Bivens Security Consulting

PoliPassGen: Precision Password Generation for Cloud Environments

2 min read

Summary

In modern adversarial operations, generic wordlists often fail against strict cloud security configurations. PoliPassGen is a specialized Python tool designed to bridge the gap between “easy-to-remember” passwords and complex password policies required by cloud providers and local domains. By ingesting mission-specific keywords and enforcing automated policy compliance, it generates thousands of plausible, high-probability candidates for password sprays and hash cracking.

Technical Details

PoliPassGen operates by mapping common password-generating logic to policy requirements. Key features include:

  • Policy Ingestion: Directly import JSON-based password policies exported via CLI from major cloud providers.
  • Word Generation: Enhanced mutation logic using the -wg flag, supporting mutate, years, seasons, numbers, or all to expand baseline wordlists.
  • Environment Targeting: Native support for --env aws, azure, gcp, and local to automatically apply default provider-specific complexity requirements.
  • Duplicate Removal: Advanced --dupe-rules (exact, near, loose) to ensure the final list is concise and effective.
  • Scaling: A single baseline keyword list can be expanded into 20k-28k unique candidates depending on the selected generation methods and match modes.

Example Usage

python polipassgen.py --env azure --word-gen mutate years seasons --wordlist targets.txt --dupe-rules near

Offensive Insight

The primary strength of PoliPassGen lies in its ability to weaponize “human-predictable” patterns that still satisfy complexity checks. During a red team engagement, we often find that employees use variations of the company name, current year, seasonal terms, or industry-specific keywords.

Instead of a blind brute force, we use PoliPassGen to generate a highly targeted set of passwords that exactly match the target organization’s complexity rules (e.g., must contain 1 symbol, 1 uppercase, and be at least 12 characters). This significantly reduces the noise of a password spray and increases the likelihood of a successful authentication bypass.

Conclusion

PoliPassGen is an essential addition to any offensive operator’s toolkit when targeting enterprise cloud or local enterprise environments. By moving away from static wordlists and toward policy-aware generation, we ensure our adversarial testing remains accurate to real-world threats.

Explore the source on GitHub: bivens-security-consulting/PoliPassGen

Link back to the Blog and the Homepage.

Graph View