fcrackzip

Brute-force a password with a length of 4 to 8 characters and contains only alphanumeric characters (order matters)

$ fcrackzip [[-b|--brute-force]] [[-l|--length]] 4-8 [[-c|--charset]] aA1 [archive]

$ fcrackzip [[-v|--verbose]] [[-b|--brute-force]] [[-l|--length]] 3 [[-c|--charset]] a:$% [archive]

$ fcrackzip [[-b|--brute-force]] [[-l|--length]] 4 [[-c|--charset]] a! [archive]

$ fcrackzip [[-b|--brute-force]] [[-l|--length]] 5 [[-c|--charset]] 1 [[-p|--init-password]] 12345 [archive]

$ fcrackzip [[-u|--use-unzip]] [[-D|--dictionary]] [[-p|--init-password]] [wordlist] [archive]

$ fcrackzip [[-B|--benchmark]]

fcrackzip [options] zipfile

-b b|d
    Set brute-force (b) or dictionary (d) mode

-c chars
    Specify character set for brute-force (e.g., 'a-zA-Z0-9')

-D dictfile
    Use dictionary file (with -b d)

-k
    Continue cracking after finding password (brute-force only)

-l min-max
    Password length range (brute-force only)

-L len
    Max password length (equivalent to -l 1-len)

-m mask
    Mask for known characters (brute-force only, e.g., 'pass?ord')

-o file
    Write output to file

-p passlist
    Use passlist file as dictionary (with -b d)

-t threads
    Number of threads to use

-u
    Check with unzip to avoid false positives

-v
    Verbose mode

-V
    Very verbose mode

-h
    Display help

fcrackzip is a lightweight, high-performance command-line utility for recovering passwords on ZIP archives protected by traditional PKZIP encryption. Developed for security researchers and users needing to access forgotten passwords, it employs two primary attack methods: brute-force searching through character combinations within defined lengths and sets, or dictionary-based attacks using wordlists.

Optimized for speed, fcrackzip leverages multi-threading to utilize multiple CPU cores, making it efficient even on modest hardware. It first scans the ZIP file to identify encrypted files and their CRC checksums, then systematically tests passwords, optionally verifying candidates with unzip to eliminate false positives. Key features include customizable character sets (e.g., lowercase, digits, symbols), password length ranges, progress reporting, and output to files.

While powerful for weak or common passwords, it struggles against strong, long passphrases due to exponential time complexity. Ethical use is paramount—ideal for penetration testing, personal recovery, or forensics, but not unauthorized access. Supports single or multiple ZIP files and integrates with external dictionaries like rockyou.txt.

Only supports traditional ZIP encryption (not AES/WinZip); ineffective against strong passwords; highly CPU-intensive; ensure legal/ethical use to avoid cracking unauthorized files.

Brute-force 4-6 chars: fcrackzip -b -c 'aA1!' -l 4-6 file.zip
Dictionary attack: fcrackzip -b d -u -p /usr/share/wordlists/rockyou.txt file.zip

Created by Michael Schutte around 2000; latest stable release 5.03c (2007). Maintained sporadically, widely packaged in Linux distros for security auditing.

unzip(1), zip(1), john(1), hashcat(1)