Weak passwords are often the cause of data breaches. Love or hate them, everyone is using passwords today. Ensuring individuals are using strong passwords in important to securing an organization. Whether you’re performing a penetration test or a password audit, tools can help you add value and efficiency for your report.
At Stern Security, we created a tool called PassTheStats (https://github.com/sternsecurity/PassTheStats) to provide insight into the password strength. This has been incredibly helpful on penetration tests as we use the tool to perform password audits when we gain access to password databases. Simply feed the tool a text file of usernames and passwords in the format “username:password”, and the tool will give you the following:
- Number of passwords less than 8 characters
- Number of passwords equal to their username
- Number of accounts with blank passwords
- Number of accounts that may be administrators
- Number of non-complex passwords
- Top 10 most popular passwords
- A full list of accounts with weak passwords and the reason each is weak
This tool has added great value to our penetration test reports, increased efficiency, and helped increase security. We hope you find it valuable as well 🙂
Here are some quick technical points to help you use the tool.
a. Download the tool with the following command:
git clone https://github.com/sternsecurity/PassTheStats.git
- Password List
a. There is a sample password list in the folder that is downloaded. You’ll need to use the same format for your file. The format is the following
- Run the program
a. Go to the PassTheStats folder and launch the tool with the following command:
python3 PassTheStats.py [PASSWORD_FILE.txt]b. If you are running the command on the provided sample_cracked_password_file.txt, you would type the following:
python3 PassTheStats.py sample_cracked_password_file.txt
a. The executive overview will be posted to the screen. The details of all of the password issues will be listed in a file that gets generated.
Enjoy using the tool!