ZipKrack — ZIP Password Cracker
A fast, lightweight command-line tool for cracking passwords of encrypted ZIP files using dictionary attacks. ZipKrack requires zero external dependencies — it runs entirely on the Python standard library — and supports both an interactive prompt and full CLI argument mode for scripting integration.
Prerequisites
- Python 3.x
- Windows / Linux / macOS
- A password wordlist (e.g.
rockyou.txt)
Installation
git clone https://github.com/pulgaa/zipkrack.git
cd zipkrack
No pip install needed — ZipKrack uses only Python standard libraries.
How It Works
ZipKrack reads a user-supplied wordlist and attempts each password against the target ZIP file using Python's built-in zipfile module. On each attempt, the current password is printed to the terminal in real time. When the correct password is found, the tool automatically extracts the archive contents, logs the password to a timestamped file, and reports performance statistics.
Wordlist (.txt)
│
▼
┌──────────────────────┐
│ For each password: │
│ zipfile.extractall │──▶ Wrong? → next password
│ with pwd attempt │
└──────────────────────┘
│ Correct
▼
┌──────────────────────┐
│ Auto-extract files │
│ Log password (.txt) │
│ Print stats │
└──────────────────────┘
Step 1: CLI Mode
python zipcracker.py -z <zipfile> -w <wordlist> [-o <output_dir>]
| Argument | Description |
|---|---|
-z, --zipfile |
Path to the encrypted ZIP file |
-w, --wordlist |
Path to the password wordlist |
-o, --output |
Directory to extract files to (default: Extract) |
--version |
Show tool name and version |
Example
python zipcracker.py -z secret.zip -w rockyou.txt -o decrypted/
Step 2: Interactive Mode
Run without arguments to enter interactive mode:
python zipcracker.py
You'll be prompted to provide the ZIP file and wordlist paths. Type quit or exit at any prompt to close the tool.
Step 3: Review Output
On a successful crack, ZipKrack displays the ASCII banner, the found password, and performance stats:
______ _ __ _
|__ (_)_ __ | |/ /_ __ __ _ ___| | __
/ /| | '_ \| ' /| '__/ _` |/ __| |/ /
/ /_| | |_) | . \| | | (_| | (__| <
/____|_| .__/|_|\_\_| \__,_|\___|_|\_\
|_| Coded by pulgaa
Attemping password: dragon123
Found password: dragon123
Password stored in 26-03-27_17-08-53.txt.
Elapsed Time: 00:00:04
Attempted a total of 1337 passwords.
The found password is automatically saved to a timestamped .txt file in the working directory for later reference.
Features
| Feature | Description |
|---|---|
| Dictionary Attack | Crack ZIP passwords using any wordlist |
| Real-time Feedback | Watch each password attempt live in the terminal |
| Auto-Extraction | Automatically extracts ZIP contents on success |
| Password Logging | Saves the found password to a timestamped .txt file |
| Performance Stats | Reports elapsed time and total attempts |
| Dual Mode | Full CLI argument support and interactive prompt |
Recommended Wordlists
- rockyou.txt — ~14 million real-world passwords
- SecLists — A collection of multiple password lists
- CrackStation — Large-scale wordlists
🛠️ Tools & Techniques
- Language: Python 3.x (standard library only)
- ZIP handling:
zipfilemodule — password brute-force viaextractall(pwd=...) - CLI:
argparsewith interactive fallback - Logging: Timestamped password output files
⚠️ Disclaimer
This tool is intended for educational and authorized security testing purposes only. Unauthorized access to files you do not own is illegal. Always obtain explicit permission before testing. The author is not responsible for any misuse.