Zip password cracker in Python

Since I had never tried to write a zip password cracker, I figured it was about time.

I haven’t read through Violent Python yet, but I know that this is one of the examples from it. With that in mind, I figured this would be a good exercise and another useful tool for my arsenal.

First things first, I had to create my password protected zip file.

Python Zip Password Cracker - Archiving

When I attempted to open this file, it prompted me for a password.

Python Zip Password Cracker - Open Attempt

With the zip file in place, I created the following Python script.

import zipfile
from time import time

def main():
    try:
        myZip = zipfile.ZipFile("secret.zip")
    except zipfile.BadZipfile:
        print "[!] There was an error opening your zip file."
        return

    password = ''
    
    timeStart = time()
    with open("10_million_password_list_top_10000.txt", "r") as f:
        passes = f.readlines()
        for pass_count, x in enumerate(passes):
            password = x.strip()
            try:
                myZip.extractall(pwd = password)
                totalTime = time() - timeStart
                print "\nPassword cracked: %s\n" % password
                print "%i password attempts per second." % (pass_count/totalTime)
                return
            except Exception as e:
                if str(e[0]) == 'Bad password for file':
                    pass # TODO: properly handle exceptions?
                elif 'Error -3 while decompressing' in str(e[0]):
                    pass # TODO: properly handle exceptions?
                else:
                    print e
        print "Sorry, password not found."

if __name__ == '__main__':
	main()

This opens up the specified zip file (in this case, secret.zip), and attempts to extract it using each password in the provided wordlist one by one. If the program throws no exceptions, then it means the archive was successfully extracted (which means the password was found). In this case, it prints out the cracked password as well as how many password attempts per second it performed (for statistical purposes).

With everything in place, I grabbed a password list and fired the script up.

Python Zip Password Cracker - Execution

When I went back to the directory, I found the file that I originally hid in the archive.

Python Zip Password Cracker - Extracted Secrets

Some of my next steps will be to add better reporting about the contents and cracking status, as well as maybe looking into threading or support for other file types.

The code and updates can be found in my GitHub repository.

4 thoughts on “Zip password cracker in Python”

  1. This would work only if the password is in the dictionary.

    There is a better approach, if you have at least one unecrypted copy of the files in the archive (and they are all encrypted with the same password). Take a look at PKCrack and try to implement it in Python.

    1. Yea, for sure, but it is just a dictionary attack cracker.

      That said, PKCrack would be fun to implement in the next version. That said, it wouldn’t have worked in this example since all I had was plaintext in the archive!

      Thanks for the suggestion though, maybe brute force and plaintext attack should be something I add for a version 1.1!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.