Fyi. The OpenCl kernel used by the script has been updated with all Hashcat rules visible at https://hashcat.net/wiki/doku.php?id=rule_based_attack. This slightly increases the rule chain extraction time, but it can also lead to complex rules.

Analyzes and displays the top 20 (customizable by def print_top_domains) overall domains (NEW). Ready to use in script. #!/usr/bin/env python3 """ Email-Based Hashcat Rule Extractor This script processes a file containing email addresses, extracts trailing digit sequences from the usernames (before the '@'), filters them by specified domains, and generates Hashcat-compatible rule strings. It first displays the top 20 most frequent domains in the input file to help the user decide which domains to target for rule extraction. Functionality: - Reads email addresses from an input file. - **Analyzes and displays the top 20 overall domains (NEW).** - Filters addresses by user-specified domain(s) (e.g., 'gmail.com', 'yahoo.com'). - Extracts trailing digits from the local-part (e.g., 'user123' -> '123'). - Groups and counts digit-domain combinations. - Generates Hashcat rules from the most common combinations. - Saves rules to an output file. - Displays the top 5 most frequent patterns with example emails. Usage: - Run the script and provide: 1. Path to the input file containing emails (one per line). 2. Comma-separated list of domains to filter (after seeing the top domains). 3. Path to save the output Hashcat rules. """ import sys import re from collections import Counter, defaultdict def get_file_path(prompt): """Handles continuous prompting until a non-empty path is entered.""" while True: path = input(prompt).strip() if path: return path print("Path cannot be empty. Please try again.") def extract_data_from_email(email): """ Extracts the local part and domain from an email. Returns (digits, domain) if the local part ends in digits, otherwise None. """ # Regex to validate email structure and separate user/domain match = re.match(r'^([a-zA-Z0-9._%+-]+)@([a-zA-Z0-9.-]+\.[a-zA-Z]{2,})$', email.strip()) if not match: return None user, domain = match.groups() domain = domain.lower() # Normalize domain to lowercase # Check for trailing digits in the local part (username) digits_match = re.search(r'(\d+)$', user) if digits_match: digits = digits_match.group(1) return digits, domain return None def string_to_hashcat_rule(s): """Converts a string (e.g., '[email protected]') to a Hashcat rule (e.g., '$1$2$3$@$g$m$a$i$l$.$c$o$m').""" return ''.join(f"${c}" for c in s) def print_top_domains(file_path, limit=20): # edit limit if required """Reads the file, counts all domains, and prints the top 'limit' domains.""" domain_counts = Counter() try: with open(file_path, 'r', encoding='utf-8') as f: for line in f: email = line.strip() if '@' in email: # rsplit ensures we only split once from the right _, domain = email.rsplit('@', 1) if domain: domain_counts[domain.lower()] += 1 except FileNotFoundError: print(f"\nError: File not found at '{file_path}'", file=sys.stderr) return False except Exception as e: print(f"\nAn error occurred while reading the file: {e}", file=sys.stderr) return False top_domains = [f"{domain} ({count})" for domain, count in domain_counts.most_common(limit)] print("\n" + "="*50) print(f"🥇 Top {limit} Domains Found in the Input File:") print("="*50) # Print the top domains comma-separated, without spaces, just like the original request's output print(','.join(domain for domain, count in domain_counts.most_common(limit))) print("="*50 + "\n") return True def main(): """Main function to handle user input, file processing, and rule generation.""" print("--- Hashcat Rule Extractor for Email Patterns ---") # 1. Get Input Path and Print Top Domains input_path = get_file_path("Enter path to input file containing emails: ") # Display the top domains before proceeding if not print_top_domains(input_path, limit=20): # Exit if file reading failed in print_top_domains sys.exit(1) # 2. Get Domains to Filter domains_input = input("Enter comma-separated domains to filter (e.g., gmail.com,yahoo.com): ").strip() # 3. Get Output Path output_path = get_file_path("Enter path to save generated hashcat rules: ") domains_to_include = set(domain.strip().lower() for domain in domains_input.split(',') if domain.strip()) if not domains_to_include: print("\nWarning: No domains were specified for filtering. Exiting.", file=sys.stderr) sys.exit(0) counter = Counter() examples = defaultdict(list) print("\nProcessing file...") try: with open(input_path, 'r', encoding='utf-8') as f: for line in f: email = line.strip() extracted = extract_data_from_email(email) if extracted: digits, domain = extracted if domain in domains_to_include: key = (digits, domain) counter[key] += 1 # Store a few examples for display later if len(examples[key]) < 3: examples[key].append(email) except Exception as e: print(f"An error occurred during file processing: {e}", file=sys.stderr) sys.exit(1) sorted_items = counter.most_common() # 4. Write Rules to Output File try: with open(output_path, 'w', encoding='utf-8') as out: for (digits, domain), count in sorted_items: rule = string_to_hashcat_rule(digits + '@' + domain) out.write(f"{rule}\n") except Exception as e: print(f"Error writing to output file '{output_path}': {e}", file=sys.stderr) sys.exit(1) # 5. Display Summary print(f"\nDone! {len(sorted_items)} rules written to {output_path}") print("\nTop 5 extracted rules with examples:") if not sorted_items: print(" No patterns found matching the specified domains and having trailing digits.") return for (digits, domain), count in sorted_items[:5]: rule = string_to_hashcat_rule(digits + '@' + domain) print(f" Rule: {rule} | Count: {count} | Examples: {', '.join(examples[(digits, domain)])}") if __name__ == '__main__': main() https://raw.githubusercontent.com/A113L/Bucket/refs/heads/main/emailr.py

#!/bin/bash # simple script to save your time on file operations while cracking vBulletin < 3.8.5 hashes without salts using hashcat # popular types of vBulletin salt - ?a?a?a, ?h?h?h?h?h?h, ?d?d?d?d?d # download hashgen - https://github.com/cyclone-github/hashgen (used to convert $[HEX] hashes with colon-containing salts and generating hashed wordlist) # Function to read file paths with validation read_file_path() { local prompt="$1" local result_var="$2" local path while true; do read -r -p "$prompt" path if [ -f "$path" ]; then # Use eval to set the variable passed by name eval "$result_var=\"$path\"" break else echo "ERROR: File not found: $path. Please try again." fi done } echo "--- Interactive vBulletin Salt Cracker Configuration ---" # --- Input Acquisition --- # 1. Hash list path read_file_path "Enter the path to the hash list (e.g., hashlists/main.txt): " HASHLIST_PATH # 2. Wordlist path read_file_path "Enter the path to the wordlist (e.g., wordlists/top1000.txt): " WORDLIST_PATH # 3. Mask (optional, with default value) read -r -p "Enter the mask for salt cracking (e.g., ?h?h?h?h?h?h) [Default: ?a?a?a]: " CRACKING_MASK if [ -z "$CRACKING_MASK" ]; then CRACKING_MASK="?a?a?a" fi # Generate dynamic paths WORDLIST_BASENAME=$(basename "$WORDLIST_PATH") HASHED_WORDLIST_PATH="md5_wordlists/${WORDLIST_BASENAME}.md5" echo "--- Settings Confirmed ---" echo "Hash List: $HASHLIST_PATH" echo "Word List: $WORDLIST_PATH" echo "Mask: $CRACKING_MASK" echo "Hashed Word List Output: $HASHED_WORDLIST_PATH" echo "------------------------------" sleep 2s # --- Tool Verification --- if ! command -v hashcat &> /dev/null; then echo "ERROR: hashcat not found. Ensure it is in your PATH." exit 1 fi if [ ! -f ./hashgen ]; then echo "ERROR: The ./hashgen file was not found. Ensure it is in the current directory and is executable." exit 1 fi # --- STEP 1: Potfile Cleanup --- echo "--- STEP 1: Cleaning potfile ---" if [ -f "hashed.pot" ]; then echo "Creating backup: hashed.pot -> hashed.pot.bak" cat hashed.pot >> hashed.pot.bak 2>/dev/null else echo "hashed.pot not found, skipping backup." fi echo '' > hashed.pot sleep 3s # --- STEP 2: Generate Hashed Wordlist --- echo "--- STEP 2: Generating hashed wordlist ---" mkdir -p md5_wordlists ./hashgen -m 0 -w "$WORDLIST_PATH" -o "$HASHED_WORDLIST_PATH" sleep 3s # --- STEP 3: Crack Salts --- echo "--- STEP 3: Cracking salts (Mode -m0 -a6) ---" hashcat -d1 -m0 -a6 -w4 --hwmon-temp-abort=95 --potfile-path=hashed.pot "$HASHLIST_PATH" "$HASHED_WORDLIST_PATH" "$CRACKING_MASK" --remove sleep 3s # --- STEP 4: Prepare Hashes for Wordlist Cracking --- echo "--- STEP 4: Preparing hashes for cracking (m2611 format) ---" sleep 3s # 1. Process NON-HEX lines (already cracked passwords) # Corrected format: HASH:PLAINTEXT (Single colon) grep -v HEX hashed.pot | sed 's/^\(.\{65\}\)/\1:/' | cut -d: -f1,3 | sed -E 's/^(.{32}):(.*)$/\1:\2/' > 2611_to_crack.txt sleep 3s echo "Converting HEX strings" # 2. Convert HEX strings grep HEX hashed.pot | cut -d: -f2 > hex.tmp grep HEX hashed.pot | cut -d: -f1 > hash.txt ./hashgen -m plaintext -w hex.tmp -o hex.txt sleep 3s # 3. Combine HEX hashes and append to 2611_to_crack.txt # Corrected format: HASH:HEX_SALT (Single colon) paste -d : hash.txt hex.txt | sed -E 's/^(.{32}):(.*)$/\1:\2/' >> 2611_to_crack.txt sleep 3s echo "Deleting temporary files" # 4. Remove temporary files rm -f ./{hash.txt,hex.txt,hex.tmp} sleep 3s # --- STEP 5: Crack Hashes with Wordlist (Mode -m2611) --- echo "--- STEP 5: Cracking hashes with wordlist -a0 -m2611 ---" hashcat -d1 -m2611 -a0 -w4 --potfile-path=hashcat.pot.salted 2611_to_crack.txt "$WORDLIST_PATH" sleep 3s # --- STEP 6: Export Cracked Hashes --- echo "--- STEP 6: Writing/Appending last cracked hashes into file ---" hashcat -d1 -m2611 -a0 -w4 -O --hwmon-temp-abort=95 --hwmon-disable --potfile-path=hashcat.pot.salted 2611_to_crack.txt --show > 2611_cracked.txt sleep 3s echo "Done." Preview