1. Support Center
  2. BApp Store
  3. Hashcat Maskprocessor Intruder Payloads
Professional Community

Hashcat Maskprocessor Intruder Payloads

This extension integrates Burp Intruder with Hashcat Maskprocessor.

Maskprocessor is a word generator with a per-position configurable charset

You can find out more at https://github.com/hashcat/maskprocessor


It can be used with:

  • Built-in charset
  • ?l = abcdefghijklmnopqrstuvwxyz
  • ?d = 0123456789
  • ?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
  • ?a = ?l?u?d?s
  • ?b = 0x00 - 0xff

Example: Password?d will generate Password0, Password1, Password3 etc.

Custom charsets:

  • -1, --custom-charset1=CS
  • -2, --custom-charset2=CS
  • -3, --custom-charset3=CS
  • -4, --custom-charset4=CS

Example: Password?1 -1 0A@ will generate Password0, PasswordA, Password@

Author Quahac
Version 1.0
Last updated 16 October 2020

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for this BApp by visiting our GitHub page.
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.
Download BApp

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore