Cupp

CUPP (Common User Passwords Profiler) is an intelligent wordlist generator that creates custom password lists based on target-specific information. It uses OSINT data to generate likely passwords for specific users.

Installation

Linux/Ubuntu

# Clone repository
git clone https://github.com/Mebus/cupp.git
cd cupp

# Make executable
chmod +x cupp.py

# Optional: Create symbolic link
sudo ln -s $(pwd)/cupp.py /usr/local/bin/cupp

macOS

# Install via Homebrew
brew install cupp

# Or from source
git clone https://github.com/Mebus/cupp.git
cd cupp
python3 -m pip install -r requirements.txt

Basic Usage

Interactive Mode

# Start interactive profiling session
python3 cupp.py -i

# Answer prompts for:
# - Target name
# - Surname
# - Birthdate
# - Birthplace
# - Company
# - Position
# - Pet names
# - Hobbies
# - Other interests

Command-Line Options

Option	Description
`-i, --interactive`	Interactive mode (guided questionnaire)
`-w, --wordlist <FILE>`	Use existing wordlist as base
`-l, --leet`	Add leetspeak variations
`-u, --uppercase`	Add uppercase variations
`-d, --download`	Download common wordlists from GHDB
`-f, --file <FILE>`	Input file with target data
`-o, --output <FILE>`	Output file for wordlist
`-m, --minlen <NUM>`	Minimum password length
`-M, --maxlen <NUM>`	Maximum password length
`-v, --verbose`	Verbose output

Interactive Profiling

Complete Profile Creation

# Run interactive mode
python3 cupp.py -i

# Expected prompts and typical responses:
# Target name: john
# Target name (surname): smith
# Birthdate (DD/MM/YY): 15/06/1985
# Birthplace: london
# Company: acme-corp
# Company position: admin
# Pet names: fluffy,rover
# Hobbies: gaming,football
# Other interests: cars,travel

# Output: john.txt (wordlist file)

Output Wordlist

# Generated wordlist includes variations like:
john
smith
john15
smith1985
fluffy
rover
gaming
football
cars
travel
john@1985
smith2001
fluffy123
# ... plus many more combinations

Command-Line Generation

From User Data

# Create wordlist file with user information
cat > user_profile.txt << EOF
Target name: admin
Surname: user
Birthdate: 01/01/1990
Birthplace: newyork
Company: corporation
Position: administrator
Pet names: max
Hobbies: coding
EOF

# Generate wordlist
python3 cupp.py -f user_profile.txt -o admin_wordlist.txt

# Add leetspeak
python3 cupp.py -f user_profile.txt -o admin_leet.txt -l

# Add uppercase variations
python3 cupp.py -f user_profile.txt -o admin_upper.txt -u

Advanced Techniques

Leet Speak Variations

# Enable leetspeak for advanced obfuscation
python3 cupp.py -i -l

# Common leetspeak mappings:
# a -> 4
# e -> 3
# i -> 1
# o -> 0
# s -> 5
# t -> 7
# l -> 1

Length Filtering

# Generate passwords of specific length
python3 cupp.py -i -m 8 -M 16

# Short passwords (8-10 chars)
python3 cupp.py -f profile.txt -o short.txt -m 8 -M 10

# Long passwords (16+ chars)
python3 cupp.py -f profile.txt -o long.txt -m 16 -M 20

Combining with Hydra

# Generate wordlist with CUPP
python3 cupp.py -i -o target_wordlist.txt

# Use with Hydra for SSH
hydra -l admin -P target_wordlist.txt ssh://target.com

# Use with Hydra for HTTP
hydra -l admin -P target_wordlist.txt http-post-form://target.com/login:user=^USER^&pass=^PASS^:Invalid

Using CUPP Dictionary

# Download and use GHDB wordlist
python3 cupp.py -d

# Generate from downloaded list
python3 cupp.py -w downloaded_wordlist.txt -o enhanced.txt -l

Real-World Profiling Scenarios

Target: IT Admin

# Collect OSINT data
# Name: Robert Johnson
# Works at: TechCorp
# Position: IT Manager
# Hobbies: Linux, security, running
# Created with CUPP:

python3 cupp.py << EOF
robert
johnson
18/04/1982
manchester
techcorp
it manager
spike
linux
security
running
EOF

# Enhanced versions
python3 cupp.py -i -l > robert_leet.txt
python3 cupp.py -i -u > robert_upper.txt
cat robert_leet.txt robert_upper.txt | sort -u > robert_full.txt

Target: Company Employee

# Profile multiple employees from LinkedIn/company page
cat > employees.txt << EOF
name:john
surname:smith
company:acme
position:developer
hobbies:python,git,aws
EOF

python3 cupp.py -f employees.txt -o employee_wordlist.txt

# Test all variations
# john, smith, asmith, jsmith, john_smith, etc.

Wordlist Enhancement

Combining CUPP Output with Other Lists

# Generate CUPP wordlist
python3 cupp.py -i -o cupp_base.txt

# Combine with existing wordlists
cat cupp_base.txt rockyou.txt | sort -u > combined_wordlist.txt

# Add variations
echo "$(cat cupp_base.txt)123" >> cupp_base.txt
echo "$(cat cupp_base.txt)!" >> cupp_base.txt
echo "$(cat cupp_base.txt)2024" >> cupp_base.txt
sort -u cupp_base.txt > final_wordlist.txt

Create Targeted Lists

# For SSH bruteforce
python3 cupp.py -i -m 8 -o ssh_wordlist.txt

# For web applications
python3 cupp.py -i -l -u -o web_wordlist.txt

# For specific user account
python3 cupp.py -f admin_profile.txt -o admin_custom.txt -l

# Combine multiple sources
cat cupp_admin.txt cupp_default.txt rockyou.txt | sort -u > complete_wordlist.txt

Integration with Other Tools

With Hydra

# Generate custom wordlist
python3 cupp.py -i -o my_wordlist.txt

# Use with Hydra
hydra -L users.txt -P my_wordlist.txt -s 22 ssh://target.com -t 4

# HTTP form login
hydra -l admin -P my_wordlist.txt http-post-form://target.com/login:username=^USER^&password=^PASS^:F=incorrect

With John the Ripper

# Generate wordlist for rules-based cracking
python3 cupp.py -i -o target_base.txt

# Apply John rules
john --wordlist=target_base.txt --rules hashfile.txt

# Or with hashcat
hashcat -m 0 hashes.txt target_base.txt

With Medusa

# Create targeted wordlist
python3 cupp.py -f profile.txt -o medusa_list.txt -l

# Run Medusa
medusa -h target.com -u admin -P medusa_list.txt -M ssh -t 4

Practical Examples

Example 1: Target Employee from LinkedIn

# OSINT gathering:
# Name: Sarah Johnson
# Company: Acme Corporation
# Position: Database Administrator
# Location: Seattle
# Birthday: July 1985
# Interests: Gardening, Travel

# Create wordlist
python3 cupp.py << 'EOF'
sarah
johnson
01/07/1985
seattle
acme
administrator
gardening
travel
EOF

# Output wordlist includes:
# sarah, johnson, sarah01, johnson85
# sarahj, sjohnson, sj1985
# gardening, travel, sarah_gardening
# Plus leetspeak: s4r4h, j0hn50n, g4rd3n1ng

Example 2: Service Account Profiling

# For automated service accounts
python3 cupp.py << 'EOF'
svc
backup
prod
service
sql
datacenter
monitoring
EOF

# Target likely variations used in corporations
# Results help crack service account passwords

Tips and Tricks

Maximize Wordlist Effectiveness

# Create profile-specific wordlist
python3 cupp.py -i -o base.txt

# Generate multiple variations
python3 cupp.py -i -o base.txt
python3 cupp.py -i -l -o leet.txt
python3 cupp.py -i -u -o upper.txt

# Combine and deduplicate
cat base.txt leet.txt upper.txt | sort -u > full.txt

# Count results
wc -l full.txt

Focus on Common Patterns

# Most likely passwords include:
# - Name + numbers (john123, sarah2024)
# - Name + company name (johnacme, sarah_corp)
# - Simple variations (john, J0hn, john!)
# - Hobbies (gardening123, travel2024)

# CUPP generates all these automatically

Troubleshooting

Large Wordlist Size

# If wordlist becomes too large
wc -l output.txt

# Filter by length
awk 'length > 6 && length < 16' wordlist.txt > filtered.txt

# Use only most common patterns
grep -E '^[a-z]+[0-9]{1,4}$' wordlist.txt > likely.txt

Improving Accuracy

# Collect more OSINT data:
# - Multiple hobbies
# - Partner/family names
# - Company information
# - Pet names
# - Sports/interests

# More data = better wordlist
python3 cupp.py -i
# Spend time answering all questions thoroughly

Best Practices

Collect thorough OSINT before generating wordlist
Include multiple hobbies and interests
Combine with date variations
Test shorter passwords first (most likely)
Use with appropriate rate limiting in attacks
Document the profile used for wordlist generation
Review top 100 passwords first
Combine CUPP output with other wordlists for breadth
Use leet and uppercase variations for modern systems
Validate findings against actual target password policies

Last updated: 2025-03-30 | CUPP GitHub