Overview
Maskprocessor is a specialized utility designed to generate password candidates based on mask patterns. It’s a companion tool to Hashcat, used for creating targeted wordlists in password cracking operations. By using pattern-based masks rather than generating all possible combinations, Maskprocessor dramatically reduces wordlist size while focusing on likely password patterns. Essential for penetration testers, security researchers, and authorized password recovery operations.
Installation
Linux (Debian/Ubuntu)
sudo apt-get update
sudo apt-get install maskprocessor
mp64 --version # Verify installation (64-bit)
mp32 --version # 32-bit version if needed
Linux (RHEL/CentOS/Fedora)
sudo yum install maskprocessor
# Or newer systems
sudo dnf install maskprocessor
mp64 --version
macOS
brew install maskprocessor
mp64 --version
Build from Source
# Clone repository
git clone https://github.com/hashcat/maskprocessor.git
cd maskprocessor
# Compile (requires GCC)
./install.sh
# Verify
./mp64 --version
Windows
# Download from hashcat.net
# Extract to Program Files
# Add to PATH
setx PATH "%PATH%;C:\Program Files\maskprocessor"
mp64.exe --version
Mask Syntax and Fundamentals
Basic Mask Characters
| Character | Represents | Example |
|---|
l | Lowercase letter (a-z) | abc… |
u | Uppercase letter (A-Z) | ABC… |
d | Digit (0-9) | 0123456789 |
s | Special character | !@#$%^&*… |
a | All printable ASCII | All characters |
b | Custom charset (user-defined) | As defined |
? | Literal question mark | ? |
Mask Examples
| Mask | Description | Example Candidates |
|---|
?l?l?l?l | 4 lowercase | aaaa, aaab, … zzzz |
?d?d?d?d | 4 digits (PIN) | 0000, 0001, … 9999 |
?u?l?l?l | Capitalized word | Aaaa, Aaab, … Zzzz |
?l?l?l?d?d | Word + 2 numbers | aaa00, aaa01, … zzz99 |
?d?d-?d?d-?d?d?d?d | Phone format | 00-00-0000 … 99-99-9999 |
Basic Wordlist Generation
Generate Simple Patterns
# Generate 4-digit PINs
mp64 '?d?d?d?d' > pins_4digit.txt
# Generate 4-letter lowercase words
mp64 '?l?l?l?l' > words_4letter.txt
# Generate capitalized 5-letter words
mp64 '?u?l?l?l?l' > words_capitalized.txt
Password-Like Patterns
# Common pattern: word + number
mp64 '?l?l?l?l?d' > passwords_word1digit.txt
# Common pattern: Capitalized word + number + special
mp64 '?u?l?l?l?d?s' > passwords_complex.txt
# LinkedIn style: FirstnameLastname + year
mp64 '?u?l?l?l?u?l?l?l?d?d?d?d' > linkedin_style.txt
Generate with Size Limits
# Generate only 4-character passwords
mp64 -1 '?l?l?l?l' > 4char_only.txt
# Generate passwords from 5-10 characters
mp64 -1 '?l?l?l?l?l' > min_5.txt
mp64 -1 '?u?l?l?l?l?d?d?d?d?d' > max_10.txt
Custom Character Sets
Define Custom Charsets
# Charset 1: uppercase + numbers only
mp64 -1 '?u?d' '?1?1?1?1' > uppercase_numbers.txt
# Charset 1: keyboard special chars
mp64 -1 '!@#$%' '?l?l?l?l?1' > password_special.txt
# Charset 1: common lowercase endings
mp64 -1 'ly\!ing' '?u?l?l?l?1' > adjectives.txt
Multiple Custom Charsets
# -1 through -4 for up to 4 custom charsets
# Charset 1: vowels
# Charset 2: consonants
mp64 -1 'aeiou' -2 'bcdfg' '?2?1?2?1' > vowel_pattern.txt
# Complex multi-charset
# -1: numbers
# -2: special
# -3: lowercase
mp64 -1 '0123456789' \
-2 '!@#$%' \
-3 'abcdefgh' \
'?3?3?1?2' > complex_pattern.txt
Advanced Mask Patterns
Common Password Structure Masks
# Standard login password (8 chars)
mp64 '?u?l?l?l?l?d?d?d' > standard_login.txt
# Website registration (word + number + special)
mp64 '?u?l?l?l?l?d?d?s' > website_password.txt
# Bank PIN variations
mp64 '?d?d?d?d' > pin_4.txt
mp64 '?d?d?d?d?d?d' > pin_6.txt
# Date-based passwords (common default)
mp64 '?d?d?d?d?d?d?d?d' > dates_MMDDYYYY.txt
Incremental Mask Generation
# Generate passwords of increasing length
mp64 '?l' > length_1.txt # 1 char
mp64 '?l?l' > length_2.txt # 2 chars
mp64 '?l?l?l' > length_3.txt # 3 chars
mp64 '?l?l?l?l' > length_4.txt # 4 chars
# Combine all
cat length_*.txt > incremental.txt
Integration with Hashcat
Generate Candidates for Hashcat
# Create wordlist for Hashcat attack
mp64 '?l?l?l?l?d?d' > candidates.txt
# Use with Hashcat
hashcat -m 0 -a 0 hashes.txt candidates.txt
# Direct piping to Hashcat
mp64 '?u?l?l?l?d?d' | hashcat -m 0 -a 0 hashes.txt
Mask-Based Attacks
# Generate and pipe directly (no file creation)
mp64 '?l?l?l?l' | hashcat -m 1000 -a 0 ntlm_hashes.txt
# Large wordlist processing
mp64 '?a?a?a?a?a?a?a?a' | hashcat -m 0 -a 0 hashes.txt
Dictionary and Mangling Integration
Combine with Dictionary Words
# Generate password + suffix patterns
# Use dictionary word as base
mp64 'password?d?d' > password_variations.txt
# Number + word pattern
mp64 '?d?d?d?l?l?l?l' > number_word.txt
# Generate month abbreviations + year
mp64 'jan?d?d?d?d' > jan_year.txt
mp64 'feb?d?d?d?d' > feb_year.txt
Hybrid Approach
# Create base dictionary
cat > bases.txt << EOF
admin
password
welcome
passw0rd
EOF
# Suffix with numbers
while read word; do
mp64 "$word?d?d?d?d" >> hybrid_candidates.txt
done < bases.txt
# Or prefix with special chars
while read word; do
mp64 '?s?s'"$word" >> special_prefix.txt
done < bases.txt
Estimate Wordlist Size
# Count generated candidates before creating file
mp64 --stdout '?l?l?l?l' | wc -l
# Estimate for larger masks
mp64 --stdout '?a?a?a?a?a?a' | wc -l
# Get size estimate only
mp64 '?l?l?l?l?d?d?d?d' 2>&1 | grep -i candidates
Generate Efficiently
# Use --stdout to stream (memory efficient)
mp64 --stdout '?l?l?l?l?d?d' | hashcat -m 0 -a 0 hashes.txt
# Avoid creating large files on disk
mp64 --stdout '?a?a?a?a?a?a' > /dev/null # Estimate time
# Parallel generation
mp64 --increment '?l?l?l' &
mp64 --increment '?d?d?d' &
wait
Resume and Batch Processing
# Generate in batches with checkpoint
mp64 --start-pos 1000000 '?l?l?l?l?l?l' > batch_large.txt
# Continue from position
mp64 --start-pos 5000000 '?l?l?l?l?l?l' >> batch_large.txt
# Or use Hashcat resume for distributed work
hashcat -m 0 -a 0 --restore hashes.txt
Real-World Scenarios
Corporate Password Testing
# Test common corporate patterns
# Company name + number
mp64 'Company?d?d?d?d' > company_passwords.txt
# First + last initial + number
mp64 '?u?l?u?l?d?d?d?d' > initials_numbers.txt
# Department + role + year
mp64 'IT?u?u?d?d?d?d' > department_passwords.txt
# Seasonal (summer2024, fall2024, etc.)
mp64 'summer?d?d?d?d' > seasonal.txt
mp64 'winter?d?d?d?d' >> seasonal.txt
IoT Device Default Passwords
# Common router/device patterns
mp64 'admin?d?d?d?d' > iot_admin.txt
mp64 'root?d?d?d?d' > iot_root.txt
mp64 '?d?d?d?d?d?d?d?d' > iot_pin.txt
# Manufacturer defaults with variations
mp64 'TP-Link?d?d?d?d' > tplink.txt
mp64 'Linksys?d?d?d?d' > linksys.txt
Social Engineering Based
# Common pet name + numbers
mp64 'fluffy?d?d?d?d' > pet_names.txt
mp64 'mittens?d?d?d?d' >> pet_names.txt
# Birth year variations
mp64 '?d?d?d?d?l?l?l?l' > year_month.txt
# Child's name + birthday (common pattern)
mp64 'Sarah?d?d?d?d' > family_based.txt
Advanced Techniques
Probabilistic Mask Attack
# Focus on statistically likely patterns
# 80% of passwords are: word + numbers + special
# Most common: 3 letters + 2 numbers
mp64 '?l?l?l?d?d' > high_prob.txt
# Add variations of most common formats
mp64 '?u?l?l?d?d' >> high_prob.txt
mp64 '?l?l?l?s?d' >> high_prob.txt
# Use with Hashcat
hashcat -m 0 -a 0 --workload-profile=4 hashes.txt high_prob.txt
Rainbow Table Generation
# Create masks for rainbow table generation
# Smaller masks first (better coverage)
mp64 '?l?l?l' > rt_3char.txt
mp64 '?l?l?l?l' > rt_4char.txt
mp64 '?u?l?l?l?d?d' > rt_standard.txt
# Generate corresponding hashes
while read password; do
echo -n "$password" | md5sum
done < rt_4char.txt > rainbow_table.txt
Output and Management
Organize Generated Wordlists
# Create organized directory structure
mkdir -p wordlists/{length,type,complex}
# Generate by length
mp64 '?l?l?l' > wordlists/length/3_lowercase.txt
mp64 '?l?l?l?l' > wordlists/length/4_lowercase.txt
# Generate by type
mp64 '?d?d?d?d' > wordlists/type/pin_4.txt
mp64 '?u?l?l?l?d?d' > wordlists/type/standard.txt
# Generate by complexity
mp64 '?a?a?a?a?a?a' > wordlists/complex/8_all_chars.txt
Merge and Deduplicate
# Combine multiple wordlists
cat wordlists/type/*.txt > merged.txt
# Remove duplicates (maintains size optimization)
sort -u merged.txt > merged_unique.txt
# Count total candidates
wc -l merged_unique.txt
# Find overlaps between lists
comm -12 <(sort list1.txt) <(sort list2.txt) > common.txt
Configuration and Optimization
# Use -O flag for optimized mode (faster but some loss)
mp64 -O '?l?l?l?l?d?d?d?d' > optimized.txt
# Increment mode (tries all lengths up to max)
mp64 --increment '?l?d?d?d' > incremental.txt
# Custom increment
mp64 --increment --increment-min 4 --increment-max 8 '?l' > custom_increment.txt
Memory and Speed Considerations
# Stream mode for large candidates (no disk write)
time mp64 --stdout '?a?a?a?a?a?a?a' | wc -l
# CPU usage monitoring
watch -n 1 'ps aux | grep mp64'
# Parallel execution
(mp64 --stdout '?l?l?l' &) | (mp64 --stdout '?d?d?d' &) | wc -l
Troubleshooting
Common Issues and Solutions
| Issue | Solution |
|---|
| ”Illegal mask” | Check character validity; use ?l not ?a for literals |
| ”No space left” | Use --stdout to pipe directly; avoid saving large files |
| ”Slow generation” | Reduce mask complexity; use smaller character sets |
| ”File too large” | Generate in batches; use streaming mode with Hashcat |
| ”Out of memory” | Stream instead of buffering; reduce custom charsets |
Verify Installation
# Check version and build
mp64 --version
# Test basic generation
mp64 '?l?l?l' | head -5
# Test with custom charset
mp64 -1 '0123456789' '?1?1?1?1' | head -5
# Verify Hashcat integration
hashcat --version
Best Practices
Effective Wordlist Strategy
1. Start with most likely patterns
2. Focus on high-probability candidates
3. Use contextual knowledge (company, user info)
4. Combine dictionary + masks
5. Test incrementally (length 3, 4, 5, ...)
6. Monitor progress and adjust patterns
7. Archive successful candidates
Legal and Ethical Use
Authorized use cases:
✓ Penetration testing with written authorization
✓ Password recovery for owned systems
✓ Security research in controlled environments
✓ Educational demonstrations
Prohibited use:
✗ Unauthorized access to systems
✗ Cracking others' passwords without permission
✗ Brute forcing without authorization
✗ Circumventing authentication systems
See Also
- Hashcat: GPU-accelerated password cracking engine
- John the Ripper: Multi-format password cracker
- Rockyou.txt: Comprehensive password dictionary
- CeWL: Custom wordlist generation from websites
- PWDUMP: Windows password hash extraction
- Medusa: Parallel network login brute-forcer
