Home » Tutorials » How to Create a Brute-Force Password Cracker in Python

How to Create a Brute-Force Password Cracker in Python

By /

There are many ways to crack a password, among them there is “the brute force attack” method. This method consists of trying all kinds of possible combinations until the password is cracked.

In today’s tutorial, we are going to create a brute-force password cracker in Python to crack an inputted password. But don’t worry, we won’t stop there. We’ll also learn how to Protect Ourselves From this method.

Let’s get started!

Table of Contents

Disclaimer

Before we proceed with this code, I must warn you not to use this code illegally or without consent since it is for educational purposes only.

Necessary Libraries

For the code to function properly, make sure to install the tkinter library using the terminal or your command prompt:

$ pip install tk

Imports

First, we import the necessary modules and libraries:

  • We start by importing the itertools module, which contains tools that will be used to create passwords by generating combinations of characters. 
  • Next, the string module, which provides the characters that will form our password by using ASCII.
  • Then we import the tkinter library, which will create a graphical user interface (GUI). 
  • From tkinter we import the messagebox module, which will allow using message boxes.
import itertools
import string
import tkinter as tk
from tkinter import messagebox

Define generate_passwords Function

Now, we create this function that is responsible for generating passwords, as the name suggests. How does that work? Well, thanks to the string. ascii which provides lowercase and uppercase characters as well as digits from ascii table.

The itertools.product() function will generate a password of a specific length from those characters and digits.

def generate_passwords(length):
   characters = string.ascii_lowercase + string.ascii_uppercase + string.digits
   for password in itertools.product(characters, repeat=length):
       yield ''.join(password)

Defining brute_force Function

Then, we define a function that will try to crack the password through brute force, basically, it tries different passwords with all possible combinations and different lengths (with a specific length of 8, as we have chosen) that were generated by the generate_passwords Function, until it finds the correct password.

def brute_force(target_password, max_length=8):
   for length in range(1, max_length + 1):
       for password in generate_passwords(length):
           if password == target_password:
               return password
           #update_attempted_password(password)  # Show the process of hacking the password
   return None

Defining crack_password Function

def crack_password():
   target_password = entry_target_password.get()
   cracked_password = brute_force(target_password)
   if cracked_password:
       label_cracked_password.config(text=f"Password cracked: {cracked_password}")
       messagebox.showinfo("Password Cracked", f"The password is: {cracked_password}")
   else:
       messagebox.showinfo("Failed", "Failed to crack the password.")

This one retrieves the inputted password by the user and attempts to crack it using the brute_force Function, if successful will display the password. If not, a message saying “Failed to crack the password” will appear.

Defining update_attempted_password Function

The final function will allow us to see the process for cracking the password, although it is deactivated in this code because if we activate it, the time to crack the password will be longer.

Still, if any of you want to see the process all you have to do is remove the # from the update_attempted_password function and the two labels following it, and also the # in the update_attempted_password line in the brute_force Function part.

#def update_attempted_password(password):
#   label_attempted_password.config(text=f"Trying password: {password}")
 #  label_attempted_password.update()  # Force update the GUI

GUI Setup

After defining all functions, now we create the main window where the process will appear, give it a title, and size, as well as not make it resizable.

# GUI setup
root = tk.Tk()
root.title("Password Cracker - The Pycodes")
root.geometry('400x300')
root.resizable(False,False)

Create GUI Elements

label_target_password = tk.Label(root, text="Enter the target password:")
label_target_password.pack()


entry_target_password = tk.Entry(root, width=30)
entry_target_password.pack()


button_crack = tk.Button(root, text="Crack Password", command=crack_password)
button_crack.pack()


label_attempted_password = tk.Label(root, text="")
label_attempted_password.pack()


label_cracked_password = tk.Label(root, text="")
label_cracked_password.pack()

Here, we created an entry field where the user can input the password as well as the button that will trigger the crack_password Function, together with labels that will display the process and the result.

Run the Main Window

root.mainloop()

This part of the code will make sure that the main window keeps running and is responsive to the user until he exits willingly.

How to Protect Ourselves

Although in theory, the brute force attack method can crack any password, we can protect ourselves from this by : 

  • Making our password long and unique since the longer the password is the more time it needs to crack (Learn how to create strong and secure passwords with our Python password generator tutorial).
  • We can limit login attempts to our account, since brute force consists of trying multiple password combinations, by doing this our account will be locked after multiple failed attempts.
  • We can monitor our account regularly for any suspicious activity.

Example

Check out our Ethical Hacking tutorials here.

Full Code

View on Github
import itertools
import string
import tkinter as tk
from tkinter import messagebox


def generate_passwords(length):
   characters = string.ascii_lowercase + string.ascii_uppercase + string.digits
   for password in itertools.product(characters, repeat=length):
       yield ''.join(password)


def brute_force(target_password, max_length=8):
   for length in range(1, max_length + 1):
       for password in generate_passwords(length):
           if password == target_password:
               return password
           #update_attempted_password(password)  # Show the process of hacking the password
   return None


def crack_password():
   target_password = entry_target_password.get()
   cracked_password = brute_force(target_password)
   if cracked_password:
       label_cracked_password.config(text=f"Password cracked: {cracked_password}")
       messagebox.showinfo("Password Cracked", f"The password is: {cracked_password}")
   else:
       messagebox.showinfo("Failed", "Failed to crack the password.")


#def update_attempted_password(password):
#   label_attempted_password.config(text=f"Trying password: {password}")
 #  label_attempted_password.update()  # Force update the GUI


# GUI setup
root = tk.Tk()
root.title("Password Cracker - The Pycodes")
root.geometry('400x300')
root.resizable(False,False)


label_target_password = tk.Label(root, text="Enter the target password:")
label_target_password.pack()


entry_target_password = tk.Entry(root, width=30)
entry_target_password.pack()


button_crack = tk.Button(root, text="Crack Password", command=crack_password)
button_crack.pack()


label_attempted_password = tk.Label(root, text="")
label_attempted_password.pack()


label_cracked_password = tk.Label(root, text="")
label_cracked_password.pack()

root.mainloop()

Happy Coding!

Subscribe for Top Free Python Tutorials!

Receive the best directly.  Elevate Your Coding Journey!

Read Also:

How to Brute Force Zip File Passwords in Python How to Detect and Remove Malware in Python How to Make a Snake Game in Python How to Make a Tic-Tac-Toe Game in Python

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
×