zip-password-finder
is a tool to find the password of protected zip files.
The initial design of this tool is described in details in the following blog article but the architecture has changed since it was published.
- Supports both ZipCrypto and AES encryption.
- Leverages multiple threads to speed up the process
- Dictionary attack to test passwords from a dictionary text file (one word per line)
- Brute force to generate all passwords for a given charset and a password length range
The available charsets for the password generation are:
- basic: lowercase letters
- easy: basic + upper case letters
- medium: easy + digits
- hard: medium + punctuations and extras
Using the provided binaries in https://github.com/agourlay/zip-password-finder/releases
Using Cargo via crates.io.
Warning: currently not up to date with the latest version (see issue).
cargo install zip-password-finder
You can install zip-password-finder
from the AUR using an AUR helper. For example:
paru -S zip-password-finder
./zip-password-finder -h
Find the password of protected ZIP files
Usage: zip-password-finder [OPTIONS] --inputFile <inputFile>
Options:
-i, --inputFile <inputFile>
path to zip input file
-w, --workers <workers>
number of workers
-p, --passwordDictionary <passwordDictionary>
path to a password dictionary file
-c, --charset <charset>
charset to use to generate password [default: medium] [possible values: basic, easy, medium, hard]
--minPasswordLen <minPasswordLen>
minimum password length [default: 1]
--maxPasswordLen <maxPasswordLen>
maximum password length [default: 10]
-h, --help
Print help information
-V, --version
Print version information
ZipCrypto is roughly a 1000 times cheaper than AES to crack with brute force.
For AES make sure to use a CPU with SHA
instructions (Intel Sandy Bridge or newer, AMD Bulldozer or newer) to get the best performance.
In general this tool is rather slow and seems to suffer from contention as the number of workers increases which makes it impractical for non-trivial passwords.