Maskprocessor is a specialized utility designed to generate password candidates based on mask patterns. It’s a companion tool to Hashcat, used for creating targeted wordlists in password cracking operations. By using pattern-based masks rather than generating all possible combinations, Maskprocessor dramatically reduces wordlist size while focusing on likely password patterns. Essential for penetration testers, security researchers, and authorized password recovery operations.
sudo apt-get update
sudo apt-get install maskprocessor
mp64 --version # Verify installation (64-bit)
mp32 --version # 32-bit version if needed
sudo yum install maskprocessor
# Or newer systems
sudo dnf install maskprocessor
mp64 --version
brew install maskprocessor
mp64 --version
# Clone repository
git clone https://github.com/hashcat/maskprocessor.git
cd maskprocessor
# Compile (requires GCC)
./install.sh
# Verify
./mp64 --version
# Download from hashcat.net
# Extract to Program Files
# Add to PATH
setx PATH "%PATH%;C:\Program Files\maskprocessor"
mp64.exe --version
| Character | Represents | Example |
|---|
l | Lowercase letter (a-z) | abc… |
u | Uppercase letter (A-Z) | ABC… |
d | Digit (0-9) | 0123456789 |
s | Special character | !@#$%^&*… |
a | All printable ASCII | All characters |
b | Custom charset (user-defined) | As defined |
? | Literal question mark | ? |
| Mask | Description | Example Candidates |
|---|
?l?l?l?l | 4 lowercase | aaaa, aaab, … zzzz |
?d?d?d?d | 4 digits (PIN) | 0000, 0001, … 9999 |
?u?l?l?l | Capitalized word | Aaaa, Aaab, … Zzzz |
?l?l?l?d?d | Word + 2 numbers | aaa00, aaa01, … zzz99 |
?d?d-?d?d-?d?d?d?d | Phone format | 00-00-0000 … 99-99-9999 |
# Generate 4-digit PINs
mp64 '?d?d?d?d' > pins_4digit.txt
# Generate 4-letter lowercase words
mp64 '?l?l?l?l' > words_4letter.txt
# Generate capitalized 5-letter words
mp64 '?u?l?l?l?l' > words_capitalized.txt
# Common pattern: word + number
mp64 '?l?l?l?l?d' > passwords_word1digit.txt
# Common pattern: Capitalized word + number + special
mp64 '?u?l?l?l?d?s' > passwords_complex.txt
# LinkedIn style: FirstnameLastname + year
mp64 '?u?l?l?l?u?l?l?l?d?d?d?d' > linkedin_style.txt
# Generate only 4-character passwords
mp64 -1 '?l?l?l?l' > 4char_only.txt
# Generate passwords from 5-10 characters
mp64 -1 '?l?l?l?l?l' > min_5.txt
mp64 -1 '?u?l?l?l?l?d?d?d?d?d' > max_10.txt
# Charset 1: uppercase + numbers only
mp64 -1 '?u?d' '?1?1?1?1' > uppercase_numbers.txt
# Charset 1: keyboard special chars
mp64 -1 '!@#$%' '?l?l?l?l?1' > password_special.txt
# Charset 1: common lowercase endings
mp64 -1 'ly\!ing' '?u?l?l?l?1' > adjectives.txt
# -1 through -4 for up to 4 custom charsets
# Charset 1: vowels
# Charset 2: consonants
mp64 -1 'aeiou' -2 'bcdfg' '?2?1?2?1' > vowel_pattern.txt
# Complex multi-charset
# -1: numbers
# -2: special
# -3: lowercase
mp64 -1 '0123456789' \
-2 '!@#$%' \
-3 'abcdefgh' \
'?3?3?1?2' > complex_pattern.txt
# Standard login password (8 chars)
mp64 '?u?l?l?l?l?d?d?d' > standard_login.txt
# Website registration (word + number + special)
mp64 '?u?l?l?l?l?d?d?s' > website_password.txt
# Bank PIN variations
mp64 '?d?d?d?d' > pin_4.txt
mp64 '?d?d?d?d?d?d' > pin_6.txt
# Date-based passwords (common default)
mp64 '?d?d?d?d?d?d?d?d' > dates_MMDDYYYY.txt
# Generate passwords of increasing length
mp64 '?l' > length_1.txt # 1 char
mp64 '?l?l' > length_2.txt # 2 chars
mp64 '?l?l?l' > length_3.txt # 3 chars
mp64 '?l?l?l?l' > length_4.txt # 4 chars
# Combine all
cat length_*.txt > incremental.txt
# Create wordlist for Hashcat attack
mp64 '?l?l?l?l?d?d' > candidates.txt
# Use with Hashcat
hashcat -m 0 -a 0 hashes.txt candidates.txt
# Direct piping to Hashcat
mp64 '?u?l?l?l?d?d' | hashcat -m 0 -a 0 hashes.txt
# Generate and pipe directly (no file creation)
mp64 '?l?l?l?l' | hashcat -m 1000 -a 0 ntlm_hashes.txt
# Large wordlist processing
mp64 '?a?a?a?a?a?a?a?a' | hashcat -m 0 -a 0 hashes.txt
# Generate password + suffix patterns
# Use dictionary word as base
mp64 'password?d?d' > password_variations.txt
# Number + word pattern
mp64 '?d?d?d?l?l?l?l' > number_word.txt
# Generate month abbreviations + year
mp64 'jan?d?d?d?d' > jan_year.txt
mp64 'feb?d?d?d?d' > feb_year.txt
# Create base dictionary
cat > bases.txt << EOF
admin
password
welcome
passw0rd
EOF
# Suffix with numbers
while read word; do
mp64 "$word?d?d?d?d" >> hybrid_candidates.txt
done < bases.txt
# Or prefix with special chars
while read word; do
mp64 '?s?s'"$word" >> special_prefix.txt
done < bases.txt
# Count generated candidates before creating file
mp64 --stdout '?l?l?l?l' | wc -l
# Estimate for larger masks
mp64 --stdout '?a?a?a?a?a?a' | wc -l
# Get size estimate only
mp64 '?l?l?l?l?d?d?d?d' 2>&1 | grep -i candidates
# Use --stdout to stream (memory efficient)
mp64 --stdout '?l?l?l?l?d?d' | hashcat -m 0 -a 0 hashes.txt
# Avoid creating large files on disk
mp64 --stdout '?a?a?a?a?a?a' > /dev/null # Estimate time
# Parallel generation
mp64 --increment '?l?l?l' &
mp64 --increment '?d?d?d' &
wait
# Generate in batches with checkpoint
mp64 --start-pos 1000000 '?l?l?l?l?l?l' > batch_large.txt
# Continue from position
mp64 --start-pos 5000000 '?l?l?l?l?l?l' >> batch_large.txt
# Or use Hashcat resume for distributed work
hashcat -m 0 -a 0 --restore hashes.txt
# Test common corporate patterns
# Company name + number
mp64 'Company?d?d?d?d' > company_passwords.txt
# First + last initial + number
mp64 '?u?l?u?l?d?d?d?d' > initials_numbers.txt
# Department + role + year
mp64 'IT?u?u?d?d?d?d' > department_passwords.txt
# Seasonal (summer2024, fall2024, etc.)
mp64 'summer?d?d?d?d' > seasonal.txt
mp64 'winter?d?d?d?d' >> seasonal.txt
# Common router/device patterns
mp64 'admin?d?d?d?d' > iot_admin.txt
mp64 'root?d?d?d?d' > iot_root.txt
mp64 '?d?d?d?d?d?d?d?d' > iot_pin.txt
# Manufacturer defaults with variations
mp64 'TP-Link?d?d?d?d' > tplink.txt
mp64 'Linksys?d?d?d?d' > linksys.txt
# Common pet name + numbers
mp64 'fluffy?d?d?d?d' > pet_names.txt
mp64 'mittens?d?d?d?d' >> pet_names.txt
# Birth year variations
mp64 '?d?d?d?d?l?l?l?l' > year_month.txt
# Child's name + birthday (common pattern)
mp64 'Sarah?d?d?d?d' > family_based.txt
# Focus on statistically likely patterns
# 80% of passwords are: word + numbers + special
# Most common: 3 letters + 2 numbers
mp64 '?l?l?l?d?d' > high_prob.txt
# Add variations of most common formats
mp64 '?u?l?l?d?d' >> high_prob.txt
mp64 '?l?l?l?s?d' >> high_prob.txt
# Use with Hashcat
hashcat -m 0 -a 0 --workload-profile=4 hashes.txt high_prob.txt
# Create masks for rainbow table generation
# Smaller masks first (better coverage)
mp64 '?l?l?l' > rt_3char.txt
mp64 '?l?l?l?l' > rt_4char.txt
mp64 '?u?l?l?l?d?d' > rt_standard.txt
# Generate corresponding hashes
while read password; do
echo -n "$password" | md5sum
done < rt_4char.txt > rainbow_table.txt
# Create organized directory structure
mkdir -p wordlists/{length,type,complex}
# Generate by length
mp64 '?l?l?l' > wordlists/length/3_lowercase.txt
mp64 '?l?l?l?l' > wordlists/length/4_lowercase.txt
# Generate by type
mp64 '?d?d?d?d' > wordlists/type/pin_4.txt
mp64 '?u?l?l?l?d?d' > wordlists/type/standard.txt
# Generate by complexity
mp64 '?a?a?a?a?a?a' > wordlists/complex/8_all_chars.txt
# Combine multiple wordlists
cat wordlists/type/*.txt > merged.txt
# Remove duplicates (maintains size optimization)
sort -u merged.txt > merged_unique.txt
# Count total candidates
wc -l merged_unique.txt
# Find overlaps between lists
comm -12 <(sort list1.txt) <(sort list2.txt) > common.txt
# Use -O flag for optimized mode (faster but some loss)
mp64 -O '?l?l?l?l?d?d?d?d' > optimized.txt
# Increment mode (tries all lengths up to max)
mp64 --increment '?l?d?d?d' > incremental.txt
# Custom increment
mp64 --increment --increment-min 4 --increment-max 8 '?l' > custom_increment.txt
# Stream mode for large candidates (no disk write)
time mp64 --stdout '?a?a?a?a?a?a?a' | wc -l
# CPU usage monitoring
watch -n 1 'ps aux | grep mp64'
# Parallel execution
(mp64 --stdout '?l?l?l' &) | (mp64 --stdout '?d?d?d' &) | wc -l
| Issue | Solution |
|---|
| ”Illegal mask” | Check character validity; use ?l not ?a for literals |
| ”No space left” | Use --stdout to pipe directly; avoid saving large files |
| ”Slow generation” | Reduce mask complexity; use smaller character sets |
| ”File too large” | Generate in batches; use streaming mode with Hashcat |
| ”Out of memory” | Stream instead of buffering; reduce custom charsets |
# Check version and build
mp64 --version
# Test basic generation
mp64 '?l?l?l' | head -5
# Test with custom charset
mp64 -1 '0123456789' '?1?1?1?1' | head -5
# Verify Hashcat integration
hashcat --version
1. Start with most likely patterns
2. Focus on high-probability candidates
3. Use contextual knowledge (company, user info)
4. Combine dictionary + masks
5. Test incrementally (length 3, 4, 5, ...)
6. Monitor progress and adjust patterns
7. Archive successful candidates
Authorized use cases:
✓ Penetration testing with written authorization
✓ Password recovery for owned systems
✓ Security research in controlled environments
✓ Educational demonstrations
Prohibited use:
✗ Unauthorized access to systems
✗ Cracking others' passwords without permission
✗ Brute forcing without authorization
✗ Circumventing authentication systems
- Hashcat: GPU-accelerated password cracking engine
- John the Ripper: Multi-format password cracker
- Rockyou.txt: Comprehensive password dictionary
- CeWL: Custom wordlist generation from websites
- PWDUMP: Windows password hash extraction
- Medusa: Parallel network login brute-forcer
