cupp

cupp.py [-h] [-i INPUT | -a] [-o OUTPUT] [-w WORDLIST] [-v] [-q] [-s START] [-l LENGTH] [--weak]

-h, --help
    Show help message and exit.

-i INPUT, --input INPUT
    Interactive mode: Target's profile file (use '-' for stdin).

-a, --auto
    Automatic mode: Process targets from input file.

-o OUTPUT, --output OUTPUT
    Output wordlist file (use '-' for stdout).

-w WORDLIST, --wordlist WORDLIST
    Specific wordlist to append in auto mode.

-v, --verbose
    Enable verbose output.

-q, --quiet
    Suppress non-essential output.

-s START, --start START
    Start generating from this sequence number.

-l LENGTH, --length LENGTH
    Set length of generated passwords.

--no-escape
    Do not escape special characters.

--weak
    Generate only weak passwords.

CUPP (Common User Passwords Profiler) is a Python-based tool designed for security researchers and penetration testers to create customized wordlists for password cracking. It leverages personal information about a target—such as birthdates, nicknames, pet names, phone numbers, and hobbies—to generate likely password combinations.

The tool operates in two primary modes: interactive mode, where users manually input target details via prompts, and automatic mode, which processes data from a pre-formatted input file. CUPP combines this information with permutations, leetspeak variations (e.g., 'a' to '@'), common suffixes like '123' or '!', and appends words from external dictionaries if specified.

This makes it highly effective for targeted attacks against weak, personal passwords, outperforming generic wordlists like rockyou.txt in specific scenarios. Ethical use is paramount; it's intended for authorized testing on systems you own or have permission to assess. Output wordlists can be fed into tools like Hashcat or John the Ripper for cracking attempts.

CUPP emphasizes efficiency by allowing control over password length, starting sequence, and verbosity, producing millions of potential passwords tailored to the target without exhaustive computation.

For ethical penetration testing only. Illegal use for unauthorized access violates laws like CFAA. Generates large files; use -l and -s to manage size. Requires Python 2/3 compatibility.

git clone https://github.com/Mebus/cupp.git
cd cupp
python3 cupp.py -h

Interactive: python3 cupp.py -i (follow prompts).
Auto: python3 cupp.py -a target.txt -o passwords.txt

Developed by Jacek Wielemborek (Mebus) around 2011 as an open-source tool for pentesters. Hosted on GitHub (Mebus/cupp), actively maintained with Python 3 support added later. Popular in Kali Linux repos for wordlist generation.

john(1), hashcat(1), crunch(1)