Date: Thu, 14 Apr 2011 15:47:39 -0500 From: "jfoug" <jfoug@....net> To: <john-dev@...ts.openwall.com> Subject: RE: [GSoC] Johnny - GUI frontend for JtR >-----Original Message----- >From: Shinnok Sent: Tuesday, April 12, 2011 2:27 PM >Any links and >interesting/crazy usages of JtR you might have are very welcomed. There are several things I use john for over and above 'cracking'. Also, there are several (MANY) things which a GUI would be great to provide features. I find word list maintenance, rule building/maintaining, and work flow task to be things which are all very important tasks to be done in PW cracking/auditing. For word list maintenance, you need: 1. acquisition of word lists. 2. clean up of word lists. One big thing john can help here is the unique build of john. 3. warehousing these wordlists, and matching up with specific rules to work with them. 4. providing meta data about wordlists (meta data will be tied back together in the workflow section). For rule building/maintaining, john provides very little 'help'. This would be an ideal add-on functionality for a GUI. I have thought of doing some of this myself (in perl or java, I have wanted to do #1 and #2). I can see things such as: 1. rule building wizard. 2. rule to plain explanation wizard (reverse of #1) 3. grouping and warehousing of rules. 4. providing meta information to associate rule sets with word list(s), and possibly with formats. 5. possibly providing 'hooks' so that external rule generation programs can build rules, ready for john to use (pie in the sky type request) One greatly important need, which currently is FULLY lacking of any functionality within john, is ability to build, maintain and expand workflows. Along the same line, something missing from john, is ability to database hashes, including what work has been done against them already. This is VERY important for salted hashes. An interesting addition to warehousing the hashes, and work done, is also warehousing just what cracked them (when they are cracked). Listing things such as the crack mode, the wordlist file, and what word, if it was done markov, if it was brute force, and which one, if it was rule based, what word file and what rule broke it.. Once a lot of data like that has been generated, it would make for great data mining, to find what works, and what is simply a waste of time. NONE of this is 'in' john, but a wrapper program could be written to provide this additional logic, and data storage. I am just tossing out some additional things which would be great to have in a GUI. I am not sure this is within the scope of the work that is laid out to be done in the GSoC or not. Jim.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ