PassGPT: Password Modeling and (Guided) Generation with Large Language Models

“…ADaMs [51], AVAIN [55], Delta [68], Diane [70], ESRFuzzer [74], GNPassGAN [80], HILTI [82], IoTFuzzer [83], Mirage [94], NeuralNetworkCracking [100], NoCrack [103], OMEN [106], OSV [107], PassGAN [109], PassGPT [110], PasswordCrack-ingTraining [111], Pyciuti [118], SemanticGuesser [126], Snout [129], Spicy [131], Untangle [138] Reporting ESASCF [73], Firmaster [76], No Name (TTCN-3) [102], Pyciuti [118] Table B.7: PTES classification…”

“…ADaMs [51], Firmaster [76], GNPassGAN [80], LTESniffer [88], NeuralNetwork-Cracking [100], NoCrack [103], OMEN [106], PassGAN [109], PassGPT [110], Pass-wordCrackingTraining [111], SemanticGuesser [126] Discovery AVAIN [55], Cairis [60], Firmaster [76], HILTI [82], Masat [93], PenQuest [112], RT-RCT [124], Snout [129], Spicy [131], TAMELESS [134], Vulcan [ Mitre ATT&CK Tools Collection: Adversary-In-The-Middle HILTI [82], Spicy [131] Credential Access: Brute Force: Password Cracking GNPassGAN [80], PassGAN [109], PasswordCrackingTraining [111] Discovery: Cloud Infrastructure Discovery MASAT [93], VULCAN [142] Discovery: Network Service Discovery AVAIN [55], Firmaster [76], HILTI [82], RT-RCT [124], Snout [129], Spicy [131] Enterprise: Credential Access: Brute Force Firmaster [76] Enterprise: Credential Access: Network Sniffing LTESniffer [88] Enterprise: Impact: Service Stop TORPEDO [136] Enterprise: Initial Access: External Remote Services NetCAT [99] Execution Bbuzz [56], Lore [87], Mirage [94], PentestGPT…”

“…Black Widow [58], Chainsaw [62], PhpSAFE [114], TChecker [135], WAPTT [148], WebFuzz [149] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: Cross-Site Scripting (Xss): Reflected Xss Link [86] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: Sql-Injection Chainsaw [62], PhpSAFE [114], TChecker [135], WAPTT [148], WebVIM [150] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: User Uploaded Files FUSE [78] Systems Security: Authentication, Authorisation & Accountability: Authentication: Passwords ADaMs [51], GNPassGAN [80], NeuralNetwork-Cracking [100], NoCrack [103], OMEN [106], PassGAN [109], PassGPT [110], PasswordCrack-ingTraining [111], SemanticGuesser [126] Systems Security: Distributed Systems Security Cairis [60], MAL [91], PenQuest [112] Table B.10: CyBOK classification ACM CCS Tools Hardware: Emerging Technologies: Analysis And Design Of Emerging Devices And Systems: Emerging Architectures AVAIN [55], Diane [70], EBF [71], IoTFuzzer [83], Mirage [94], ROSploit [123], RT-RCT [124], Snout [129] Human-Centered Computing: Human Computer Interaction (Hci): Interactive Systems And Tools TAMELESS [134] Networks: Network Components: Intermediate Nodes: Routers ESRFuzzer…”

“…No Name (TTCN-3) [102], OSV [107], Pyciuti [118], RT-RCT [124], SuperEye [132], Vulcan [142], Vulnsloit [146] Security And Privacy: Network Security: Mobile And Wireless Security ESRFuzzer [74], Firmaster [76], LTESniffer [88], Owfuzz [108], Scanner++ [125], Snout [129], UE Security Reloaded [137] Security And Privacy: Network Security: Security Protocols HILTI [82], No Name (TTCN-3) [102], Spicy [131] Security And Privacy: Network Security: Web Protocol Security Bbuzz [56] Security And Privacy: Security Services: Authorization ADaMs [51], GNPassGAN [80], NeuralNetwork-Cracking [100], NoCrack [103], OMEN [106], PassGAN [109], PassGPT [110], PasswordCrack-ingTraining [111], SemanticGuesser [126] Security And Privacy: Software And Application Security CryptoGuard [65], VulDeePecker [144] Security And Privacy: Software And Application Security: Domain-Specific Security And Privacy Architectures ESSecA [75], MAL [91], PenQuest [112] Security And Privacy: Software And Application Security: Software Reverse Engineering RiscyROP [121], VulCNN [143] Security And Privacy: Software And Application Security: Software Security Engineering AIBugHunter [52], Chucky [63], CuPerFuzzer [66], ELAID [72], LAID…”

“…Appendix C.60. PassGPT: Password modelling and (Guided) Generation with Large Language Models PassGPT (2023, Rando et al [110]) is a tool utilizing GPT-2 architecture and trained on leaked passwords, aiming to improve password guessing and strength estimation. PassGPT incorporates vector quantization to enhance the complexity of password generation (PassVQT).…”

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

“…ADaMs [51], AVAIN [55], Delta [68], Diane [70], ESRFuzzer [74], GNPassGAN [80], HILTI [82], IoTFuzzer [83], Mirage [94], NeuralNetworkCracking [100], NoCrack [103], OMEN [106], OSV [107], PassGAN [109], PassGPT [110], PasswordCrack-ingTraining [111], Pyciuti [118], SemanticGuesser [126], Snout [129], Spicy [131], Untangle [138] Reporting ESASCF [73], Firmaster [76], No Name (TTCN-3) [102], Pyciuti [118] Table B.7: PTES classification…”

“…ADaMs [51], Firmaster [76], GNPassGAN [80], LTESniffer [88], NeuralNetwork-Cracking [100], NoCrack [103], OMEN [106], PassGAN [109], PassGPT [110], Pass-wordCrackingTraining [111], SemanticGuesser [126] Discovery AVAIN [55], Cairis [60], Firmaster [76], HILTI [82], Masat [93], PenQuest [112], RT-RCT [124], Snout [129], Spicy [131], TAMELESS [134], Vulcan [ Mitre ATT&CK Tools Collection: Adversary-In-The-Middle HILTI [82], Spicy [131] Credential Access: Brute Force: Password Cracking GNPassGAN [80], PassGAN [109], PasswordCrackingTraining [111] Discovery: Cloud Infrastructure Discovery MASAT [93], VULCAN [142] Discovery: Network Service Discovery AVAIN [55], Firmaster [76], HILTI [82], RT-RCT [124], Snout [129], Spicy [131] Enterprise: Credential Access: Brute Force Firmaster [76] Enterprise: Credential Access: Network Sniffing LTESniffer [88] Enterprise: Impact: Service Stop TORPEDO [136] Enterprise: Initial Access: External Remote Services NetCAT [99] Execution Bbuzz [56], Lore [87], Mirage [94], PentestGPT…”

“…Black Widow [58], Chainsaw [62], PhpSAFE [114], TChecker [135], WAPTT [148], WebFuzz [149] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: Cross-Site Scripting (Xss): Reflected Xss Link [86] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: Sql-Injection Chainsaw [62], PhpSAFE [114], TChecker [135], WAPTT [148], WebVIM [150] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: User Uploaded Files FUSE [78] Systems Security: Authentication, Authorisation & Accountability: Authentication: Passwords ADaMs [51], GNPassGAN [80], NeuralNetwork-Cracking [100], NoCrack [103], OMEN [106], PassGAN [109], PassGPT [110], PasswordCrack-ingTraining [111], SemanticGuesser [126] Systems Security: Distributed Systems Security Cairis [60], MAL [91], PenQuest [112] Table B.10: CyBOK classification ACM CCS Tools Hardware: Emerging Technologies: Analysis And Design Of Emerging Devices And Systems: Emerging Architectures AVAIN [55], Diane [70], EBF [71], IoTFuzzer [83], Mirage [94], ROSploit [123], RT-RCT [124], Snout [129] Human-Centered Computing: Human Computer Interaction (Hci): Interactive Systems And Tools TAMELESS [134] Networks: Network Components: Intermediate Nodes: Routers ESRFuzzer…”

“…No Name (TTCN-3) [102], OSV [107], Pyciuti [118], RT-RCT [124], SuperEye [132], Vulcan [142], Vulnsloit [146] Security And Privacy: Network Security: Mobile And Wireless Security ESRFuzzer [74], Firmaster [76], LTESniffer [88], Owfuzz [108], Scanner++ [125], Snout [129], UE Security Reloaded [137] Security And Privacy: Network Security: Security Protocols HILTI [82], No Name (TTCN-3) [102], Spicy [131] Security And Privacy: Network Security: Web Protocol Security Bbuzz [56] Security And Privacy: Security Services: Authorization ADaMs [51], GNPassGAN [80], NeuralNetwork-Cracking [100], NoCrack [103], OMEN [106], PassGAN [109], PassGPT [110], PasswordCrack-ingTraining [111], SemanticGuesser [126] Security And Privacy: Software And Application Security CryptoGuard [65], VulDeePecker [144] Security And Privacy: Software And Application Security: Domain-Specific Security And Privacy Architectures ESSecA [75], MAL [91], PenQuest [112] Security And Privacy: Software And Application Security: Software Reverse Engineering RiscyROP [121], VulCNN [143] Security And Privacy: Software And Application Security: Software Security Engineering AIBugHunter [52], Chucky [63], CuPerFuzzer [66], ELAID [72], LAID…”

“…Appendix C.60. PassGPT: Password modelling and (Guided) Generation with Large Language Models PassGPT (2023, Rando et al [110]) is a tool utilizing GPT-2 architecture and trained on leaked passwords, aiming to improve password guessing and strength estimation. PassGPT incorporates vector quantization to enhance the complexity of password generation (PassVQT).…”

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

PassTSL: Modeling Human-Created Passwords Through Two-Stage Learning