Pwdlyser GUI v1.0 Released

Password Analysis and Reporting

Pwdlyser GUI v1.0 Released

2017-11-10 Uncategorized 0

Pwdlyser GUI

I am happy to now be able to release a ‘feature complete’ version of Pwdlyser GUI. Please visit this link to go to the download page. This version provides the majority of analysis options that the Python Command-Line version of Pwdlyser offers, with the exception of the password ‘wordlist’ creator and estimated entropy analysis.

Pwdlyser GUI - Menu Screen

Within the coming months I expect to add further features that will greatly enhance the tool’s functionality and usefulness, which will include the following:

  • Password Hash Extraction (Active Directory Domains)
  • Password Hash Decryption (as part of the extraction process)
  • Hashcat integration support (for self-contained password cracking via a GUI)

Input Options

Input options for Pwdlyser allows either of the following plaintext-based file inputs, with one instance per line:

  • username:password
  • username:hash:password

Analysis Features

The current feature set offers a wide variety of analysis options that have been industry-tested for both security consultants, pentesters, and of course for client usage for responding to staff security awareness and technical control implementations. These features include:

  • Character freqency analysis
  • Password length analysis
  • Password frequency analysis
  • Common password usage
  • Password re-use within or between user accounts
  • Keyboard pattern anaylsis
  • Passwords using a variation of date/time/etc
  • User accounts that utilise a variation of the Organisation Name
  • Hashcat mask frequency analysis
  • Passwords that contain a variation of the Username
  • Administrative/Service accounts that were able to be cracked
  • User account password history and trend analysis

Output Display

This information is displayed to the user within a multitude of ways that range from a table view of each analysis focal point to an automated Executive Summary output, and finally a Technical Summary output that breaks down each analysis point with full details of each user/password that is non-compliant with the analysis.

Miscellaneous

Further options include the ability to limit analysis features through the ‘Settings’ menu, for assessments that may require only one or more test-points.