One rule to crack all passwords. or atleast we hope so.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
LICENSE Initial commit Jun 1, 2017
OneRuleToRuleThemAll.rule Update OneRuleToRuleThemAll.rule Jun 3, 2017 updated credits Jun 16, 2017


This is a supporting repo for various blog post's on

“Our super rule came out on top in all our tests, as well as others we looked at after. We’re sorry to disappoint any Lord of the Rings fans (“One ring to rule them all!”), but despite our rule name, there likely won’t ever be one rule to rule them all as other rule based attacks wouldn’t exist if there was. Password attacks should always be executed factoring in all variables, in particular the available time, hardware resources, dictionary size and algorithm.”

Credit where credit is due

The rule file is a combination of rules from various sources

  1. (d3adhob0.rule, hob064.rule)
  2. (KoreLogicRulesPrependRockYou50000)
  3. (_NSAKEY.v2.dive.rule)
  4. oclHashcat v1.20 (by (generated2.rule)

If we have missed adding someone in credit, feel free to send a note or open a github issue and we will sort it out.


Rules taken from other ruleset will follow respective license. Additional custom rules are added besides those mentioned above, these additional rules are MIT Licensed.