Pipal

Overview

Pipal is a powerful password analysis tool designed to extract statistics and patterns from password dumps. It analyzes password lists to identify trends, weaknesses, and patterns in password selection, helping security researchers understand password strength, common mistakes, and policy effectiveness.

Key Features:

• Statistical analysis of password dumps
• Pattern and trend identification
• Character set analysis
• Length distribution calculation
• Mask generation for dictionary attacks
• Performance optimization for large datasets
• HTML report generation
• Custom filtering and analysis

Installation

From GitHub

git clone https://github.com/digininja/pipal.git
cd pipal
chmod +x pipal.rb

Requirements

• Ruby 2.0+
• Ruby gems (bundler)

Install Dependencies

bundle install
# or
gem install bundler

Verify Installation

./pipal.rb --version
./pipal.rb --help

Docker

docker run -it --rm digininja/pipal

Basic Usage

Analyze Password File

./pipal.rb passwords.txt

Generate HTML Report

./pipal.rb passwords.txt --output report.html

Analyze Multiple Files

./pipal.rb passwords1.txt passwords2.txt passwords3.txt

Filter by Length

./pipal.rb passwords.txt --min-length 8 --max-length 12

Core Commands

Command	Description
--output	Generate HTML report file
--min-length	Filter passwords by minimum length
--max-length	Filter passwords by maximum length
--count	Display only frequency counts
--verbose	Detailed output messages
--top	Show top N most common passwords
--wordlist	Analyze wordlist file
--no-sort	Skip sorting results

Statistical Analysis

Basic Statistics

./pipal.rb passwords.txt

Output includes:

• Total passwords analyzed
• Unique passwords count
• Average password length
• Password length distribution
• Character set usage

Top Passwords

./pipal.rb passwords.txt --top 50

Password Length Distribution

./pipal.rb passwords.txt | grep "Length"

Character Analysis

./pipal.rb passwords.txt | grep -i "character\|digit\|upper\|lower\|special"

Filtering and Selection

Minimum Length Analysis

# Analyze only 8+ character passwords
./pipal.rb passwords.txt --min-length 8

Maximum Length Analysis

# Analyze passwords 12 characters or less
./pipal.rb passwords.txt --max-length 12

Length Range Analysis

# Analyze 8-16 character passwords
./pipal.rb passwords.txt --min-length 8 --max-length 16

Case Sensitivity

# Analyze passwords with uppercase
./pipal.rb passwords.txt | grep -i "uppercase\|mixed"

# Analyze passwords all lowercase
./pipal.rb passwords.txt | grep -i "lowercase"

Pattern Identification

Digit Patterns

./pipal.rb passwords.txt | grep -E "^[0-9]|[0-9]$" | wc -l

Common Prefixes/Suffixes

# Extract first characters
./pipal.rb passwords.txt | head -1c | sort | uniq -c | sort -rn

# Extract last characters
./pipal.rb passwords.txt | tail -c | sort | uniq -c | sort -rn

Year Patterns

# Find passwords containing years
grep -E "(19|20)[0-9]{2}" passwords.txt | wc -l

Month/Season Patterns

# Find seasonal patterns
grep -iE "spring|summer|fall|winter|jan|feb|mar|apr" passwords.txt

Dictionary Attack Preparation

Generate Masks from Analysis

./pipal.rb passwords.txt --output analysis.html
# Use masks to generate wordlists

Extract Patterns

# Find patterns common to 70%+ of passwords
./pipal.rb passwords.txt | grep -i "70\|80\|90"

Create Targeted Wordlist

# Extract common password patterns
grep -E "^[a-z]{8}[0-9]{2}$" passwords.txt > common_pattern.txt

Mask Analysis

# Generate common masks
cat passwords.txt | while read pass; do
  echo "$pass" | sed 's/[a-z]/L/g; s/[A-Z]/U/g; s/[0-9]/D/g; s/[^LUD]/S/g'
done | sort | uniq -c | sort -rn | head -20

Character Set Analysis

Uppercase Usage

./pipal.rb passwords.txt | grep -i "uppercase\|mixed case"

Lowercase Usage

./pipal.rb passwords.txt | grep -i "lowercase only"

Digit Inclusion

./pipal.rb passwords.txt | grep -i "digit"

Special Character Analysis

./pipal.rb passwords.txt | grep -i "special\|symbol"

Full Character Set Breakdown

# Analyze all character types
./pipal.rb passwords.txt | tail -50

Report Generation

HTML Report

./pipal.rb passwords.txt --output report.html
# Open report.html in browser

Detailed Report with Filtering

./pipal.rb passwords.txt --min-length 8 --output filtered_report.html

Multiple Report Generation

# Generate reports for different analyses
./pipal.rb dump1.txt --output dump1_analysis.html
./pipal.rb dump2.txt --output dump2_analysis.html

Custom Report Processing

# Extract specific statistics for export
./pipal.rb passwords.txt > analysis.txt
cat analysis.txt | grep -E "^[0-9]|^[A-Z]" > summary.txt

Real-World Analysis Scenarios

Compromised Database Analysis

# 1. Extract password field from dump
mysql -u user -p database -e "SELECT password FROM users;" > passwords.txt

# 2. Run analysis
./pipal.rb passwords.txt --output breach_analysis.html

# 3. Identify password policy weaknesses
# Review HTML report for patterns

Rainbow Table Generation Planning

# Analyze passwords to identify most valuable targets
./pipal.rb common_passwords.txt --top 100 > top_targets.txt

# Use length distribution to focus computing resources
./pipal.rb passwords.txt | grep "Length" > length_dist.txt

Policy Compliance Verification

# Check if passwords meet minimum requirements
echo "Checking 8+ character passwords:"
./pipal.rb passwords.txt --min-length 8 | head -20

# Check mixed case usage
echo "Checking mixed case requirement:"
./pipal.rb passwords.txt | grep -i "mixed case\|uppercase"

Educational Analysis

# Analyze weak passwords
./pipal.rb weak_passwords.txt --output weak_analysis.html

# Analyze strong passwords
./pipal.rb strong_passwords.txt --output strong_analysis.html

# Compare reports to understand differences

Comparative Analysis

Compare Two Password Dumps

# Analyze first dump
./pipal.rb dump1.txt --output dump1.html

# Analyze second dump
./pipal.rb dump2.txt --output dump2.html

# Extract statistics for comparison
echo "Dump 1:" > comparison.txt
./pipal.rb dump1.txt | head -30 >> comparison.txt
echo "Dump 2:" >> comparison.txt
./pipal.rb dump2.txt | head -30 >> comparison.txt

Track Password Policy Changes

# Analyze before policy change
./pipal.rb before_policy.txt --output before.html

# Analyze after policy change
./pipal.rb after_policy.txt --output after.html

# Compare effectiveness
diff before.html after.html | grep -i "length\|special\|digit"

Advanced Usage

Processing Large Files

# Analyze very large password files
./pipal.rb /path/to/large_dump.txt --output results.html

# Filter before analysis
grep "^[a-z0-9]{8,}$" large_dump.txt > filtered.txt
./pipal.rb filtered.txt

Batch Processing

#!/bin/bash
for file in *.txt; do
  echo "Analyzing $file..."
  ./pipal.rb "$file" --output "${file%.txt}_analysis.html"
done

Extract Specific Metrics

# Get only password length statistics
./pipal.rb passwords.txt | grep -A 20 "^Length"

# Get only character set statistics
./pipal.rb passwords.txt | grep -i "character\|digit\|upper\|lower\|special"

Custom Analysis Scripts

#!/bin/bash
# Analyze password statistics comprehensively

FILE=$1
OUTPUT="${FILE%.txt}_detailed.txt"

echo "=== Password Analysis for $FILE ===" > $OUTPUT
echo "" >> $OUTPUT

echo "Total passwords:" >> $OUTPUT
wc -l < $FILE >> $OUTPUT

echo "" >> $OUTPUT
echo "Unique passwords:" >> $OUTPUT
sort -u $FILE | wc -l >> $OUTPUT

echo "" >> $OUTPUT
echo "Top 10 passwords:" >> $OUTPUT
sort | uniq -c | sort -rn | head -10 >> $OUTPUT

echo "" >> $OUTPUT
echo "Password lengths:" >> $OUTPUT
awk '{print length}' $FILE | sort -n | uniq -c >> $OUTPUT

echo "" >> $OUTPUT
echo "Pipal statistics:" >> $OUTPUT
./pipal.rb $FILE >> $OUTPUT

echo "Analysis saved to $OUTPUT"

Pattern Recognition and Insights

Identify Common Password Schemes

# Passwords starting with capital letter + lowercase
grep "^[A-Z][a-z]" passwords.txt | wc -l

# Passwords with trailing numbers
grep "[0-9]$" passwords.txt | wc -l

# Passwords with special characters
grep "[!@#$%^&*]" passwords.txt | wc -l

Detect Keyboard Patterns

# Common adjacent keyboard sequences
grep -iE "qwerty|asdfgh|zxcvbn" passwords.txt

# Sequential numbers
grep -E "[0-9][0-9][0-9][0-9]$" passwords.txt

Identify Personal Information Patterns

# Year of birth patterns
grep -E "(19[6-9][0-9]|20[0-1][0-9])" passwords.txt

# Common names
grep -iE "^john|^michael|^david|^sarah|^jennifer" passwords.txt

Generating Attack Wordlists

Extract Effective Patterns

# Analyze and extract password patterns
./pipal.rb passwords.txt --output patterns.html

# Use patterns to create targeted wordlist
cat passwords.txt | sed 's/[a-z]/l/g; s/[A-Z]/u/g; s/[0-9]/d/g' | \
  sort | uniq -c | sort -rn | head -50 > masks.txt

Create Probable Passwords List

# Extract most common passwords for dictionary
./pipal.rb passwords.txt --top 1000 > top_passwords.txt

# Use for offline attacks
./pipal.rb passwords.txt | grep "^[^0-9]*[0-9]*$" > alphanumeric.txt

Integration with Other Tools

Feed to Hashcat

# Analyze password structure
./pipal.rb passwords.txt > masks.txt

# Extract masks for hashcat
grep "Mask" masks.txt | head -20

Feed to John the Ripper

# Analyze and prepare wordlist
./pipal.rb passwords.txt | head -100 > wordlist.txt

# Use with John
john --wordlist=wordlist.txt hashes.txt

Troubleshooting

Memory Issues with Large Files

# Process file in chunks
split -l 100000 large_file.txt chunk_
for file in chunk_*; do
  ./pipal.rb "$file" --output "${file}_analysis.html"
done

Character Encoding Issues

# Convert encoding if necessary
iconv -f ISO-8859-1 -t UTF-8 passwords.txt > passwords_utf8.txt
./pipal.rb passwords_utf8.txt

Missing Dependencies

# Ensure Ruby and gems installed
ruby --version
bundle install
./pipal.rb --help

Best Practices

Secure Password Analysis

• Handle password dumps securely
• Use air-gapped systems for analysis
• Delete analyzed files securely
• Use encrypted storage for results
• Limit report distribution

Accurate Analysis

• Use complete and recent password dumps
• Account for hashing algorithms
• Consider password requirements in effect
• Document analysis methodology
• Update analysis regularly

Version and Updates

# Check for updates
cd pipal && git pull origin master
ruby -v
bundle update

Legal and Ethical Considerations

Important: Only analyze password dumps from systems you own or have explicit authorization to analyze. Unauthorized possession or analysis of password dumps is illegal. Use this tool only for authorized security research, penetration testing, or organizational security assessments. Proper documentation and legal authorization are required for all password analysis activities.