighbors.json', __FILE__)
+
+    def initialize
+      build_cpa_tables if not File.exists? NEIGHBORS_PATH
+      lattices = JSON.parse File.read(NEIGHBORS_PATH)
+      @starters = lattices["starters"]
+      @neighbors = lattices["neighbors"]
+      @enders = lattices["enders"]
+    end
+
+    # Analyze a dictionary word list ('lib/gentle_brute/resources/dictionary') for repetition patterns
+    # @param [String] dictionary_path path to dictionary word list file
+    def build_cpa_tables(dictionary_path=File.expand_path("../resources/dictionary", __FILE__))
+      # Create empty pattern occurce lattices
+      lattice = Hash.new { |h, k| h[k] = {} }
+      starter_lattice = Hash.new { |h, k| h[k] = {} }
+      ender_lattice = Hash.new { |h, k| h[k] = {} }
+      chars = ('a'..'z').to_a
+      chars.each do | char |
+        chars.each do | char2 |
+          lattice[char][char2] = [0, 0]
+          starter_lattice[char][char2] = [0, 0]
+          ender_lattice[char][char2] = [0, 0]
+        end
+      end
+
+      # Analyze each wrod in dictionary list
+      words = File.read(dictionary_path)
+      words.each_line do | word |
+        word.chomp!
+        word.downcase!
+        for i in 0..word.length
+          char = word[i] # current char
+          char_r = word[i+1] # char one index to the right of the current char
+          char_rr = word[i+2] # char two indicies to the right of the current char
+          begin
+            starter_lattice[char][char_r][0] += 1 if char_r and i == 0
+            starter_lattice[char][char_rr][1] += 1 if char_rr and i == 0
+            ender_lattice[char][char_r][0] += 1 if char_r and i == word.length-3
+            ender_lattice[char][char_rr][1] += 1 if char_rr and i == word.length-3
+            lattice[char][char_r][0] += 1 if char_r
+            lattice[char][char_rr][1] += 1 if char_rr
+          rescue
+            break
+          end
+        end
+      end
+
+      # Write neighbors file
+      output_lattice = {"starters" => starter_lattice,
+                        "neighbors" => lattice,
+                        "enders" => ender_lattice}
+      File.open(NEIGHBORS_PATH, "w") {|f| f.write output_lattice.to_json }
+    end
+
+    def get_starter_neighbor_score(char, char2)
+      @starters[char][char2]
+    end
+  
+    def get_neighbor_score(char, char2)
+      @neighbors[char][char2]
+    end
+  
+    def get_ender_neighbor_score(char, char2)
+      @enders[char][char2]
+    end
+  end
+end

data/lib/gentle_brute/odometer.rb

@@ -0,0 +1,167 @@
+module GentleBrute
+  class Odometer
+    def initialize(start_length=1, heuristic=true)
+      @letters = ('a'..'z').to_a
+      @chars = @letters + [" ", "'"]
+      @odometer = Array.new(start_length, 0)
+      @heuristic = heuristic
+      @cpa_analyzer = CPAAnalyzer.new
+    end
+
+    def has_triple_char_pattern?
+      return false if not @heuristic
+      indexes = []
+      odometer_length = @odometer.length
+      (odometer_length-1).downto 0 do | i |
+        index = @odometer[i]
+        if indexes.length > 0
+          char1 = @chars[index] # figure out what char the current index is
+          char2 = @chars[@odometer[indexes[0]]] # get the char of our first element in the indexes list
+          indexes = [] if char1 != char2
+        end
+        indexes << i
+        break if indexes.length == 3
+      end
+      return false if indexes.length < 3
+      true
+    end
+
+    #def break_up_triplet_patterns
+    #  return if not @heuristic
+    #
+    #  word = string_for_odometer
+    #  pattern_data = PatternFinder.patterns_in_strintg word
+    #  return if pattern_data == nil
+    #  return if pattern_data[3] < 3
+    #
+    #  index = pattern_data[4][1]
+    #  index.downto 0 do | i |
+    #    element = @odometer[i]
+    #    element += 1
+    #    if element != @chars.length
+    #      @odometer[i] = element
+    #      break
+    #    end
+    #    @odometer[i] = 0
+    #    @odometer << 0 if i == 0
+    #  end
+    #
+    #  break_up_triplet_patterns      
+    #end
+
+    def rotate_out_bad_start_pairs
+      return if not @heuristic
+      return if @odometer.length < 3
+
+      char1 = @chars[@odometer[0]]
+      char2 = @chars[@odometer[1]]
+      char3 = @chars[@odometer[2]]
+      return if not @letters.include? char1
+      return if not @letters.include? char2
+      return if not @letters.include? char3
+    
+      if @cpa_analyzer.get_starter_neighbor_score(char1, char3)[1] == 0
+        2.downto 0 do | i |
+          element = @odometer[i]
+          element += 1
+          if element != @chars.length
+            @odometer[i] = element
+            break
+          end
+          @odometer[i] = 0
+          @odometer << 0 if i == 0
+        end
+        rotate_out_bad_start_pairs
+      end
+    
+      if @cpa_analyzer.get_starter_neighbor_score(char1, char2)[0] == 0
+        1.downto 0 do | i |
+          element = @odometer[i]
+          element += 1
+          if element != @chars.length
+            @odometer[i] = element
+            break
+          end
+          @odometer[i] = 0
+          @odometer << 0 if i == 0
+        end
+        rotate_out_bad_start_pairs
+      end
+    end
+
+    def rotate_out_bad_end_pairs
+      return if not @heuristic
+    
+      return if @odometer.length < 3
+    
+      char1 = @chars[@odometer[-1]]
+      char2 = @chars[@odometer[-2]]
+      char3 = @chars[@odometer[-3]]
+      return if not @letters.include? char1
+      return if not @letters.include? char2
+      return if not @letters.include? char3
+    
+      last = @odometer.length-1
+    
+      if @cpa_analyzer.get_ender_neighbor_score(char1, char3)[1] == 0
+        last.downto 0 do | i |
+          element = @odometer[i]
+          element += 1
+          if element != @chars.length
+            @odometer[i] = element
+            break
+          end
+          @odometer[i] = 0
+          @odometer << 0 if i == 0
+        end
+        rotate_out_bad_end_pairs
+      end
+    
+      if @cpa_analyzer.get_ender_neighbor_score(char1, char2)[0] == 0
+        last.downto 0 do | i |
+          element = @odometer[i]
+          element += 1
+          if element != @chars.length
+            @odometer[i] = element
+            break
+          end
+          @odometer[i] = 0
+          @odometer << 0 if i == 0
+        end
+        rotate_out_bad_end_pairs
+      end
+    end
+
+    # Increment the odometer
+    # @param [Number] total_steps the number of steps to increment the odometer by (default is 1)
+    def increment(total_steps=1)
+      steps_taken = 0
+      while steps_taken < total_steps
+        odometer_length = @odometer.length
+        (odometer_length-1).downto 0 do | i |
+          element = @odometer[i]
+          element += 1
+          if element != @chars.length
+            @odometer[i] = element
+            break
+          end
+          @odometer[i] = 0
+          @odometer << 0 if i == 0
+        end
+        rotate_out_bad_end_pairs
+        rotate_out_bad_start_pairs
+        next if has_triple_char_pattern?
+        steps_taken += 1
+      end
+    end
+
+    # @return [String] string representation of the odometer, with character indexes mapped to their respective characters
+    def string_for_odometer
+      return @odometer.map {|i| @chars[i]}.join ""
+    end
+
+    def to_s
+      string_for_odometer
+    end
+  end
+end

data/lib/gentle_brute/pattern_finder.rb

@@ -0,0 +1,64 @@
+module GentleBrute
+  module PatternFinder
+    module_function
+
+    # Analyzes a given string for different patterns
+    # @param [String] string the string to analyze
+    # @return [Array] a whole bunch of patterns :s
+    def patterns_in_strintg string
+      pattern_string = ""
+      pattern_length = 0
+      pattern_count  = 0
+      pattern_bounds = []
+      patterns = {}
+  
+      for i in 0...string.length
+        (string.length-1).downto i do | ii |
+          slice = string[i..ii]
+          slice_length = slice.length
+          slice2 = string[i+slice_length..ii+slice_length]
+          if slice == slice2
+            if not patterns.has_key? slice
+              patterns[slice] = {}
+              patterns[slice]["count"] = 1
+              patterns[slice]["start"] = i
+            else
+              patterns[slice]["count"] += 1
+            end
+          end
+        end
+      end
+  
+      return nil if patterns == {}
+  
+      highest_count = 0
+      patterns.keys.reverse.each do | key |
+        if patterns[key]["count"] > highest_count
+          pattern_string = key
+          highest_count = patterns[key]["count"]
+        end
+      end
+  
+      start = patterns[pattern_string]["start"]
+      index = start
+      length = pattern_string.length
+      pattern_length = length
+      pattern_count += 1
+  
+      while true
+        slice = string[index...index+length]
+        slice2 = string[index+length...index+(length*2)]
+        break if slice != slice2
+  
+        pattern_bounds = [start, index+(length*2)-1]
+        pattern_length += length
+        pattern_count += 1
+  
+        index += length
+      end
+      full_pattern = pattern_string * pattern_count
+  
+      [pattern_string, full_pattern, pattern_length, pattern_count, pattern_bounds]
+    end
+  end
+end