CREDR: Credential Testing Automation Script
1. Project Overview
~I built CREDR during a penetration test when I stumbled across a credential list and found myself manually typing the same command repeatedly to test each username and password combination. It was tedious, so I whipped up this Python script to automate the process, making credential testing faster and less error-prone. It’s a simple tool, but it saved me hours—hope it helps you too! Adjust it to fit your needs, and let me know if you add any cool features.~
CREDR is a Python script designed to streamline credential testing during penetration testing. It reads usernames, passwords, and command templates from text files, provides an interactive interface with autocomplete, and generates formatted commands for testing credentials. The final command is copied to the clipboard for easy pasting into a terminal, saving time and reducing manual errors.
- Objective: Automate the process of testing credentials by generating formatted commands from predefined lists.
- Requirements: Python 3.6+, text files with usernames, passwords, and command templates.
- Hardware Used: Any system running Python (tested on Linux and Windows).
- Software Used: Python, libraries: prompt_toolkit, pyperclip.
- Skills Learned: Python scripting, library installation automation, interactive CLI design, clipboard integration.
2. Script Breakdown and Penetration Testing Relevance
Security Note: Always review code before executing. Verify integrity with the SHA256 hash provided for the full script below.
2.1 Library Installation
Relevance: Ensuring required libraries are installed automatically makes the script portable and user-friendly, especially during time-sensitive penetration tests where setting up dependencies manually can be a bottleneck.
# Function to check and install a library if it’s missing
def install_if_missing(package):
try:
importlib.import_module(package)
except ImportError:
print(f"{package} not found. Installing...")
try:
subprocess.check_call([sys.executable, "-m", "pip", "install", package])
print(f"{package} installed successfully!")
except subprocess.CalledProcessError:
print(f"Failed to install {package}. Please run 'pip install {package}' manually.")
sys.exit(1)
# List of required packages to check and install
required_packages = ["prompt_toolkit", "pyperclip"]
# Check and install all required packages
for package in required_packages:
install_if_missing(package)2.2 File Input Handling
Relevance: Reading usernames, passwords, and command templates from external files allows testers to use large credential lists (e.g., from a breach dump) and customize commands for specific tools or protocols, making the script flexible for various testing scenarios.
# Reads each file and formats correctly as *_file
with open("usernames.txt", "r") as u_file:
usernames = u_file.read().splitlines()
with open("passwords.txt", "r") as p_file:
passwords = p_file.read().splitlines()
with open("cmds.txt", "r") as cmd_file:
cmds = cmd_file.read().splitlines()
2.3 Interactive Prompt with Autocomplete
Relevance: The interactive prompt with autocomplete speeds up command selection by allowing testers to quickly navigate large lists of credentials and commands, reducing errors and improving efficiency during testing.
# Adds list options to each file
u_completer = WordCompleter(usernames)
p_completer = WordCompleter(passwords)
cmd_completer = WordCompleter(cmds)
# Binds the list function to tab key
bindings = KeyBindings()
@bindings.add('l')
def _(event):
event.app.current_buffer.complete_next()
# Shows prompts for input
session = PromptSession(key_bindings=bindings)
cmd_choice = session.prompt("Pick cmd (Tab for list of options): ", completer=cmd_completer)
u_choice = session.prompt("Pick username (Tab for list of options): ", completer=u_completer)
p_choice = session.prompt("Pick password (Tab for list of options): ", completer=p_completer)
2.4 Command Generation and Clipboard Copy
Relevance: Generating a formatted command and copying it to the clipboard allows testers to quickly paste and execute commands in a terminal, streamlining the credential testing process and minimizing manual typing errors.
# Outputs final cmd
final_cmd = cmd_choice.replace("", u_choice).replace("", p_choice)
print("Your command:", final_cmd)
# Copies cmd to clipboard
pyperclip.copy(final_cmd)
print("Command copied to clipboard!") 
%4. Conclusion
CREDR simplifies credential testing by automating command generation, making it an invaluable tool for penetration testers dealing with large credential lists. Its interactive interface and clipboard integration enhance efficiency, while its flexibility allows customization for various testing scenarios. Future enhancements could include automated testing loops or integration with other pentesting tools.
5. Full Code
Security Note: Always review code before executing. Verify integrity with SHA256 Hash: 056C55F45DD8FCE05D95FB995C089E92CF8379FC62E5D9B27DAFC30B7D00D2D7.
# Import built-in tools to check and install libraries
import importlib
import subprocess
import sys
# Function to check and install a library if it’s missing
def install_if_missing(package):
try:
# Try to import the package
importlib.import_module(package)
except ImportError:
# If it fails, install it using pip
print(f"{package} not found. Installing...")
try:
subprocess.check_call([sys.executable, "-m", "pip", "install", package])
print(f"{package} installed successfully!")
except subprocess.CalledProcessError:
print(f"Failed to install {package}. Please run 'pip install {package}' manually.")
sys.exit(1) # Exit the script if installation fails
# List of required packages to check and install
required_packages = ["prompt_toolkit", "pyperclip"]
# Check and install all required packages before proceeding
for package in required_packages:
install_if_missing(package)
# Now import the libraries—they should be available after the checks
from prompt_toolkit import PromptSession # For interactive prompts
from prompt_toolkit.completion import WordCompleter # For dropdown suggestions
from prompt_toolkit.key_binding import KeyBindings # For key bindings like Tab
import pyperclip # For clipboard copying
# Display ASCII art and instructions at the start of every run
print(" ") # add space
print(" ") # add space
print(" ██████ ██████ ██████ ██████ ██████ ") # Line 1 of "CREDR" art
print(" ██ ██ ██ ██ ██ ██ ██ ██ ") # Line 2
print(" ██ ██████ █████ ██ ██ ██████ ") # Line 3
print(" ██ ██ ██ ██ ██ ██ ██ ██ ") # Line 4
print(" ██████ ██ ██ ███████ ██████ ██ ██ ") # Line 5
print(" ") # add space
print(" ") # add space
# Reads each file and formats correctly as *_file
with open("usernames.txt", "r") as u_file:
usernames = u_file.read().splitlines()
with open("passwords.txt", "r") as p_file:
passwords = p_file.read().splitlines()
with open("cmds.txt", "r") as cmd_file:
cmds = cmd_file.read().splitlines()
# Adds list options to each file
u_completer = WordCompleter(usernames)
p_completer = WordCompleter(passwords)
cmd_completer = WordCompleter(cmds)
# Binds the list function to tab key
bindings = KeyBindings()
@bindings.add('l')
def _(event):
event.app.current_buffer.complete_next()
# Shows prompts for input
session = PromptSession(key_bindings=bindings)
cmd_choice = session.prompt("Pick cmd (Tab for list of options): ", completer=cmd_completer)
u_choice = session.prompt("Pick username (Tab for list of options): ", completer=u_completer)
p_choice = session.prompt("Pick password (Tab for list of options): ", completer=p_completer)
# Outputs final cmd
final_cmd = cmd_choice.replace("", u_choice).replace("", p_choice)
print("Your command:", final_cmd)
# Copies cmd to clipboard
pyperclip.copy(final_cmd)
print("Command copied to clipboard!")