How To Crack Password Protected Files

todays tutorial I’ll be showing you how to crack/brute-force password protected files using a tool called Zydra..

Requirements: 1.Python 3.3 or higher 2.Operating System Preferbally Debian Based Installation: 1.sudo apt-get update 2.sudo apt-get install qpdf unrar 3.git clone Zydra 5.pip3 install rarfile pyfiglet py-term 6.python3 -h

Supported Files

  • RAR Files

  • Legacy ZIP Files

  • PDF Files

  • Linux Shadow Files (zydra can find all the user’s password in the linux shadow file one after the other)


To run the app, minimal requirements are:

  • Python 3.3 or higher

  • debian-based linux distro, preferably Kali linux 2

  • qpdf and unrar packages Installing these packages on kali is as easy as running the following commands on terminal: $ sudo apt-get update $ sudo apt-get install qpdf unrar

  • some python modules in this program need to be installed manually, like: zipfile, rarfile, crypt, pyfiglet, py-term(for term module) and so on. you can use pip3 for install them example: $ pip3 install py-term notice: rar,zip and pdf files must have an extension, shadow files does not need an extension.

  • Install figlet font "epic" if it does not exists on your system: sudo wget -O /usr/share/figlet/epic.flf


This tool is only for testing and academic purposes Do not use it for illegal purposes!


  • Cracking files password using two methods: 1. dictionary method 2. brute force method

  • In the brute force method, you can specify the min length and max length of the passwords.

  • In the brute force method, you can specify the type of characters that may be used in the password.

  • There is a percent progress bar showing how much of the process has been performed.

  • Error handling.

  • One of the most important features of Zydra is the multiprocessing feature that speeds up the program. For example if you have 8 CPU cores, Zydra will use all of them for processing at the same time.


Download Zydra by cloning the Git repository: $ git clone

You can also use vagrant to automatically install and run Zydra (more information at the bottom of the page).


To get a list of all options and learn how to use this app, enter the following command: $ python3 -h


1- Dictionary search to find the password for a zip file In this example I use rockyou.txt dictionary $ python3 –f –d rockyou.txt

2- Brute force search to find the password for the users in the shadow file Minimum length of password is 4 and maximum length is 4 and we try to find passwords that are composed of numbers and symbols letters. $ python3 –f shadow –b digits,symbols –m 4 –x 4


To run Zydra using vagrant use the following command (you have to be in the same folder as the repository):

vagrant up

and once it finishes inialisation, you can run:

vagrant ssh

to connect to the virtual machine.

To exit the virtual machine just type exit in the shell.

To destroy the virtual machine run vagrant destroy.

More information regarding vagrant usage can be found here

Note: By default the Vagrantfile uses the following settings:

    vb.cpus = 4
    vb.memory = 4096

Edit the Vagrantfile and change those values to improve the performance.


  • Hamed Hosseini

A special thank to, Hamed Izadi

License Resources:


9 views0 comments

Recent Posts

See All











Share your knowledge with the world

© Copyright © 2020 Blur-hacker Ltd. All rights h.r.v