MCPcopy Index your code
hub / github.com/agourlay/zip-password-finder

github.com/agourlay/zip-password-finder @v0.11.1

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.11.1 ↗ · + Follow
126 symbols 329 edges 13 files 10 documented · 8%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

zip-password-finder

Build Crates.io

zip-password-finder is a tool to find the password of protected zip files.

The design of this tool is described in details in the following blog articles: - Brute forcing protected ZIP archives in Rust - Follow up on cracking ZIP archives in Rust

Features

  • Supports both ZipCrypto and AES encryption
  • Multi-threaded, using all physical CPU cores by default
  • Three attack modes: brute force, dictionary, and mask attack
  • Graceful interruption with Ctrl-C, displaying the last password tested
  • Resume brute force from a specific password with --startingPassword
  • Automatic detection of encrypted files within multi-file archives
  • Progress bar with throughput and ETA

Attack modes

Brute force (default)

Generates all passwords for a given charset and password length range. This is the default mode when no dictionary or mask is provided.

zip-password-finder -i archive.zip -c lud --minPasswordLen 1 --maxPasswordLen 6

The available charset presets are:

  l | abcdefghijklmnopqrstuvwxyz [a-z]
  u | ABCDEFGHIJKLMNOPQRSTUVWXYZ [A-Z]
  d | 0123456789                 [0-9]
  h | 0123456789abcdef           [0-9a-f]
  H | 0123456789ABCDEF           [0-9A-F]
  s | «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

Presets can be combined, e.g. lud (the default) uses lowercase + uppercase + digits.

Alternatively, a custom charset file can be provided with --charsetFile. It should be a text file containing a single line of characters to use for the generation.

To resume an interrupted brute force search, use --startingPassword to skip ahead:

zip-password-finder -i archive.zip --startingPassword "abc"

Dictionary

Tests passwords from a text file, one word per line.

zip-password-finder -i archive.zip -p wordlist.txt

Mask attack

Generates passwords matching a pattern where each position has its own charset. This is useful when you know part of the password structure (e.g. starts with uppercase, ends with digits).

zip-password-finder -i archive.zip --mask '?u?l?l?l?d?d'

The available mask tokens are:

  ?l | lowercase letters [a-z]
  ?u | uppercase letters [A-Z]
  ?d | digits [0-9]
  ?s | symbols
  ?a | all printable (lowercase + uppercase + digits + symbols)
  ?h | lowercase hex [0-9a-f]
  ?H | uppercase hex [0-9A-F]
  ?1 | custom charset 1 (--customCharset1)
  ?2 | custom charset 2 (--customCharset2)
  ?3 | custom charset 3 (--customCharset3)
  ?4 | custom charset 4 (--customCharset4)
  ?? | literal '?'

Any other character in the mask is treated as a literal.

Custom charsets are defined with --customCharset1 through --customCharset4 and can contain literal characters and/or built-in tokens. For example, --customCharset1 "aeiou" defines vowels, and --customCharset1 "?l?d" defines lowercase letters + digits.

Examples:

# 3 lowercase letters followed by 2 digits
zip-password-finder -i archive.zip --mask '?l?l?l?d?d'

# known prefix "pass" followed by 4 digits
zip-password-finder -i archive.zip --mask 'pass?d?d?d?d'

# uppercase, 4 lowercase, then a symbol
zip-password-finder -i archive.zip --mask '?u?l?l?l?l?s'

# custom charset: 2 vowels followed by a digit
zip-password-finder -i archive.zip -1 "aeiou" --mask '?1?1?d'

Installation

Releases

Using the provided binaries in https://github.com/agourlay/zip-password-finder/releases

Crates.io

Using Cargo via crates.io.

cargo install zip-password-finder

AUR

You can install zip-password-finder from the AUR using an AUR helper. For example:

paru -S zip-password-finder

Usage

./zip-password-finder -h
Find the password of protected ZIP files

Usage: zip-password-finder [OPTIONS] --inputFile <inputFile>

Options:
  -i, --inputFile <inputFile>                    path to zip input file
  -w, --workers <workers>                        number of workers
  -p, --passwordDictionary <passwordDictionary>  path to a password dictionary file
  -c, --charset <charset>                        charset to use to generate password [default: lud]
      --charsetFile <charsetFile>                path to a charset file
      --minPasswordLen <minPasswordLen>          minimum password length [default: 1]
      --maxPasswordLen <maxPasswordLen>          maximum password length [default: 10]
      --fileNumber <fileNumber>                  file number in the zip archive [default: 0]
  -s, --startingPassword <startingPassword>      password to start from
  -m, --mask <mask>                              mask pattern for mask attack (e.g. '?l?l?l?d?d')
  -1, --customCharset1 <customCharset1>          custom charset 1 for mask attack, referenced as ?1
  -2, --customCharset2 <customCharset2>          custom charset 2 for mask attack, referenced as ?2
  -3, --customCharset3 <customCharset3>          custom charset 3 for mask attack, referenced as ?3
  -4, --customCharset4 <customCharset4>          custom charset 4 for mask attack, referenced as ?4
  -h, --help                                     Print help
  -V, --version                                  Print version

Performance

For AES make sure to use a CPU with SHA instructions (Intel Sandy Bridge or newer, AMD Bulldozer or newer) to get the best performance.

Native builds tend to perform better in general.

RUSTFLAGS="-C target-cpu=native" cargo build --release

The number of workers defaults to the number of physical CPU cores. You can override this with --workers, but using more workers than physical cores typically does not help due to contention.

E.g. of scalability with an 8 core CPU with 16 threads as the number of workers increases:

scalability example

Core symbols most depended-on inside this repo

parse_mask
called by 19
src/password_mask.rs
preset_to_charset
called by 11
src/charsets.rs
password_count_already_generated
called by 9
src/password_gen.rs
password_generator_iter
called by 8
src/password_gen.rs
password_dictionary_reader_iter
called by 8
src/password_reader.rs
filter_for_worker_index
called by 7
src/password_worker.rs
parse_custom_charset
called by 7
src/password_mask.rs
mask_password_iter
called by 7
src/password_mask.rs

Shape

Function 104
Method 12
Class 7
Enum 3

Languages

Rust100%

Modules by API surface

src/password_mask.rs42 symbols
src/password_finder.rs20 symbols
src/password_gen.rs16 symbols
src/charsets.rs16 symbols
src/password_reader.rs8 symbols
src/zip_utils.rs7 symbols
src/password_worker.rs6 symbols
src/args.rs4 symbols
src/finder_errors.rs3 symbols
src/main.rs2 symbols
benches/password_reader.rs1 symbols
benches/password_generator.rs1 symbols

For agents

$ claude mcp add zip-password-finder \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page