How to bruteforce ZIP files
0xL1NK#~ FCrackZip Manpages
Last updated: 27 march 2019
fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.
The command below will bruteforce file.zip with a given wordlist. In this case the wordlist is the well known rockyou.txt.
fcrackzip -u -D -p [wordlist] [ZIP file]
fcrackzip -u -D -p ~/rockyou.txt ~/file.zip
-u : Try to decompress the first file by calling unzip with the guessed password. This weeds out false positives when not enough files have been given.
-D : Select dictionary mode. In this mode, fcrackzip will read passwords from a file, which must contain one password per line and should be alphabetically sorted.
-p : Set initial (starting) password for brute-force searching to string, or use the file with the name string to supply passwords for dictionary searching.
** For more information, check out the extra links and sources. **