Added new attack-mode: Probabilistic Context-Free Grammar Attack (aka "PCFG") with Adaptive Hybrid-Fuzzing (aka "AHF") #4608
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… "PCFG") with Adaptive Hybrid-Fuzzing (aka "AHF")
- added new option: --pcfg-shuffle - removed unused functions: pcfg_trainer_finalize, cmp_struct and cmp_term - using fast_rand_local instead of get_random_num - beautify pcfg_trainer_export_to_file - updated docs
- add more checks on user_options_sanity - reduced PCFG_TOKEN_MAX from 16 to 10 - fix bug on Unicode/Emoji tokenizer - filter out too long struct (> PCFG_TOKEN_MAX) in pcfg_trainer_add_pw - added more progress tracking - show AF status on training progress bar - minor beautify things
Member
Author
|
pcfg models must be retrained after "updated PCFG (2)" commit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hashcat PCFG Attack Mode with Adaptive Hybrid-Fuzzing
The PCFG (Probabilistic Context-Free Grammar) integration for Hashcat allows for sophisticated attacks based on statistical models learned, for example, from real-world password data. Instead of generating combinations blindly, Hashcat will follow the grammatical structures used in the models.
The training module implement multiple normalization path on malformed training data in order to trying to make the best model possible.
It will also be possible to activate a specific mode, called Adaptive Hybrid-Fuzzing, where structures will be generated randomly using the terminals present in the model. If specific terminals, selected by this engine to create the new structure and already present in the model, do not present all possible combinations for a given length, random generation will also be activated for them. This mode is useful for exploring structural spaces not present in the original training set.
More info on docs/hashcat-pcfg-attack-mode.md
;)