Skip to content
Wordlist generator based on password cards
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin
docs
munchkin
tests
.gitignore
.travis.yml
AUTHOR
CHANGELOG.md
CONTRIBUTE.md
LICENSE
MANIFEST.in
README.rst
requirements.txt
setup.cfg
setup.py

README.rst

munchkin

Wordlist generator based on password cards

Travis CI Codacy QuantifiedCode PyPI Requirements Status

Python Versions

What is a password card?

Password (aka. grid) card is a physical card that allows you to memorize your passwords easier.

Password Card

The card contains a block of random alphanumeric characters. You just need to choose and memorize a row, a column and a direction to pick a password from the card.

Security

Passwords cards heavily rely on physical security. The card should be kept in your wallet or pocket, far away from watchful eyes around you.

In case the card is lost or recorded with a camera (e.g. CCTV), your password is compromised therefore it should be changed immediately.

Features

Munchkin can generate wordlists from compromised password cards.

This utility generates potential passwords and dumps them onto the screen or into a text file. The list of passwords can be used for brute-force attacks.

Supported Strategies

Passwords from a password card can be chosen by the user based on different strategies. He or she might read passwords from left to right, top to down or diagonally.

Munchkin can generate passwords based on the most common card reading strategies. The followings are samples only.

Left to Right

Left to Right

Top Down

Top Down

Refer to the documentation for a comprehensive list of password generating strategies.

Supported Cards

Installing Munchkin

The latest package is available on PyPI

$ pip install munchkin

Requirements

This utility only runs on Python 2.6.x and 2.7.x

Usage Instructions

The following section explains the basic usage of Munchkin. You can also use the -h switch for getting more information on the individual features.

Operation Modes

There are two operation modes available. The first one generates cards similar to the ones from http://passwordcard.org, and the second allows to bring your own password cards.

passwordcard.org Cards

Use the pcard selector to generate passwords from passwordcard.org cards

$ munchkin pcard -h

This selector recognises the following options:

-s str, --seed str
 card number (e.g. 7eb3fbfa560d1d1e)
--symbols include symbols
--digits incude digits

Custom Cards

The custom selector allows to supply password cards by pasting them as a block of text

$ munchkin custom -h

This selector does not require any special options.

Settings

The following switches are recognized for both card types

Password Length

Choose the minimum and maximum length of passwords to generate:

--minlen num minimum password length (default: 6)
--maxlen num maximum password length (default: 12)

Read Strategies

Select one or more strategies to generate passwords (refer to Supported Strategies section for further explanation)

-l, --left-to-right
 Left to right
-r, --right-to-left
 Right to left
-t, --top-down Top left corner to bottom right
-b, --bottom-up
 Bottom right corner to top left

File Output

Dump passwords to a file instead of the terminal:

-f name, --file name
 Dump passwords to file

Examples

Generate 6-8 digit passwords from a password card generated with seed the initial seed of 7eb3fbfa560d1d1e

$ munchkin pcard -s 7eb3fbfa560d1d1e -l

Supply your own password card and generate passwords with multiple read strategies

$ munchkin custom -l -r -t -b

Links

Contributors

Credits

You can’t perform that action at this time.