Merge pull request #6 from LimesKey/main

New feature: Dictionary-based password attacks

.github/workflows/powershell.yml

@@ -0,0 +1,49 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# https://github.com/microsoft/action-psscriptanalyzer
+# For more information on PSScriptAnalyzer in general, see
+# https://github.com/PowerShell/PSScriptAnalyzer
+
+name: PSScriptAnalyzer
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '29 8 * * 0'
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: PSScriptAnalyzer
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Run PSScriptAnalyzer
+        uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
+        with:
+          # Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options.
+          # The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules.
+          path: .\
+          recurse: true
+          # Include your own basic security rules. Removing this option will run all the rules
+          includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"'
+          output: results.sarif
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: results.sarif

.github/workflows/rust.yml

@@ -12,7 +12,7 @@ env:
 jobs:
   build:
 
-    runs-on: ubuntu-latest
+    runs-on: windows-latest
 
     steps:
     - uses: actions/checkout@v3

.gitignore

@@ -1 +1,16 @@
-/target
+# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+# MSVC Windows builds of rustc generate these, which store debugging information
+*.pdb
+
+Rockyou.*

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
-name = "RealPass"
-version = "0.2.6"
+name = "PasswordGPT"
+version = "0.3.0"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -11,3 +11,4 @@ round = "0.1.2"
 rpassword = "7.2"
 tokio = { version = "1.28.2", features = ["full"] }
 pwned = { git = "https://github.com/wisespace-io/pwned-rs.git" }
+parselnk = "0.1.1"

PasswordGPT-Installer.ps1

@@ -0,0 +1,63 @@
+# Specify the downloads folder
+$downloads_folder = (New-Object -ComObject Shell.Application).NameSpace('shell:Downloads').Self.Path
+# Set the path for the DNAnalyzer directory in the downloads folder
+$dir_path = "$downloads_folder/PasswordGPT"
+# Creates a temporary windows progam file
+$TempFile = New-TemporaryFile
+
+$repo = "VerisimilitudeX/PasswordGPT"
+$file = "PasswordGPT-64x.exe"
+$releases = "https://api.github.com/repos/$repo/releases"
+$RockYou = "https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt"
+
+#$ErrorActionPreference = 'SilentlyContinue' 
+$ProgressPreference = 'SilentlyContinue'  # adds increased downloading speed
+
+try {
+    # Check if the directory already exists
+    if ([System.IO.Directory]::Exists($dir_path)) {
+        Write-Host "The directory already exists."
+    } else {
+        # Try to create the directory for DNAnalyzer in the downloads folder
+        New-Item -Path "$dir_path" -ItemType Directory
+    }
+} catch [System.Exception] {
+    # Catch any errors and print a message
+    Write-Host "Something went wrong..." -ForegroundColor Red
+    Write-Error $_.Exception.Message
+}
+$tag = (Invoke-WebRequest $releases | ConvertFrom-Json)[0].tag_name
+$download = "https://github.com/$repo/releases/download/$tag/$file"
+
+if (!(Test-Path -Path ("$dir_path/$file") -PathType Leaf)) {
+Write-Host "Downloading latest release for PasswordGPT to $dir_path/PasswordGPT-64x..."
+Invoke-WebRequest -Uri $download -OutFile "$dir_path/$file"
+}
+
+Write-Host "Downloading RockYou password database..."
+Invoke-WebRequest -Uri $RockYou -Out $TempFile
+
+$Rock_You_Path = $TempFile.FullName
+$ShortcutPath = "$dir_path\RockYou.lnk"
+Write-Host $Rock_You_Path
+
+$WsScriptObj = New-Object -ComObject ("WScript.Shell")
+$Shortcut = $WsScriptObj.CreateShortcut($ShortcutPath)
+$Shortcut.TargetPath = $Rock_You_Path
+$Shortcut.Save()
+
+if (Test-Path "$dir_path\$file") {
+    Write-Host "Installed sucessfully, running program now!" -ForegroundColor Green
+    Start-Process -FilePath "$dir_path/$file" -Wait
+
+
+    Write-Host "Cleaning up... Deleting temp files"
+    try {
+        Remove-Item $TempFile.FullName
+        Remove-Item $ShortcutPath
+    } catch [System.Exception] {
+        Write-Host "Something went wrong..." -ForegroundColor Red
+        Write-Error $_.Exception.Message
+    }
+}
+

README.md

@@ -1,37 +1,27 @@
-# RealPass
+# PasswordGPT (formerly RealPass)
 Is your password **_strong_** or just **_wrong_**? A free and open source program to test your password against realistic and real-world scenarios.
 
 RealPass is a free and open source password testing tool that uses realistic and real-world scenarios to evaluate the strength of your passwords.
 
 ## Features
 
 - Uses advanced algorithms and attack simulations to estimate how long it would take an attacker to guess your password.
-- Can run on a variety of platforms, including GPUs, to maximize its performance.
 - Includes a dictionary of common passwords to check against.
-- Allows you to specify custom dictionaries and attack methods.
+- Works offline with limited functionality
+- Checks lists of breached passwords
 
 ## Installation
 
-To install RealPass, follow these steps:
+To install PasswordGPT, follow these steps:
 
-1. Download the latest release from the [RealPass releases page](https://github.com/Verisimilitude11/realpass/releases).
+1. Download the latest release from the [PasswordGPT releases page](https://github.com/VerisimilitudeX/PasswordGPT/releases).
 2. Extract the downloaded archive.
-3. Run the `install.sh` script (or `install.bat` on Windows) to install RealPass.
 
 ## Usage
 
-To use RealPass, run the `realpass` command and specify the password you want to test. For example:
+To use PasswordGPT, run the Powershell installer script by right clicking it and pressing "Run with Powershell" Or for an offline-mode, run the "PasswordGPT-64x.exe" file.
 
-```pwsh
-$ ./RealPass-x64 mypassword
-```
-
-
-RealPass will then evaluate the password and display the estimated time it would take an attacker to guess it. It will also provide suggestions for improving the strength of your password.
-
-## Contributing
-
-If you want to contribute to the RealPass project, you can do so by [forking the repository](https://github.com/Verisimilitude11/realpass) and submitting pull requests for any changes you make. Please see the [contributing guidelines](https://github.com/your-username/realpass/blob/master/CONTRIBUTING.md) for more information.
+PasswordGPT will then evaluate the password and display the estimated time it would take an attacker to guess it. It will also provide suggestions for improving the strength of your password.
 
 ## License
 MIT

gpujsoninput.py → research/gpujsoninput.py

@@ -1,76 +1,76 @@
-import json
-
-ALGO = input("Enter Algorithm: ").upper()
-
-while True:
-    # Prompt the user for the GPU data
-    gpu_model = input("GPU Model: ").upper()
-
-    # Check if the user entered an empty string for the GPU model
-    # If they did, exit the loop
-    if gpu_model == "":
-        break
-
-    while True:
-        hashrate = str(input("Enter your hashrate: ")).upper()
-        unacceptable_formats = ['/', '\\', 'S']
-        for char in range(0, len(hashrate)):
-            if hashrate[char] in unacceptable_formats:
-                hashrate[char].replace(hashrate[char], '')
-
-            if hashrate[char].isalpha():  # if char in input is alpha
-                unit = hashrate[char].upper()  # put alaphabet into array
-
-        if unit is None:
-            print("Please enter a valid hashrate with the unit of the hashrate.")
-            continue
-        acceptable_formats = ['H', 'KH', 'MH', 'GH', 'TH']  # list of acceptable hashes
-        count = 0
-        for values in acceptable_formats:
-            if unit == values:
-                count++
-        print(count)
-        if count != 1:
-            # format_input is not in acceptable_formats
-            print("Incorrect Input")
-            continue
-            # try again
-
-        gflop = input("Enter GPFLOPs: ")
-        if gflop != "":
-            break
-
-    # Create a dictionary with the data and append it to the list
-    gpu_dict = {
-        f"{gpu_model}": {
-            "GFLOPS-64": gflop,
-            f"{ALGO} HASHRATE": (hashrate + unit + "/s")}
-    }
-
-
-def write_json(data, filename='data.json'):
-    # Read the file
-    with open(filename, 'r') as file:
-        file_data = json.load(file)
-
-    # Check if the array exists in the file
-    found = False
-    for i, subarr in enumerate(file_data):
-        if subarr[0] == data[0]:
-            found = True
-            break
-
-    if found:
-        # Array exists, so modify the dictionary contained in the second element of the subarray
-        file_data[i][1].update(data[1])
-    else:
-        # Array does not exist, so add it to the file
-        file_data.append(data)
-    # Write the modified data to the file
-    with open(filename, 'w') as file:
-        json.dump(file_data, file, indent=4)
-
-
-# Write the data to the JSON file
-write_json(gpu_dict)
-print("Data saved to data.json")
+import json
+
+ALGO = input("Enter Algorithm: ").upper()
+
+while True:
+    # Prompt the user for the GPU data
+    gpu_model = input("GPU Model: ").upper()
+
+    # Check if the user entered an empty string for the GPU model
+    # If they did, exit the loop
+    if gpu_model == "":
+        break
+
+    while True:
+        hashrate = str(input("Enter your hashrate: ")).upper()
+        unacceptable_formats = ['/', '\\', 'S']
+        for char in range(0, len(hashrate)):
+            if hashrate[char] in unacceptable_formats:
+                hashrate[char].replace(hashrate[char], '')
+
+            if hashrate[char].isalpha():  # if char in input is alpha
+                unit = hashrate[char].upper()  # put alaphabet into array
+
+        if unit is None:
+            print("Please enter a valid hashrate with the unit of the hashrate.")
+            continue
+        acceptable_formats = ['H', 'KH', 'MH', 'GH', 'TH']  # list of acceptable hashes
+        count = 0
+        for values in acceptable_formats:
+            if unit == values:
+                count++
+        print(count)
+        if count != 1:
+            # format_input is not in acceptable_formats
+            print("Incorrect Input")
+            continue
+            # try again
+
+        gflop = input("Enter GPFLOPs: ")
+        if gflop != "":
+            break
+
+    # Create a dictionary with the data and append it to the list
+    gpu_dict = {
+        f"{gpu_model}": {
+            "GFLOPS-64": gflop,
+            f"{ALGO} HASHRATE": (hashrate + unit + "/s")}
+    }
+
+
+def write_json(data, filename='data.json'):
+    # Read the file
+    with open(filename, 'r') as file:
+        file_data = json.load(file)
+
+    # Check if the array exists in the file
+    found = False
+    for i, subarr in enumerate(file_data):
+        if subarr[0] == data[0]:
+            found = True
+            break
+
+    if found:
+        # Array exists, so modify the dictionary contained in the second element of the subarray
+        file_data[i][1].update(data[1])
+    else:
+        # Array does not exist, so add it to the file
+        file_data.append(data)
+    # Write the modified data to the file
+    with open(filename, 'w') as file:
+        json.dump(file_data, file, indent=4)
+
+
+# Write the data to the JSON file
+write_json(gpu_dict)
+print("Data saved to data.json")