Password Attacksopensslpasswordbruteforcecrackingdictionarypentestforensics

bruteforce-salted-openssl

Try to find the passphrase for files encrypted with OpenSSL using exhaustive or dictionary attacks. Supports multithreading and various OpenSSL ciphers and digests.

Description

bruteforce-salted-openssl attempts to recover passphrases or passwords from files encrypted using the OpenSSL command. It operates in two primary modes: exhaustive mode, which systematically tries all possible passwords within specified constraints, and dictionary mode, which tests passwords from a provided wordlist file.

The exhaustive mode is particularly effective when partial password knowledge exists, such as the beginning, end, length range, or character set. Users can define minimum and maximum password lengths, prefixes, suffixes, and custom character sets. Dictionary mode reads one password per line from an input file for rapid testing against known wordlists.

This tool supports multithreading for performance optimization and can utilize all ciphers and digests available in the system's OpenSSL libraries. Progress monitoring is available via USR1 signals or periodic verbose output. It is designed for security assessments, penetration testing, and digital forensics investigations.

How It Works

The tool targets OpenSSL-encrypted files with salted encryption, attempting decryption using specified ciphers (default: aes-256-cbc) and digests (default: sha256) for key/IV derivation. In exhaustive mode, it generates passwords incrementally within defined length bounds, prefixes, suffixes, and character sets. Dictionary mode sequentially tests passwords from input files. Success is determined by decrypted data containing mostly printable ASCII (≥90%) or matching a user-specified magic string. Supports PKCS5_PBKDF2_HMAC key derivation, multithreading, and state persistence for interrupted sessions.

Installation

bash

sudo apt install bruteforce-salted-openssl

Flags

-1Stop the program after finding the first password candidate.

-aList the available cipher and digest algorithms.

-B <file>Search using binary passwords (instead of character passwords). Write candidates to <file>.

-b <string>Beginning of the password. default: ""

-c <cipher>Cipher for decryption. default: aes-256-cbc

-DDisplay salt, key and iv along with the tested password.

-d <digest>Digest for key and initialization vector generation. default: sha256

-e <string>End of the password. default: ""

-f <file>Read the passwords from a file instead of generating them.

-hShow help and quit.

-i <n>With -K, set the PBKDF2 iteration count to <n>. default: 10000

-KUse PKCS5_PBKDF2_HMAC to derive the key.

-L <n>Limit the maximum number of tested passwords to <n>.

-l <length>Minimum password length (beginning and end included). default: 1

-M <string>Consider the decryption as successful when the data starts with <string>. Without this option, the decryption is considered as successful when the data contains mostly printable ASCII characters (at least 90%).

-m <length>Maximum password length (beginning and end included). default: 8

-NIgnore decryption errors (similar to openssl -nopad).

-nIgnore salt (similar to openssl -nosalt).

-p <n>Preview and check the first N decrypted bytes for the magic string. If the magic string is present, try decrypting the rest of the data. default: 1024

-s <string>Password character set. default: "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

-t <n>Number of threads to use. default: 1

-v <n>Print progress info every n seconds.

-w <file>Restore the state of a previous session if the file exists, then write the state to the file regularly (~ every minute).

Examples

Basic usage: crack encrypted_file.enc using default settings (aes-256-cbc cipher, sha256 digest, 1-8 char passwords).

bruteforce-salted-openssl encrypted_file.enc

Dictionary mode: test passwords from passwords.txt wordlist against encrypted_file.enc.

bruteforce-salted-openssl -f passwords.txt encrypted_file.enc

Exhaustive mode: try 4-6 char passwords starting with 'pass' and ending with '123'.

bruteforce-salted-openssl -l 4 -m 6 -b 'pass' -e '123' encrypted_file.enc

Use 4 threads and print progress every 10 seconds while cracking.

bruteforce-salted-openssl -t 4 -v 10 encrypted_file.enc

Use blowfish CBC cipher and MD5 digest for decryption attempts.

bruteforce-salted-openssl -c bf-cbc -d md5 encrypted_file.enc

Use PBKDF2_HMAC with 50,000 iterations and limited charset 'abc123'.

bruteforce-salted-openssl -K -i 50000 -s 'abc123' encrypted_file.enc

Stop after first success when decrypted data starts with 'PKCS7' magic string.

bruteforce-salted-openssl -M 'PKCS7' -1 encrypted_file.enc

List all available cipher and digest algorithms supported by system OpenSSL.

bruteforce-salted-openssl -a

Updated 2026-04-16kali.org ↗