TL,DR; download the script here.
In security audits, when we get a password file we -even though we may have admin or root access on the target already- usually grab the password file for offline cracking, just to see if there’s any passwords that users re-use, which would give us more access to other systems.
Doing so, we sometimes find passwords such as “cft6&YGVbhu8“, which by the looks of it seem secure; they have uppercase characters, special characters and numbers. When typing them, you’ll notice that they are keyboard patterns.
For this, I was wondering if it was possible to generate a list of all/many keyboard pattern based passwords, a technique referred to as “key walking“. Some tools exist already, but are often based on predefined patterns (“qwe”, “asdf”, “1qaz”, …). I wanted to make something based on a keyboard layout, so it could be extended. This is KeyWalker; a ruby script that generates keyboard pattern based passwords.
Currently, the KeyWalker script performs the following patterns:
- Parallel Sequences: This mode provides a series of parallel sequences in the same direction. This generates passwords such as “345etrdfg”.
- ZigZag: Like “1qazxsw2”, this mode provides a “back and forth” sequence on a keyboard while shifting rows / columns.
- Circle: Generates a shaped, half/full circle sequence of keys. This generates string such as “1234rfvcxz”
Some online URL’s password complexity checkers (such as nisc, passwordmeter or HowSecureIsMyPassword) check for keyboard patterns, but only detect basic sequential ones and shows that a password like “1qazXSW@3edc” is seen as “secure”, whereby it’s just a pattern.