Pwdlyser GUI v1.0 Released
I am happy to now be able to release a ‘feature complete’ version of Pwdlyser GUI. Please visit this link to go to the download page. This version provides the majority of analysis options that the Python Command-Line version of Pwdlyser offers, with the exception of the password ‘wordlist’ creator and estimated entropy analysis.
Within the coming months I expect to add further features that will greatly enhance the tool’s functionality and usefulness, which will include the following:
- Password Hash Extraction (Active Directory Domains)
- Password Hash Decryption (as part of the extraction process)
- Hashcat integration support (for self-contained password cracking via a GUI)
Input options for Pwdlyser allows either of the following plaintext-based file inputs, with one instance per line:
The current feature set offers a wide variety of analysis options that have been industry-tested for both security consultants, pentesters, and of course for client usage for responding to staff security awareness and technical control implementations. These features include:
- Character freqency analysis
- Password length analysis
- Password frequency analysis
- Common password usage
- Password re-use within or between user accounts
- Keyboard pattern anaylsis
- Passwords using a variation of date/time/etc
- User accounts that utilise a variation of the Organisation Name
- Hashcat mask frequency analysis
- Passwords that contain a variation of the Username
- Administrative/Service accounts that were able to be cracked
- User account password history and trend analysis
This information is displayed to the user within a multitude of ways that range from a table view of each analysis focal point to an automated Executive Summary output, and finally a Technical Summary output that breaks down each analysis point with full details of each user/password that is non-compliant with the analysis.
Further options include the ability to limit analysis features through the ‘Settings’ menu, for assessments that may require only one or more test-points.