Password Attacksgpgpassphraserecoverybruteforceforensics

nasty

Nasty is a tool that helps recover forgotten GPG or PGP key passphrases. It supports customizable length, guessing modes, and charset filters.

Description

Nasty is a program designed to recover the passphrase of PGP or GPG keys when forgotten or lost. It is particularly useful in forensics investigations where access to encrypted data is needed without the original passphrase.

Key features include setting minimum and maximum passphrase lengths, selecting guessing modes such as incremental, random, or file-based, and filtering by character sets. This allows for targeted brute-force attempts tailored to likely passphrase characteristics.

The tool integrates with GPG libraries and requires specific dependencies like libc6 and libgpgme45. It outputs the recovered passphrase to a specified file and supports verbose mode for monitoring progress.

How It Works

Nasty uses GPGME library to interact with GPG keys and test passphrases against a selected key via the -k filter. It generates passphrase candidates based on mode: incremental tries all combinations within length and charset limits; random generates guesses probabilistically; file mode reads candidates from an input file. Charsets are filtered from options like a-z, A-Z, digits, or full ASCII/extended ranges, defaulting to 32-255. Successful matches are written to the output file.

Installation

bash

sudo apt install nasty

Flags

-a xset minimum length of passphrase

-b xset maximum length

-m xset guessing mode: incremental: try them all, random: try at random, file: read phrases from file (use -i)

-i xfile to read the passphrases from

-f xfile to write the found passphrase to

-c x...charset, one or more from the following: a: a-z, A: A-Z, 0: 0-9, .: all ascii values (32...126), +: 32...255 (default(!))

-k xfilter string to select a key

-venable verbose mode

Examples

Display help and usage information for nasty

nasty -h

Recover passphrase incrementally with length 4-8 using lowercase, uppercase, digits for a specific key

nasty -a 4 -b 8 -m incremental -c aA0 -k keyid

Guess passphrase randomly using full charset (32-255) for a key in verbose mode

nasty -m random -c + -k keyid -v

Read passphrases from file and write found one to output file for specific key

nasty -m file -i passlist.txt -f found.txt -k keyid

Incremental brute-force length 6-12 with letters, digits, and printable ASCII

nasty -a 6 -b 12 -m incremental -c aA0. -k keyid

Random guesses with letters only, output to file, targeting all keys

nasty -m random -c aA -f recovered_pass.txt -k '*'

Full incremental search length 1-20 with extended charset in verbose mode

nasty -a 1 -b 20 -m incremental -c + -v

Updated 2026-04-16kali.org ↗