I was going through my computer projects and realised that I never shared this one on my website. It’s a tool, coded in C++ that checks a text file for WPA/WPA2 password compatibility. It is most helpful in network security applications / pentesting when you have a password list and aren’t sure just how much of the list is actually a legitimate password.
For example, we have a text file with these contents:
Good Password
good passwordGood Password 1234567890
good password 1234567890GoodPassword
goodpasswordBadPass
badpass
badpa55badpas™
BadPas™
B3dPas™This is a bad password because the character length is way above the maximum limit of 63 characters, and WPA won’t allow such horrible things to exist in the first place anyways.
If we run the tool on it, we get these results:
Finally, here is the source code of the project. It should be able to be compiled with just about any compiler on any operating system.
#include <iostream>
#include <fstream>
#include <string>int help(char *argv[]) {
std::cout << “Usage: ” << argv[0] << ” <PasswordFile> [Options]” << std::endl;
std::cout << ” Options:” << std::endl;
std::cout << ” -wpa Verify password list using WPA Rules (WPA uses same rules as WPA2)” << std::endl;
//std::cout << ” -clean Automatically delete invalid passwords from file” << std::endl;
std::cout << ” -goodlist Print all valid passwords” << std::endl;
std::cout << ” -badlist Print all invalid passwords” << std::endl;
std::cout << ” Example:” << std::endl;
std::cout << ” ” << argv[0] << ” passwordlist.txt -wpa -badlist” << std::endl;return(1);
}int does_exist(char *filetouse) {
//first check to see if the cfg file exists
FILE * pFile;
if(pFile = fopen (filetouse,”r”)) {
//the file exists
return(1);
} else {
//the file doesnt exist
return(0);
}
}int verify(int argc, char *argv[]) {
//variables for later usage
//booleans for user options
bool wpa = false;
//bool clean = false;
bool goodlist = false;
bool badlist = false;
//strings for file reading
std::string password;
std::ifstream infile;
//strings for password statistics
int numberoflines = 0;
int numberoftolong = 0;
int numberoftoshort = 0;
int numberofbadchar = 0;
int numberofgood = 0;
int numberofempty = 0;const char *filetouse = argv[1];
//check all the options
for (int i = 0; i < argc; i++) {
//options are -wpa -clean -goodlist -badlist
std::string options[4] = {“-wpa”,”-clean”,”-goodlist”,”-badlist”};
if(argv[i] == options[0]) {
wpa = true;
}
/*if(argv[i] == options[1]) {
clean = true;
}*/
if(argv[i] == options[2]) {
goodlist = true;
}
if(argv[i] == options[3]) {
badlist = true;
}
}//read the file line by line and check to see if the passwords are right
infile.open(filetouse); //open the user file
while(getline(infile, password)) { //while not the end of the file
//getline(infile,password); //read the current line to std::string password//count the lines in the password field
numberoflines += 1;//check password
if(wpa == true) { //if checking WPA Rules
if(password == “”) { //empty line
//skip empty lines
numberofempty += 1;
} else if(password.size() > 63) {
//password is to big to be used
if(badlist == true) {
std::cout << password << std::endl;
}
numberoftolong += 1;
} else if(password.size() < 8) {
//password is to small to be used
if(badlist == true) {
std::cout << password << std::endl;
}
numberoftoshort += 1;
} else if (password.find_first_not_of(“!\”#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ “) != std::string::npos) {
//password contains a bad character
if(badlist == true) {
std::cout << password << std::endl;
}
numberofbadchar += 1;
} else {
if(goodlist == true) {
std::cout << password << std::endl;
}
numberofgood += 1;
}
}
}
infile.close();std::cout << “Checked ” << numberoflines << ” passwords.” << std::endl;
std::cout << ” ” << numberofempty << ” lines contained no text” << std::endl;
std::cout << ” ” << numberoftoshort << ” lines were to short” << std::endl;
std::cout << ” ” << numberoftolong << ” lines were to long” << std::endl;
std::cout << ” ” << numberofbadchar << ” lines contained illegal characters” << std::endl;
std::cout << ” ” << numberofgood << ” lines contained good passwords” << std::endl;return(0);
}int main(int argc, char *argv[]) {
if(argc <= 1){ //not enough options so help is shown
if(help(argv)) {
std::cout << “Fatal error. Quitting program.” << std::endl;
return(1);
} //else program is working fine
} else { //plenty of options, better check to see if they are the right ones
if(argv[1] == std::string(“help”)) {//display help
if(!help(argv)) {
std::cout << “Fatal error. Quitting program.” << std::endl;
return(1);
} //else program is working fine
} else {
if(does_exist(argv[1])){
verify(argc, argv);
} else {
std::cout << “Invalid file” << std::endl;
}
}
}
}