ciscoPWDhasher
An offline Cisco Password Hashing Tool for Cisco IOS/IOS-XE
Author: Brett Verney
Version: v1.0 | 21-04-2022
This script converts a plain text password into a Cisco 'secret' CLI hash. It currently supports Type 5 (MD5), Type 7 (XOR Cipher), Type 8 (PBKDF2-HMAC-SHA256), and Type 9 (scrypt)
It is particularly useful in situations where an engineer wants to build a full CLI configuration file but doesn't want to list passwords in plain text, or does not have access to a Cisco device in order to generate the password hash.
Requirements
- Python 3.6+
- Python Libraries
- scrypt
- backports.pbkdf2
- passlib
Script Usage
Windows
python ciscoPWDhasher.py
MAC / OSX
python ./ciscoPWDhasher.py
Note:
If you have both Python 2 and Python 3 installed you should run python3 ./ciscoPWDhasher.py
Linux
python ./ciscoPWDhasher.py
Note:
If you have both Python 2 and Python 3 installed you should run python3 ./ciscoPWDhasher.py
Example
The script uses an interactive menu to help choose which hash type is required. An example is below:
Cisco CLI Configuration
Cisco IOS/IOS-XE
username <username> secret {5|7|8|9} <hash>
or
enable secret {5|7|8|9} <hash>
For example:
username admin secret 5 $1$gBk3$sBeTOYNqovq/iccFjqQoV0
or
enable secret 9 $9$OD7tNTjMffsK4T$x8y1enumMaDqfgNlFeI5z9KtEmiqxP90e5R632s1QNk
Special Thanks
Josh Schmelzle for helping me figure out Type 8 and Type 9 requirements.
Kyle Kowalczyk for basically turning this in to something usuable by systems and people other than just copy and paste script n00bz.