PTJ

Minimalistic database for the analyzing and storing of passwords. This project came to be out of the need to quickly analyze a large number of passwords in a short timeframe. As I, like most of you I’m sure, got tired of a simple ruby/python/perl/bash/<insert language> script against a text file, the idea of storing everything in a database came to be. I know, it’s nothing revolutionary.

I’m using DataMapper in order to provide a database-agnostic front-end for users to easily (well, somewhat easily) query and extract analytics against the entire database, or a subset of passwords within the database.

‘Tags’ are used as a way to categorize subsets of passwords. Think of them like you would tags on a blog post. You might categorize a subset as ‘public’, or ‘internal’, or perhaps ‘company_name’. The number of tags which can be assigned to groups of passwords is unlimited, and provides an easy way to ensure the wrong passwords are not analyzed. This comes in handy when you want to, say, do an analysis on every password you cracked on an internal network every month, quarter, or year.

The following stats of a given password are currently being stored in the Password table:

id - Sequential number used as the database key.
password - Plaintext password
pw_hash - Hash of the password, if known. 
created_at - Time of when the password was added to the database.
upper - Boolean value telling you if an upper-case character is present.
lower - Boolean value telling you if a lower-case character is present.
number - Boolean value telling you if a number is present.
special - Boolean value telling you if a special character is present.
size - Length of the password.
sequence - Sequence of characters found in the password. 
  u - upper-case
  l - lower-case
  n - number
  s - special
  Example: Password123! => ulllllllnnns

Any number of combinations of these values, along with the tags can be used to look at subsets of data.

Using PTJ

Setup

Grab the repo, or grab the gem. The only difference should be the path where everything is stored. You can find the path of the gem like so,

gem which ptj
/some/path/gems/ptj-0.1.0/lib/ptj.rb

Navigate to the ‘etc’ directory

cd /some/path/gems/ptj-0.1.0/etc/

Modify the configuration file to point to the correct database.

When this is complete, you can setup a new project as such:

rake db:init

In order to test that this was successful, attempt to get the count of all items in the database.

rake db:count
  Passwords:   0
  Tags:        0
  Time Taken: 0.03307 seconds.

Importing Data

There is a provided script which will allow you to import data into the PTJ database.

Running it, you can see the following options:

ruby scripts/import.rb -h

Usage: import.rb [opts] -f file|-p password
  -t, --tag TAGS                   Tags to be used to identify imported passwords (separated by a comma)
      --[no-]strict                Enable/Disable Strict Mode
  -f, --file FILENAME              File to import.
  -r, --parser NUMBER              File parser to use:
                                   1 - Password Only
                                   2 - Hash:Password
                                   3 - Count, Password
                                   4 - Something ::: Password ::: Something
  -p, --password PASSWORD          Password to import.
  -a, --hash HASH                  Hash to import (Use in conjunction with -p).
  -h, --help                       Show this message.

If you feel like doing it the hard way, feel free to view the source of this script. Honestly, it’s not terribly difficult. However, the script will allow you to see the status of the import via a progress bar.

Analying Data

Again, there is a handy, included, script which can be used to quickly generate an ‘analysis’ of a subset of passwords. It can be found in the ‘scripts’ directory as well.

ruby scripts/analyze.rb -h

Usage: analyze.rb [opts]
  -t, --tags TAGS                  Tags to be used to when querying passwords (separated by a comma)
      --max-size SIZE              Maximum size of the resulting passords
      --min-size SIZE              Minimum size of the resulting passwords
      --[no-]upper                 Query based on upper-case letters
      --[no-]lower                 Query based on lower-case letters
      --[no-]special               Query based on special charaters
      --[no-]number                Query based on numbers
  -h, --help                       Show this message

Generating Wordlists

Guess what? There’s another script that we can use to generate a customized wordlist, sorted by number of occurrances. This really comes in handy once the PTJ database becomes full of rich data, and we’re looking for the top ‘X’ passwords which meets a certain criteria. For example, let’s say that we’re on an internal penetration test, and we need the top 20 passwords which include a special character. We can simply run:

ruby scripts/generate_wordlist.rb -t internal --special

Other Queries

Other queries can easily be made into a script, or simply from within irb. In order to do this, you really should take a look at DataMapper’s documentation: datamapper.org/docs/

A few examples:

Querying all samples with the tag of ‘internal’:

PTJ::Tag.get('internal').passwords

Querying all samples with upper-case and lower-case characters with a tag of ‘internal’:

PTJ::Tag.get('internal').passwords.all(:upper => true, :lower => true)

Get a list of the top sequences used by passwords:

PTJ::Password.aggregate(:sequence, :sequence.count).sort{|x,y| y[1] <=> x[1]}.each{|x| p x}

Contributing to ptj

  • Check out the latest master to make sure the feature hasn’t been implemented or the bug hasn’t been fixed yet

  • Check out the issue tracker to make sure someone already hasn’t requested it and/or contributed it

  • Fork the project

  • Start a feature/bugfix branch

  • Commit and push until you are happy with your contribution

  • Make sure to add tests for it. This is important so I don’t break it in a future version unintentionally.

  • Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.

Copyright © 2011 Josh Grunzweig. See LICENSE.txt for further details.