OneRuleToRuleThemStill

An revamped and optimised version of OneRuleToRuleThemAll.

OneRuleToRuleThemStill now has a ~~5%~~ ~6.9% reduction in rules (52,000 down to ~~49,465~~ 48,414) with 0% performance loss against the Lifeboat and LastFM data breaches.

Updates:

• De-duplication of resulting candidate generation (previously literal strings only)
• Added LastFM breach dataset (~21m unique hashes) for larger/better modelling
• Common non-matching rules removed (Lifeboat and LastFM)
• Ordered by frequency against LastFM

More detail can be found in the blog: https://in.security/2023/01/10/oneruletorulethemstill-new-and-improved/

<br> <h2>Free Training</h2>

I developed Password Cracking 101+1, freely available on our website at https://in.security/technical-training/password-cracking/

• 4 hours of video content split into 15 parts with hands-on challenges
• Covers basic/traditional attack techniques as well as deeper, more creative attacks (such as delimited passphrases, foreign language, emojis, non-deterministic attacks etc)
• VM to download pre-built with training challenges and answers (VirtualBox OVA format)
• Password Cracking 101+1 training channel in our Discord server to chat

<br> <h2>Credits</h2> As well as several default hashcat rules (including generated2 by https://github.com/evilmog), the following non-default rule sets were used in testing to create the original rule:

• https://github.com/praetorian-inc/Hob0Rules (d3adhob0.rule, hob064.rule)
• http://contest-2010.korelogic.com/rules-hashcat.html (KoreLogicRulesPrependRockYou50000)
• https://github.com/NSAKEY/nsa-rules (_NSAKEY.v2.dive.rule)

The tool https://github.com/mhasbini/duprule assisted during development.

Many thanks to https://github.com/hashcat/hashcat and it's team for their continual great work.

<h2>License</h2> Individual rules used will use their respective licenses if present. Additional custom rules are MIT licensed.