There are many ways to crack a password, among them there is “the brute force attack” method. This method consists of trying all kinds of possible combinations until the password is cracked.
In today’s tutorial, we are going to create a brute-force password cracker in Python to crack an inputted password. But don’t worry, we won’t stop there. We’ll also learn how to Protect Ourselves From this method.
Let’s get started!
Related: How to Crack Passwords Through the Dictionary Method in Python
Discover how to crack passwords in our ebook. Get it here!
Table of Contents
- Disclaimer
- Necessary Libraries
- Imports
- Define generate_passwords Function
- Defining brute_force Function
- Defining crack_password Function
- Defining update_attempted_password Function
- GUI Setup
- Create GUI Elements
- Run the Main Window
- How to Protect Ourselves
- Example
- Full Code
Disclaimer
Please note: Before we proceed with this code, I must warn you not to use this code illegally or without consent since it is for educational purposes only.
Necessary Libraries
For the code to function properly, make sure to install the tkinter library using the terminal or your command prompt:
$ pip install tk
Imports
First, we import the necessary modules and libraries:
- We start by importing the
itertoolsmodule, which contains tools that will be used to create passwords by generating combinations of characters.
- Next, the
stringmodule, which provides the characters that will form our password by using ASCII.
- Then we import the
tkinterlibrary, which will create a graphical user interface (GUI).
- From
tkinterwe import themessageboxmodule, which will allow using message boxes.
import itertools
import string
import tkinter as tk
from tkinter import messagebox
Define generate_passwords Function
Now, we create this function that is responsible for generating passwords, as the name suggests. How does that work? Well, thanks to the string. ascii which provides lowercase and uppercase characters as well as digits from ascii table.
The itertools.product() function will generate a password of a specific length from those characters and digits.
def generate_passwords(length):
characters = string.ascii_lowercase + string.ascii_uppercase + string.digits
for password in itertools.product(characters, repeat=length):
yield ''.join(password)
Defining brute_force Function
Then, we define a function that will try to crack the password through brute force, basically, it tries different passwords with all possible combinations and different lengths (with a specific length of 8, as we have chosen) that were generated by the generate_passwords Function, until it finds the correct password.
def brute_force(target_password, max_length=8):
for length in range(1, max_length + 1):
for password in generate_passwords(length):
if password == target_password:
return password
#update_attempted_password(password) # Show the process of hacking the password
return None
Defining crack_password Function
def crack_password():
target_password = entry_target_password.get()
cracked_password = brute_force(target_password)
if cracked_password:
label_cracked_password.config(text=f"Password cracked: {cracked_password}")
messagebox.showinfo("Password Cracked", f"The password is: {cracked_password}")
else:
messagebox.showinfo("Failed", "Failed to crack the password.")
This one retrieves the inputted password by the user and attempts to crack it using the brute_force Function, if successful will display the password. If not, a message saying “Failed to crack the password” will appear.
Defining update_attempted_password Function
The final function will allow us to see the process for cracking the password, although it is deactivated in this code because if we activate it, the time to crack the password will be longer.
Still, if any of you want to see the process all you have to do is remove the # from the update_attempted_password function and the two labels following it, and also the # in the update_attempted_password line in the brute_force Function part.
#def update_attempted_password(password):
# label_attempted_password.config(text=f"Trying password: {password}")
# label_attempted_password.update() # Force update the GUI
GUI Setup
After defining all functions, now we create the main window where the process will appear, give it a title, and size, as well as not make it resizable.
# GUI setup
root = tk.Tk()
root.title("Password Cracker - The Pycodes")
root.geometry('400x300')
root.resizable(False,False)
Create GUI Elements
label_target_password = tk.Label(root, text="Enter the target password:")
label_target_password.pack()
entry_target_password = tk.Entry(root, width=30)
entry_target_password.pack()
button_crack = tk.Button(root, text="Crack Password", command=crack_password)
button_crack.pack()
label_attempted_password = tk.Label(root, text="")
label_attempted_password.pack()
label_cracked_password = tk.Label(root, text="")
label_cracked_password.pack()
Here, we created an entry field where the user can input the password as well as the button that will trigger the crack_password Function, together with labels that will display the process and the result.
Run the Main Window
root.mainloop()
This part of the code will make sure that the main window keeps running and is responsive to the user until he exits willingly.
How to Protect Ourselves
Although in theory, the brute force attack method can crack any password, we can protect ourselves from this by :
- Making our password long and unique since the longer the password is the more time it needs to crack (Learn how to create strong and secure passwords with our Python password generator tutorial).
- We can limit login attempts to our account, since brute force consists of trying multiple password combinations, by doing this our account will be locked after multiple failed attempts.
- We can monitor our account regularly for any suspicious activity.
Example
Check out our Ethical Hacking tutorials here.
Full Code
import itertools
import string
import tkinter as tk
from tkinter import messagebox
def generate_passwords(length):
characters = string.ascii_lowercase + string.ascii_uppercase + string.digits
for password in itertools.product(characters, repeat=length):
yield ''.join(password)
def brute_force(target_password, max_length=8):
for length in range(1, max_length + 1):
for password in generate_passwords(length):
if password == target_password:
return password
#update_attempted_password(password) # Show the process of hacking the password
return None
def crack_password():
target_password = entry_target_password.get()
cracked_password = brute_force(target_password)
if cracked_password:
label_cracked_password.config(text=f"Password cracked: {cracked_password}")
messagebox.showinfo("Password Cracked", f"The password is: {cracked_password}")
else:
messagebox.showinfo("Failed", "Failed to crack the password.")
#def update_attempted_password(password):
# label_attempted_password.config(text=f"Trying password: {password}")
# label_attempted_password.update() # Force update the GUI
# GUI setup
root = tk.Tk()
root.title("Password Cracker - The Pycodes")
root.geometry('400x300')
root.resizable(False,False)
label_target_password = tk.Label(root, text="Enter the target password:")
label_target_password.pack()
entry_target_password = tk.Entry(root, width=30)
entry_target_password.pack()
button_crack = tk.Button(root, text="Crack Password", command=crack_password)
button_crack.pack()
label_attempted_password = tk.Label(root, text="")
label_attempted_password.pack()
label_cracked_password = tk.Label(root, text="")
label_cracked_password.pack()
root.mainloop()
Happy Coding!
Useful information. Lucoy me I discovered you web site by chance, and I’m Surprised why this coincidence did not happehed earlier!
I bookmarked it.
Thank you for your kind words! I’m glad you found my website and that you find the information useful. It’s great to have you here, and I hope you continue to enjoy the content. Feel free to reach out if you have any questions or suggestions.
Pingback: Django Simple Captcha Example: Protecting Your Login Forms - CodersPDF | Python Related Contents