EN
ENNA

CUPP

GPL-3.0

๐Ÿ”‘ Password Attacks ยท Python

CUPP (Common User Passwords Profiler) is a tool that generates custom wordlists based on information gathered about a target individual. Rather than using generic wordlists, CUPP creates targeted password lists by taking inputs like the target's name, birthday, partner's name, pet's name, company, and other personal details, then generating thousands of password permutations using common patterns people use when creating passwords. It applies rules like capitalizing first letters, appending birth years, combining names with special characters, leetspeak substitutions, and other patterns observed in real-world password creation habits. CUPP also supports downloading and parsing existing leaked wordlists and can generate wordlists from OSINT data. The philosophy is simple: people are predictable, and targeted wordlists are far more effective than brute force against human-chosen passwords.

5.9kstars
2.0kforks
48issues
Updated 3mo ago
View on GitHub

Installation

from source

$ git clone https://github.com/Mebus/cupp.git && cd cupp && python3 cupp.py -h

Use Cases

  • Generating targeted wordlists from OSINT about specific individuals
  • Creating password lists based on personal information for penetration testing
  • Testing organizational password policies against profiled attack wordlists
  • Combining with hashcat or John the Ripper for targeted credential attacks
  • Demonstrating password predictability in security awareness training

Tags

wordlist-generatorprofilingtargeted-attacksocial-engineeringpassword-patternsdictionary-attackpasswordpassword-strengthweak-passwordswordlist

Details

Category
๐Ÿ”‘ Password Attacks
Language
Python
Repository
Mebus/cupp
License
GPL-3.0
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/Mebus/cupp

Releases

github.com/Mebus/cupp/releases

Issues

github.com/Mebus/cupp/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

John the Ripper

C

Fast password cracker. Supports hundreds of hash types and ciphers. CPU and GPU modes.

Compare CUPP vs John the Ripper

Hashcat

C

World's fastest password recovery tool. GPU-accelerated with support for 300+ hash types.

Compare CUPP vs Hashcat

CeWL

Ruby

Custom wordlist generator. Spiders a target site and builds password lists from scraped words.

Compare CUPP vs CeWL

Mentalist

Python

Wordlist generation GUI. Visual chain-based rule builder that outputs wordlists or hashcat/JtR rule files.

Compare CUPP vs Mentalist

More in Password Attacks

John the Ripper

C

Fast password cracker. Supports hundreds of hash types and ciphers. CPU and GPU modes.

hash-crackingbrute-forcewordlist

Hashcat

C

World's fastest password recovery tool. GPU-accelerated with support for 300+ hash types.

gpuhash-crackingrule-based

THC Hydra

C

Fast online password brute-forcer. Supports 50+ protocols including SSH, FTP, HTTP, SMB, MySQL.

brute-forceonlinemulti-protocol

Medusa

C

Speedy, parallel, modular brute-forcer. Supports HTTP, MySQL, SMB, SSH, Telnet, and more.

brute-forceparallelmodular

CeWL

Ruby

Custom wordlist generator. Spiders a target site and builds password lists from scraped words.

wordlistspidercustom

SecLists

Shell

The security tester's companion. Huge collection of wordlists - usernames, passwords, URLs, fuzzing payloads, shells.

wordlistsfuzzingpayloads