CredentialDatabase

Create a massive credential database with collections like BreachCompilation or with credentials from password files

Features of CredentialDatabase:

• develop awesome brute-force/credstuffer attacks which are based on CredentialDatabase
• build up a huge hash table for SHA1, SHA256, SHA512 and md5 hashes
• create a REST API interface similar to the ghostproject
• create a massive password database
• multithreaded database scripts

BreachCompilation includes billion clear text credentials discovered in a single database (file size: ~42GB)

Content

• Installation
• Usage and Examples
• Postgresql Database Settings
• Logs
• Troubleshooting
• Changelog
• License

Installation

install CredentialDatabase with pip

pip3 install CredentialDatabase

or from source

sudo python3 setup.py install

Usage and Examples

BreachCompilationDatabase.py

execute the console script BreachCompilationDatabase

BreachCompilationDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname breachcompilation --breachpath /path/to/BreachCompilation

insert subsequent command to run the script completely in background

nohup BreachCompilationDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname breachcompilation --breachpath /path/to/BreachCompilation &>/dev/null &

or use a tool like screen

Database structure

schemas: 0-9, a-z, symbols (first character from email)
tables: 0-9, a-z, symbols (second character from email)

id | email | password | username | provider | sh1 | sh256 | sh512 | md5 

• script runtime about 8 days
• needs disk space for about 569 GB

PasswordDatabase.py

execute the console script PasswordDatabase with --breachpath

PasswordDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname passwords --breachpath /path/to/BreachCompilation

or with --filepath

PasswordDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname passwords --filepath /path/to/CredentialFile --proc 10

insert subsequent command to run the script completely in background

nohup PasswordDatabase --host 192.168.1.2 --port 5432 --user john --password test1234 --dbname breachcompilation --breachpath /path/to/BreachCompilation &>/dev/null &

or use a tool like screen

Database structure

schemas: 0-9, a-z, symbols (first character from password)
tables: 0-9, a-z, symbols (second character from password)

password | length | isnumber | issymbol | ts

Postgresql Database Settings

install PostgreSQL dependencies via apt

sudo apt-get install postgresql libpq-dev postgresql-client postgresql-client-common

Follow this tutorial to set up a postgresql environment. For graphical visualization install pgAdmin4.

Postgresql Advanced

create an index only scan for columns email and password

CREATE index idx_pass_email on "a"."d"(email, password);

vacuum the table, so that the visibility map to be up-to-date

VACUUM "a"."d";

Delete a table completely with

drop table "a"."d" cascade

Settings for tuning your postgresql server are here

Logs

logs can be found in /var/log/CredentialDatabase

Troubleshooting

add your current user to group syslog, this allows the application/scripts to create a folder in /var/log. Replace <user> with your current user

sudo adduser <user> syslog

to apply this change, log out and log in again and check with the terminal command groups

Changelog

All changes and versioning information can be found in the CHANGELOG

License

Copyright (c) 2019 Bierschneider Christian. See LICENSE for details