Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords.
- RAR Files
- Legacy ZIP Files
- PDF Files
- Linux Shadow Files (zydra can find all the user’s password in the linux shadow file one after the other)
To run the app, minimal requirements are:
- Python 3.3 or higher
- debian-based linux distro, preferably Kali linux 2
- qpdf and unrar packages
Installing these packages on kali is as easy as running the following commands on terminal:$ sudo apt-get update
$ sudo apt-get install qpdf unrar
- some python modules in this program need to be installed manually, like:
zipfile, rarfile, crypt, pyfiglet, py-term(for term module) and so on.
you can use pip3 for install them
example:
$ pip3 install py-term
notice: rar,zip and pdf files must have an extension, shadow files does not need an extension. - Install figlet font "epic" if it does not exists on your system:
sudo wget http://www.figlet.org/fonts/epic.flf -O /usr/share/figlet/epic.flf
This tool is only for testing and academic purposes Do not use it for illegal purposes!
- Cracking files password using two methods: 1. dictionary method 2. brute force method
- In the brute force method, you can specify the min length and max length of the passwords.
- In the brute force method, you can specify the type of characters that may be used in the password.
- There is a percent progress bar showing how much of the process has been performed.
- Error handling.
- One of the most important features of Zydra is the multiprocessing feature that speeds up the program. For example if you have 8 CPU cores, Zydra will use all of them for processing at the same time.
Download Zydra by cloning the Git repository:
$ git clone https://github.com/hamedA2/Zydra.git
You can also use vagrant to automatically install and run Zydra (more information at the bottom of the page).
To get a list of all options and learn how to use this app, enter the following command:
$ python3 Zydra.py -h
1- Dictionary search to find the password for a zip file
In this example I use rockyou.txt dictionary
$ python3 Zydra.py –f file.zip –d rockyou.txt
2- Brute force search to find the password for the users in the shadow file
Minimum length of password is 4 and maximum length is 4 and we try to find passwords that are composed of numbers and symbols letters.
$ python3 Zydra.py –f shadow –b digits,symbols –m 4 –x 4
To run Zydra using vagrant use the following command (you have to be in the same folder as the repository):
vagrant up
and once it finishes inialisation, you can run:
vagrant ssh
to connect to the virtual machine.
To exit the virtual machine just type exit
in the shell.
To destroy the virtual machine run vagrant destroy
.
More information regarding vagrant usage can be found here
Note:
By default the Vagrantfile
uses the following settings:
vb.cpus = 4
vb.memory = 4096
Edit the Vagrantfile
and change those values to improve the performance.
- Hamed Hosseini
A special thank to, Hamed Izadi
This project is licensed under the MIT License - see the LICENSE.md file for details