CUPP Common User Passwords Profiler v3 released

People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.

Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities. In password creation, as in many aspects of life, everybody tends to the original solution, but thanks to human nature, we all tend to originality in the same way, leading to almost absolute predictability.


  • 3.0 - added word length shaping function - added wordlists downloader function - added alectodb parser - fixed thresholds for word concatenations - fixed sorting in final parsing - fixed some user input validations - ascii cow now looks nicer :)
  • 2.0 - added l33t mode - added char mode - ability to make pwnsauce with other wordlists or outputs - cupp.cfg makes easier to configure
  • 1.0 - Initial release

Post scriptum

Compliance Mandates


Related Articles

Password Cracking
Penetration testing & Ethical Hacking