I am often asked to evaluate a list of passwords. The evaluation sometimes goes like this, how many passwords only have upper, lower-case, and numeric passwords and not special characters. Below is a script to evaluate a list of passwords for this and length of the passwords. This script does not handle unicode characters being in the passwords.
#!/usr/bin/python3
# Script to Evaluate the Strength of Passwords and Length
import re
f = open("temp.txt", encoding="utf-8", errors="ignore")
countNumeric = 0
countLowerCase = 0
countLowerCaseNumber = 0
countUpperCase = 0
countUpperCaseNumber = 0
countUpperLowerCase = 0
countUpperLowerCaseNumber = 0
countUpperLowerCaseNumberSpecial = 0
countTotal = 0
lengthLess8 = 0
length8to12 = 0
length13to16 = 0
length17to20 = 0
length21to32 = 0
length33up = 0
for line in f:
line = line.strip()
strLength = len(line)
# All lower-case password
numericExpression = '^[0-9]{' + str(strLength) + '}$'
if re.match(numericExpression, line): countNumeric += 1
lowerCaseExpression = '^[a-z]{' + str(strLength) + '}$'
if re.match(lowerCaseExpression, line): countLowerCase += 1
lowerCaseNumericExpression = '^[a-z0-9]{' + str(strLength) + '}$'
if re.match(lowerCaseNumericExpression, line): countLowerCaseNumber += 1
upperCaseExpression = '^[A-Z]{' + str(strLength) + '}$'
if re.match(upperCaseExpression, line): countUpperCase += 1
upperCaseNumberExpression = '^[A-Z0-9]{' + str(strLength) + '}$'
if re.match(upperCaseNumberExpression, line): countUpperCaseNumber += 1
upperLowerCaseExpression = '^[A-Za-z]{' + str(strLength) + '}$'
if re.match(upperLowerCaseExpression, line): countUpperLowerCase += 1
upperLowerCaseNumericExpression = '^[A-Za-z0-9]{' + str(strLength) + '}$'
if re.match(upperLowerCaseNumericExpression, line): countUpperLowerCaseNumber += 1
upperLowerCaseNumericSpecialExpression = '^[A-Za-z0-9,.!@#$%^&?\[\]<>*_\-=+ \'"()`\.,;:/\\x5c~|]{' + str(strLength) + '}$' # \x5c = \
if re.match(upperLowerCaseNumericSpecialExpression, line):
countUpperLowerCaseNumberSpecial += 1
#else:
# print(line)
if len(line) < 8: lengthLess8 += 1
if len(line) >= 8 and len(line) <= 12: length8to12 += 1
if len(line) >= 13 and len(line) <= 16: length13to16 += 1
if len(line) >= 17 and len(line) <= 20: length17to20 += 1
if len(line) >= 21 and len(line) <= 32: length21to32 += 1
if len(line) >= 33: length33up += 1
countTotal += 1
#print(line)
print("Total Passwords in List: " + str(countTotal))
print("All numeric only passwords: " + str(countNumeric))
print("All lower-case only passwords: " + str(countLowerCase))
print("All lower-case and numeric only passwords: " + str(countLowerCaseNumber - countNumeric - countLowerCase))
print("All upper-case only passwords: " + str(countUpperCase))
print("All upper-case and numeric only passwords: " + str(countUpperCaseNumber - countUpperCase - countNumeric))
print("All upper-case and lower-case only passwords: " + str(countUpperLowerCase - countUpperCase - countLowerCase))
print("All upper-case, lower-case and numeric only passwords: " + str(countUpperLowerCaseNumber - (countUpperLowerCase - countUpperCase - countLowerCase) - (countLowerCaseNumber - countLowerCase - countNumeric) - (countUpperCaseNumber - countUpperCase - countNumeric) - countUpperCase - countLowerCase - countNumeric))
print("All upper-case, lower-case, numeric and special chars only passwords: " + str(countUpperLowerCaseNumberSpecial - (countUpperLowerCaseNumber - countUpperCase - countLowerCase - countNumeric) - countUpperCase - countLowerCase - countNumeric))
print("Unaccounted for Passwords with RegEx's: " + str(countTotal - countUpperLowerCaseNumberSpecial))
print()
print("Password Length < 8: " + str(lengthLess8))
print("Password Length 8 to 12: " + str(length8to12))
print("Password Length 13 to 16: " + str(length13to16))
print("Password Length 17 to 20: " + str(length17to20))
print("Password Length 21 to 32: " + str(length21to32))
print("Password Length 33 and up: " + str(length33up))
With the above script I ran it against the rockyou list and received the following statistics (I put in the comma's):
Total Passwords in List: 14,344,391
All numeric only passwords: 2,346,874
All lower-case only passwords: 3,726,802
All lower-case and numeric only passwords: 6,075,066
All upper-case only passwords: 229,917
All upper-case and numeric only passwords: 407,421
All upper-case and lower-case only passwords: 159,318
All upper-case, lower-case and numeric only passwords: 382,270
All upper-case, lower-case, numeric and special chars only passwords: 1,001,182
Unaccounted for Passwords with RegEx's: 15,541
Password Length < 8: 4,737,460
Password Length 8 to 12: 8,593,633
Password Length 13 to 16: 891,426
Password Length 17 to 20: 88,173
Password Length 21 to 32: 31,576
Password Length 33 and up: 2,123