Wordlist generator based on password cards
Password (aka. grid) card is a physical card that allows you to memorize your passwords easier.
The card contains a block of random alphanumeric characters. You just need to choose and memorize a row, a column and a direction to pick a password from the card.
Passwords cards heavily rely on physical security. The card should be kept in your wallet or pocket, far away from watchful eyes around you.
In case the card is lost or recorded with a camera (e.g. CCTV), your password is compromised therefore it should be changed immediately.
Munchkin can generate wordlists from compromised password cards.
This utility generates potential passwords and dumps them onto the screen or into a text file. The list of passwords can be used for brute-force attacks.
Passwords from a password card can be chosen by the user based on different strategies. He or she might read passwords from left to right, top to down or diagonally.
Munchkin can generate passwords based on the most common card reading strategies. The followings are samples only.
Refer to the documentation for a comprehensive list of password generating strategies.
- Cards from http://passwordcard.org
- Any user-supplied custom card
The latest package is available on PyPI
$ pip install munchkin
This utility only runs on Python 2.6.x and 2.7.x
The following section explains the basic usage of Munchkin. You can also use
the -h
switch for getting more information on the individual features.
There are two operation modes available. The first one generates cards similar to the ones from http://passwordcard.org, and the second allows to bring your own password cards.
Use the pcard
selector to generate passwords from passwordcard.org cards
$ munchkin pcard -h
This selector recognises the following options:
-s str, --seed str card number (e.g. 7eb3fbfa560d1d1e) --symbols include symbols --digits incude digits
The custom
selector allows to supply password cards by pasting them as a
block of text
$ munchkin custom -h
This selector does not require any special options.
The following switches are recognized for both card types
Choose the minimum and maximum length of passwords to generate:
--minlen num minimum password length (default: 6) --maxlen num maximum password length (default: 12)
Select one or more strategies to generate passwords (refer to Supported Strategies section for further explanation)
-l, --left-to-right Left to right -r, --right-to-left Right to left -t, --top-down Top left corner to bottom right -b, --bottom-up Bottom right corner to top left
Dump passwords to a file instead of the terminal:
-f name, --file name Dump passwords to file
Generate 6-8 digit passwords from a password card generated with seed the initial seed of 7eb3fbfa560d1d1e
$ munchkin pcard -s 7eb3fbfa560d1d1e -l
Supply your own password card and generate passwords with multiple read strategies
$ munchkin custom -l -r -t -b
- Gabor Szathmari - @gszathmari
- Python port of passwordcard.org algorithm: olasd/passwordcard