pydictor

improve

README.md

@@ -1,25 +1,25 @@
 # pydictor  
 =	
-		一个实用的黑客字典生成工具
+		一个实用的黑客字典建立工具
 		A useful hacker dictionary  builder
 ##### by LandGrey
 -
 #### 功能简介:
 
-##### 1. 支持使用纯数字、纯小写字母或纯大写字母的任意位数爆破字典生成;
+##### 1. 支持使用纯数字、纯小写字母或纯大写字母的任意位数爆破字典生成
   例:
        `python pydictor -t d --len 6 6`
 生成6位纯数字字典
 
-##### 2. 支持使用数字、小写字母与大写字母两两组合或3者组合的任意位数爆破字典生成;
+##### 2. 支持使用数字、小写字母与大写字母两两组合或3者组合的任意位数爆破字典生成
   例：
        `python pydictor -t dL --len 4 4	`			生成数字和小写字母组成的所有4位字典
 
-##### 3. 支持使用自定义字符(包括特殊字符)的任意位数爆破字典生成;
+##### 3. 支持使用自定义字符(包括特殊字符)的任意位数爆破字典生成
   例:
-	   `python pydictor -cc aAbBcC123. --len 6 8`		生成由'aAbBcC123.' 10个字符组成的所有6位到8位字典
+	   `python pydictor -cc aAbBcC123. --len 6 8`			生成由'aAbBcC123.' 10个字符组成的所有6位到8位字典
 
-##### 4. 支持使用自定义字符串、字符生成所有可能性组合的字典。
+##### 4. 支持使用自定义字符串、字符生成所有可能性组合的字典
   例:
 	   `python pydictor -cm abc ABC 123 .`			生成由'abc'、'ABC'、'123' 和'.'生成的所有可能性组合字典
 
@@ -35,4 +35,49 @@
   例:
        `python pydictor.py -t d --encode b64`
 
-  **注**:  支持 base64 urlencode编码, md5 sha1 sha256 sha512加密
+  **注**:  支持 base64 urlencode编码, md5(32位) md516(16位) sha1 sha256 sha512加密
+
+##### 7. 支持建立社会工程学字典
+  例:
+       `python pydictor.py --sd ` 进入社工字典生成界面
+
+-
+#### 社会工程学字典功能介绍:
+
+##### 1. 内置15项收集数据
+		[+]cname        Chinese name's phonetic          中文名拼音全拼
+		[+]ename        English name                     英文名 
+		[+]sname        Simple spellings phonetic        姓名简拼 
+		[+]birth        Birthday [YYYYMMDD]              生日
+		[+]usedpwd      Used password                    曾用密码
+		[+]phone        Cell phone number                手机号
+		[+]uphone       Used phone                       曾用手机号
+		[+]hphone       Homephone number                 老家座机号
+		[+]email        E-mail accounts                  电子邮箱账号
+		[+]postcode     Postcode                         老家邮政编码
+		[+]nickname     Commonly used nickname           常用昵称
+		[+]idcard       Identity card number             身份证号
+		[+]jobnum       Job or student number            学号或工号或其简写等
+		[+]otherid      Social network platform accounts 社交平台账号或昵称
+		[+]usedchar     Commonly used characters         其他常用字符串数字等
+
+##### 2. 命令速通
+	进入 Social Engineering Dictionary Builder 界面后,可以使用
+	[项目名] [v1] [...]	设置某项数据的值 
+	help settings		查看15项数据的意思;
+	help [具体项]		 查看某项数据的意思;
+	show				查看15项数据的当前设置情况;
+	show [具体项]		 查看某项数据的当前设置情况;
+	run					建立字典
+	cls					清除命令行文字
+	clear				清除命令行文字
+	quit				退出
+	exit				退出
+##### 3. 15项数据说明
+		(1) 以上15项,每一项都支持用空格隔开输入多个数据,不清楚的可以不填;
+		    命令: nickname Tomcat Zwell zer0
+		(2) 其他的一些目标信息可以在otherid和usedchar项目输入;
+            比如宠物名、个人图腾、特殊意义字符、爱人亲人生日等等各种相关的信息
+		(3) 准确的社工字典不仅需要大量的目标信息,而且还需要结合目标的性格特征，比如:懒惰、完美主义、身份特征、目标平台等;
+		    然而,由于缺少人物画像,对目标的性格和爆破平台密码策略不详,所以生成字典难免可能有累赘,不准确,请谅解。
+		(4) 为了解决(3)的问题,可以自己在rules中修改/增加规则,修改相应代码来定制相关的生成策略。

core/Base.py

@@ -1,9 +1,11 @@
 #!/usr/bin/env python
 # coding:utf-8
-# Build by LandGrey 2016-06-08
+# Build by LandGrey 2016-08-25
 #
 # build a common dictionary
 #
+# This is a part of pydictor
+
 
 import os
 import time
@@ -39,7 +41,7 @@ def getchars(typeflag):
 # create the dictionary files
 def get_base_dic(minlength, maxlength, objflag, encodeflag, head, tail):
     count = 0
-    storepath=os.path.join(os.getcwd(), "results", "[len_%s_%s]_[date_%s]_%s.txt" %
+    storepath=os.path.join(os.getcwd(), "results", "%s_%s_%s_%s.txt" %
                            (minlength, maxlength, str(time.strftime("%Y%m%d_%H.%M.%S", time.localtime(time.time()))), encodeflag))
     with open(storepath, "w") as f:
         for i in xrange(minlength, maxlength+1):

core/Chunk.py

@@ -1,9 +1,11 @@
 #!/usr/bin/env python
 # coding:utf-8
-# Build by: LandGrey 2016-08-10
+# Build by: LandGrey 2016-08-25
 #
 # build a chunk multiplication dictionary
 #
+# This is a part of pydictor
+
 
 import os
 import time
@@ -17,8 +19,8 @@
 # create the dictionary files
 def get_chunk_dic(objflag, encodeflag, head, tail):
     count = 0
-    storepath = os.path.join(os.getcwd(), "results", "[ChunkMulti]_[date_%s]_%s.txt" %
-                           (str(time.strftime("%Y%m%d_%H.%M.%S",time.localtime(time.time()))), encodeflag))
+    storepath = os.path.join(os.getcwd(), "results", "Chunk_%s_%s.txt" %
+                            (str(time.strftime("%Y%m%d_%H.%M.%S", time.localtime(time.time()))), encodeflag))
     with open(storepath, "w") as f:
         for item in itertools.permutations(objflag, len(objflag)):
             if encodeflag == "":

core/SEDB.py

@@ -1,9 +1,11 @@
 #!/usr/bin/env python
 # coding:utf-8
-# Build by: LandGrey 2016-08-24
+# Build by: LandGrey 2016-08-25
 #
 # Social Engineering Dictionary Builder
 #
+# This is a part of pydictor
+
 
 import os
 import sys
@@ -15,14 +17,16 @@
 from rules.EBrule import EBrule
 from rules.SBrule import SBrule
 from rules.SingleRule import SingleRule
+from rules.WeakPass import weak_pass_set
 
 
 class SEDB(cmd.Cmd):
     def __init__(self):
         cmd.Cmd.__init__(self)
         reload(sys)
         sys.setdefaultencoding('utf-8')
-        self.prompt = "Pydictor >>"
+        os.system("cls")
+        self.prompt = "pydictor SEDB>>"
         self.do_help(self)
 
     def do_EOF(self):
@@ -31,7 +35,7 @@ def do_EOF(self):
     def do_help(self, key):
         if key in help_dict.keys():
             print help_dict[key]
-        elif key == 'settings':
+        elif key == 'all':
             for k in help_dict.keys():
                 print help_dict[k]
         else:
@@ -64,15 +68,15 @@ def do_sname(self, args):
     def do_birth(self, args):
         for item in str(args).split(' '):
             if len(item) != 8 or str(item).isdigit() is False:
-                pass
+                print 'Input format:[YYYYMMDD] exp:19890512'
             else:
                 settings_dict['birth'].append(item)
 
     def do_usedpwd(self, args):
         for item in str(args).split(' '):
             settings_dict['usedpwd'].append(item)
 
-    def do_phone(self,args):
+    def do_phone(self, args):
         for item in str(args).split(' '):
             settings_dict['phone'].append(item)
 
@@ -107,9 +111,12 @@ def do_jobnum(self, args):
         for item in str(args).split(' '):
             settings_dict['jobnum'].append(item)
 
-    def do_otherid(self, args):
+    def do_otherdate(self, args):
         for item in str(args).split(' '):
-            settings_dict['otherid'].append(item)
+            if len(item) != 8 or str(item).isdigit() is False:
+                print 'Input format:[YYYYMMDD] exp:19890512'
+            else:
+                settings_dict['otherdate'].append(item)
 
     def do_usedchar(self, args):
         for item in str(args).split(' '):
@@ -118,12 +125,12 @@ def do_usedchar(self, args):
     def do_show(self, key):
         if key in settings_dict.keys():
             if type(settings_dict[key]) is str:
-                print key + "  :" + settings_dict[key]
+                print "%-10s :%s" % (key, settings_dict[key])
             else:
-                print key + "  :" + ' '.join([x for x in settings_dict[key]])
+                print "%-10s :%s" % (key, ' '.join([x for x in settings_dict[key]]))
         else:
             for args in settings_dict.keys():
-                    print args + " :" + ' '.join([x for x in settings_dict[args]])
+                print "%-10s :%s" % (args, ' '.join([x for x in settings_dict[args]]))
 
     def do_run(self, args):
         count = 0
@@ -134,7 +141,7 @@ def do_run(self, args):
                                      settings_dict['birth'], settings_dict['usedpwd'], settings_dict['phone'],
                                      settings_dict['uphone'], settings_dict['hphone'], settings_dict['email'],
                                      settings_dict['postcode'], settings_dict['nickname'], settings_dict['idcard'],
-                                     settings_dict['jobnum'], settings_dict['otherid'], settings_dict['usedchar']):
+                                     settings_dict['jobnum'], settings_dict['otherdate'], settings_dict['usedchar']):
                 f.write(single + '\n')
                 count += 1
             # CBrule
@@ -149,7 +156,10 @@ def do_run(self, args):
             for sb in SBrule(settings_dict['sname'], settings_dict['birth']):
                 f.write(sb + '\n')
                 count += 1
-
+            # WeakPass
+            for weakpwd in weak_pass_set:
+                f.write(weakpwd + '\n')
+                count += 1
         print "[+] A total of %s lines" % str(count)
         print "[+] Store in %s " % storepath
 

lib/command.py

@@ -1,9 +1,11 @@
 #!/usr/bin/env python
 # coding:utf-8
-# Build by: LandGrey 2016-08-24
+# Build by: LandGrey 2016-08-25
 #
 # Parse command line arguments
 #
+# This is a part of pydictor
+
 
 import argparse
 import sys
@@ -18,17 +20,17 @@ def parse_args():
                                            '[-cm <str1> <str2> ...] [--len minlen maxlen] \n'
                                            '[--head  Prefix] [--tail Suffix] '
                                            '[--encode <b64,md5,md516,sha1,url,sha256,sha512>]\n'
-                                           '[--sd]')
+                                           '[--sedb]')
 
     parser.add_argument('-t', dest='type',choices=['d', 'L', 'c', 'dL', 'dc', 'Lc', 'dLc'], metavar='Type',default='',
                         help='Choose from  [d L c dL dc Lc dLc]'
-                              '\nd     digital             [0 - 9]'
-                              '\nL     lowercase letters   [a - z]'
-                              '\nc     capital letters     [A - Z]'
-                              '\ndL    Mix d and L         [0-9 a-z]'
-                              '\ndc    Mix d and c         [0-9 A-Z]'
-                              '\nLc    Mix L and c         [a-z A-Z]'
-                              '\ndLc   Mix d, L and c      [0-9 a-z A-Z]')
+                        '\nd     digital             [0 - 9]'
+                        '\nL     lowercase letters   [a - z]'
+                        '\nc     capital letters     [A - Z]'
+                        '\ndL    Mix d and L         [0-9 a-z]'
+                        '\ndc    Mix d and c         [0-9 A-Z]'
+                        '\nLc    Mix L and c         [a-z A-Z]'
+                        '\ndLc   Mix d, L and c      [0-9 a-z A-Z]')
 
     parser.add_argument('-cc', dest='customchar', metavar='Character', default='',
                         help='Use [Custom Character] build the dictionary')
@@ -56,7 +58,7 @@ def parse_args():
                              '\nsha256  sha256 encrytion'
                              '\nsha512  sha512 encrytion')
 
-    parser.add_argument('--sd', dest='sedb', default='',  action="store_true",
+    parser.add_argument('--sedb', dest='sedb', default='',  action="store_true",
                         help='Enter the SEDB(Social Engineering Dictionary Builder)')
 
     if len(sys.argv) == 1:

lib/encode.py

@@ -4,6 +4,8 @@
 #
 # encode & encrypt the strings
 #
+# This is a part of pydictor
+
 
 from urllib import quote
 from base64 import b64encode

lib/text.py

@@ -1,49 +1,52 @@
 #!/usr/bin/env python
 # coding:utf-8
-# Build by: LandGrey 2016-08-23
+# Build by: LandGrey 2016-08-25
 #
 # store text for others import
 #
+# This is a part of pydictor
+
+
+from collections import OrderedDict
 
 helpmsg = "               Social Engineering Dictionary Builder\n" \
                   "                                                              Build by LandGrey\n"\
                   "----------------------------------[ command ]------------------------------------\n"\
-                  "[+]help [options](View help message)    |  [+]show [setting](Show current settings)\n"\
+                  "[+]help [all]    (View help message)    |  [+]show [setting](Show current settings)\n"\
                   "[+]cls/clear     (Clean the screen)     |  [+]quit/exit     (Quit the progress)\n"\
                   "[+]run           (Build the dictionary) |\n"\
                   "Usage Exp :show  (Show all of settings) |  help settings    (View all of setings help)\n"\
                   "----------------------------------[ settings ]------------------------------------\n"\
                   "[+]cname      [+]ename      [+]sname    |  [+]birth      [+]usedpwd    [+]phone   \n"\
                   "[+]uphone     [+]hphone     [+]email    |  [+]postcode   [+]nickname   [+]idcard  \n"\
-                  "[+]jobnum     [+]otherid    [+]usedchar | \n"\
-                  "Usage Exp :nickname zs zhangs zsan      |  *Each setting supports multiple values"
-
-
-settings_dict = {
-    'cname': [], 'ename': [], 'sname': [], 'birth': [],
-    'usedpwd': [], 'phone': [], 'uphone': [], 'hphone': [],
-    'email': [], 'postcode': [], 'nickname': [], 'idcard': [],
-    'jobnum': [], 'otherid': [], 'usedchar': []}
-
-
-help_dict = {
+                  "[+]jobnum     [+]otherdate  [+]usedchar | \n"\
+                  "Usage Exp :nickname zwell zhangs zsan   |  *Each setting supports multiple values"
+
+settings_dict = OrderedDict([
+    ('cname', []), ('ename', []), ('sname', []), ('birth', []),
+    ('usedpwd', []), ('phone', []), ('uphone', []), ('hphone', []),
+    ('email', []), ('postcode', []), ('nickname', []), ('idcard', []),
+    ('jobnum', []), ('otherdate', []), ('usedchar', [])
+    ]
+)
+
+help_dict = OrderedDict([
     # settings help message
-    'cname': "[+]cname      Chinese name's phonetic          中文名拼音全拼\n".decode('utf-8'),
-    'ename': "[+]ename      English name                     英文名\n".decode('utf-8'),
-    'sname': "[+]sname      Simple spellings phonetic        姓名简拼\n".decode('utf-8'),
-    'birth': "[+]birth      Birthday [YYYYMMDD]              生日\n".decode('utf-8'),
-    'usedpwd': "[+]usedpwd    Used password                    曾用密码\n".decode('utf-8'),
-    'phone': "[+]phone      Cell phone number                手机号\n".decode('utf-8'),
-    'uphone': "[+]uphone     Used phone                       曾用手机号\n".decode('utf-8'),
-    'hphone': "[+]hphone     Homephone number                 家庭座机号\n".decode('utf-8'),
-    'email': "[+]email      E-mail accounts                  电子邮箱账号\n".decode('utf-8'),
-    'postcode': "[+]postcode   Postcode                         家庭邮政编码\n".decode('utf-8'),
-    'nickname': "[+]nickname   Commonly used nickname           常用昵称\n".decode('utf-8'),
-    'idcard': "[+]idcard     Identity card number             身份证号\n".decode('utf-8'),
-    'jobnum': "[+]jobnum     Job or student number            学号或工号或其简写等\n".decode('utf-8'),
-    'otherid': "[+]otherid    Social network platform accounts 社交平台账号或昵称\n".decode('utf-8'),
-    'usedchar': "[+]usedchar   Commonly used characters         其他常用字符串数字等\n".decode('utf-8')}
-
-
-
+    ('cname', "[+]cname      Chinese name's phonetic          中文名拼音全拼".decode('utf-8')),
+    ('ename', "[+]ename      English name                     英文名".decode('utf-8')),
+    ('sname', "[+]sname      Simple spellings phonetic        姓名简拼".decode('utf-8')),
+    ('birth', "[+]birth      Birthday [YYYYMMDD]              生日".decode('utf-8')),
+    ('usedpwd', "[+]usedpwd    Used password                    曾用密码".decode('utf-8')),
+    ('phone', "[+]phone      Cell phone number                手机号".decode('utf-8')),
+    ('uphone', "[+]uphone     Used phone                       曾用手机号".decode('utf-8')),
+    ('hphone', "[+]hphone     Homephone number                 家庭座机号".decode('utf-8')),
+    ('email', "[+]email      E-mail accounts                  电子邮箱账号".decode('utf-8')),
+    ('postcode', "[+]postcode   Postcode                         家庭邮政编码".decode('utf-8')),
+    ('nickname', "[+]nickname   Commonly used nickname           常用昵称".decode('utf-8')),
+    ('idcard', "[+]idcard     Identity card number             身份证号".decode('utf-8')),
+    ('jobnum', "[+]jobnum     Job or student number            学号或工号或其简写等".decode('utf-8')),
+    ('otherdate', "[+]otherdate  Others date [YYYYMMDD]           其他亲人生日等特殊日期".decode('utf-8')),
+    ('usedchar', "[+]usedchar   Commonly used characters         其他社交平台账号等常用字符".decode('utf-8'))
+    ]
+)