Python 3 KeePass Dictionary Attack

Github: https://github.com/0x6A6F7368/KeePassDictionaryAttack

A few years back I created a python script for a class I was teaching on password security. It is a basic script to run a dictionary attack against a KeePass database. Being that Python 2.7 EOL date is quickly approaching, I thought I might change my script to suit Python 3 – and do a quick blog post on how to run the new script.

First of all you will need to download and install the libkeepass module. This can be done using pip. If you haven’t installed pip3 you will need to do this first.

sudo apt-get install python3-pip
pip3 install libkeepass

Create a directory to store the script, and then change into the newly created directory.

cd ~ && mkdir keepassdictionaryattack
cd keepassdictionaryattack

You can supply your own password list as password.txt or download one of the many available online. I am using the 500 worst passwords list I found on Daniel Miessler’s GitHub.

Download the passwords and rename the file to passwords.txt

curl -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/500-worst-passwords.txt

mv 500-worst-passwords.txt passwords.txt

Now, download the KeePass Dictionary Attack script.

curl -O
https://raw.githubusercontent.com/0x6A6F7368/KeePassDictionaryAttack/master/KeePassAttack.py

Copy a KeePass database into ~/keepassdictionaryattack and then run the script.

python3 KeePassAttack.py

If the KeePass database is using a weak password, you may gain access to the database and all the goodies inside.