Password Cracking: Create a custom password list with cupp

If the hacker is able to obtain or crack the target's password, in many cases, this can lead to a complete breach and takeover of the account. Many people use simple passwords that are relatively easy to crack with a good list of words.

In many cases, people use words and numbers that are familiar to them. Remember that targets likely have multiple passwords and should change them frequently. This makes memorizing them very difficult. As a result, they try to use familiar words and numbers, such as their child's name and date of birth, their wedding anniversary, etc. Admit it, you probably have too!

If we can gather this information about the target using OSINT methods, we may be able to create a custom, potential password list that could save us hours, days, or weeks from using a brute-force attack on the password their access.

We have a special tool that can generate custom password lists based on some basic information about the target. It's called cupp or Common User Password Profiler.


Download and install cupp

Cupp isn't built into Kali, so you'll need to download it from

kali > git clone


Next we need to go to our new cupp directory.

kali > cd cupp

To run cupp's help screen, we simply type,

kali > ./


As you can see, cupp is a simple tool with only a few options. To start cupp in interactive mode, type the command cupp followed by the command -i,

kali > ./cupp -i


By running the command, cupp goes into interactive mode and starts asking us questions about the target, such as name, birthday, partner, pet's name, child's name, etc.


I filled in the information as Elliot Alderson – the main character of the TV series Mr. Robot – when he was targeting his psychologist, Krista Gordon (some of you may remember Elliot breaking her code in season #1. That's probably how he did it). When she asked for her partner's name, I put in Mike, and when asked for a special word, I put in Dylan (Elliot had learned that Bob Dylan was her favorite artist from her Facebook page).

When cupp finishes its work, it puts all possible passwords (5832 in this case) into a file named Krista.txt. We can see the contents of this file by typing,

kali > cat krista.txt


As you can see above, cupp started using variations of her date of birth…

And then variations on the name of her favorite musician (Dylan)…


…and then variations of his name.

There is a good chance that the target's password is in this custom password list.


Password cracking is the art and science of finding the target's password. If you succeed, you can probably gain complete control of the target and possibly their entire life!

Instead of jumping right into time-consuming and tedious brute-force password cracking, try your most frequently used passwords first. Our analysis shows that about 35% of passwords are in the top 1 million most frequently used passwords. If that fails, try developing a custom password list using cupp from the information you can glean with OSINT skills. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Password cracking

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).