fcrackzip

fcrackzip is a fast ZIP password cracker that can recover passwords from encrypted ZIP archives using dictionary attacks, brute-force attacks, and various optimization techniques. It’s useful for penetration testing, forensics, and recovering access to password-protected ZIP files.

Installation

Install on Linux using apt:

sudo apt-get install fcrackzip

Install on macOS using Homebrew:

brew install fcrackzip

Build from source:

wget https://download.sourceforge.net/fcrackzip/fcrackzip-1.0.tar.gz
tar xzf fcrackzip-1.0.tar.gz
cd fcrackzip-1.0
./configure
make
sudo make install

Verify installation:

fcrackzip --version

Basic Usage

Crack a ZIP file with dictionary attack:

fcrackzip -D -p /path/to/wordlist.txt target.zip

Attempt all common passwords first:

fcrackzip -D target.zip

Use built-in dictionary (rockyou, common passwords):

fcrackzip -D -p rockyou.txt encrypted.zip

Show progress while cracking:

fcrackzip -v -D -p wordlist.txt target.zip

Dictionary Attack

Basic dictionary attack:

fcrackzip -D -p passwords.txt archive.zip

Dictionary attack with verbose output:

fcrackzip -D -p /usr/share/wordlists/rockyou.txt protected.zip -v

Use multiple wordlists:

fcrackzip -D -p wordlist1.txt archive.zip
fcrackzip -D -p wordlist2.txt archive.zip

Dictionary with case sensitivity:

fcrackzip -D -p wordlist.txt -c archive.zip

Dictionary with rule-based mutations (if supported):

fcrackzip -D -p wordlist.txt --mutate archive.zip

Combine wordlists:

cat wordlist1.txt wordlist2.txt > combined.txt
fcrackzip -D -p combined.txt target.zip

Brute-Force Attack

Basic brute-force with lowercase letters:

fcrackzip -b -c a target.zip

Brute-force with uppercase letters:

fcrackzip -b -c A target.zip

Brute-force with digits:

fcrackzip -b -c 1 target.zip

Brute-force with lowercase and digits:

fcrackzip -b -c a1 target.zip

Brute-force with all alphanumeric characters:

fcrackzip -b -c A a 1 target.zip

Brute-force with special characters:

fcrackzip -b -c A a 1 "!@#$%^&*()" target.zip

Brute-force custom character set:

fcrackzip -b -c "0123456789abcdef" target.zip

Charset Options

Character set flags for brute-force:

Flag	Character Set	Example
`a`	Lowercase letters	`fcrackzip -b -c a file.zip`
`A`	Uppercase letters	`fcrackzip -b -c A file.zip`
`1`	Digits 0-9	`fcrackzip -b -c 1 file.zip`
`!`	Special characters	`fcrackzip -b -c ! file.zip`
`@`	At symbol	Custom charset
Custom	User-defined	`fcrackzip -b -c "custom_chars" file.zip`

Combine character sets:

Combination	Description	Command
`a A 1`	Lowercase, uppercase, digits	`fcrackzip -b -c a A 1 file.zip`
`a 1`	Lowercase and digits	`fcrackzip -b -c a 1 file.zip`
`A 1`	Uppercase and digits	`fcrackzip -b -c A 1 file.zip`

Length Specification

Specify exact password length:

fcrackzip -b -c a -l 1 target.zip

Specify minimum length:

fcrackzip -b -c a1 -L 4 target.zip

Specify maximum length:

fcrackzip -b -c a1 -U 8 target.zip

Specify length range:

fcrackzip -b -c a1 -L 4 -U 8 target.zip

Test 6-character passwords:

fcrackzip -b -c a A 1 -l 6 target.zip

Test 8-12 character passwords:

fcrackzip -b -c a A 1 -L 8 -U 12 target.zip

Optimization and Performance

Use initial password:

fcrackzip -i password_file.txt target.zip

Start from specific password:

fcrackzip -b -c a -s aaa target.zip

Use hardware acceleration (if available):

fcrackzip -b -c a1 --hardware target.zip

Parallel processing with multiple instances:

# Split character ranges and run in parallel
fcrackzip -b -c a -s aaaa -l 4 target.zip &
fcrackzip -b -c a -s maaa -l 4 target.zip &
wait

Increase threads for multi-core systems:

fcrackzip -b -c a1 -t 4 target.zip

Benchmark Mode

Benchmark password cracking speed:

fcrackzip --benchmark

Benchmark with dictionary:

fcrackzip --benchmark -p wordlist.txt target.zip

Test cracking speed:

fcrackzip -b -c a -l 5 -B target.zip

Filtering and Selection

Only output found passwords:

fcrackzip -D -p wordlist.txt target.zip

Verbose output showing attempts:

fcrackzip -v -D -p wordlist.txt target.zip

Very verbose output:

fcrackzip -vv -D -p wordlist.txt target.zip

Quiet mode (only show results):

fcrackzip -q -D -p wordlist.txt target.zip

Show test information:

fcrackzip -h -D -p wordlist.txt target.zip

Multiple ZIP Files

Crack multiple ZIP files:

fcrackzip -D -p wordlist.txt *.zip

Batch process ZIP files:

for file in *.zip; do
  fcrackzip -D -p wordlist.txt "$file"
done

Find all ZIP files and crack:

find . -name "*.zip" -exec fcrackzip -D -p wordlist.txt {} \;

Crack with logging:

for file in *.zip; do
  echo "Processing $file"
  fcrackzip -D -p wordlist.txt "$file" | tee -a results.txt
done

Advanced Options

Use init vector (some encrypted ZIPs):

fcrackzip -b -c a -i init_vector target.zip

Set time limit for cracking:

timeout 3600 fcrackzip -b -c a1 -L 4 -U 8 target.zip

Recover partial password knowledge:

# If password starts with "admin"
fcrackzip -i <(echo "admin") -b -c 1 target.zip

Test specific password:

echo "testpass123" > test.txt
fcrackzip -D -p test.txt target.zip

Output Formats

Default output showing password:

fcrackzip -D -p wordlist.txt target.zip
# Output: found password: "correct_password"

With verbose details:

fcrackzip -v -D -p wordlist.txt target.zip
# Shows each attempt and final result

Export to file:

fcrackzip -D -p wordlist.txt target.zip > cracked.txt

Save results with timestamp:

fcrackzip -v -D -p wordlist.txt target.zip | tee cracked_$(date +%s).txt

Error Handling

Handle file not found:

# Check if ZIP file exists
test -f target.zip && fcrackzip -D -p wordlist.txt target.zip || echo "File not found"

Verify ZIP file integrity:

unzip -t target.zip
fcrackzip -D -p wordlist.txt target.zip

Handle corrupted ZIP:

# Try repair utility first
zip -FF target.zip --out repaired.zip
fcrackzip -D -p wordlist.txt repaired.zip

Skip invalid ZIP files:

for file in *.zip; do
  if unzip -t "$file" &>/dev/null; then
    fcrackzip -D -p wordlist.txt "$file"
  fi
done

Common Workflows

Workflow 1: Quick Dictionary Attack

fcrackzip -D -p /usr/share/wordlists/rockyou.txt protected.zip

Workflow 2: Thorough Brute-Force (6-8 chars, alphanumeric)

fcrackzip -b -c a A 1 -L 6 -U 8 encrypted.zip

Workflow 3: Dictionary + Brute-Force Fallback

# Try dictionary first
if ! fcrackzip -D -p wordlist.txt target.zip 2>&1 | grep -q "found"; then
  echo "Dictionary failed, starting brute-force..."
  fcrackzip -b -c a 1 -L 4 -U 6 target.zip
fi

Workflow 4: Intelligent Brute-Force (likely patterns)

# Common: lowercase + digits, 4-8 chars
fcrackzip -b -c a 1 -L 4 -U 8 target.zip

Workflow 5: Batch Processing with Results

mkdir -p cracked_files
for file in *.zip; do
  if password=$(fcrackzip -D -p wordlist.txt "$file" 2>&1 | grep "found" | awk '{print $NF}'); then
    echo "$file: $password" >> results.log
  fi
done

Performance Tips

Optimize wordlist for size:

# Remove duplicates
sort wordlist.txt | uniq > wordlist_clean.txt
fcrackzip -D -p wordlist_clean.txt target.zip

Start with most common passwords:

# Sort by frequency if available
fcrackzip -D -p <(sort wordlist.txt | head -1000) target.zip

Estimate brute-force time:

# For a 4-character lowercase password (26^4 = 456,976 possibilities)
# Rough estimate: ~30 seconds on modern CPU
fcrackzip -b -c a -l 4 --benchmark target.zip

Parallel cracking (GNU Parallel):

parallel fcrackzip -D -p {} target.zip ::: wordlist_part*.txt

Integration with Other Tools

Use with find:

find . -name "*.zip" -exec fcrackzip -D -p wordlist.txt {} \;

Pipe results to other tools:

fcrackzip -v -D -p wordlist.txt target.zip | grep "found" | awk '{print $NF}'

Extract once cracked:

if password=$(fcrackzip -D -p wordlist.txt target.zip 2>&1 | grep -oP 'found password: "\K[^"]+'); then
  unzip -P "$password" target.zip
fi

Automate extraction:

#!/bin/bash
PASS=$(fcrackzip -D -p wordlist.txt encrypted.zip 2>&1 | grep -oP 'found password: "\K[^"]+')
if [ -n "$PASS" ]; then
  unzip -P "$PASS" encrypted.zip
  echo "Extracted successfully with password: $PASS"
fi