# P12 Password Cracking

Recover or verify passwords for P12/PKCS#12 certificate files.

## Plan Limits

| Feature | Free | VIP 1+ |
|---------|------|--------|
| **Attack modes** | smart, dictionary | All modes |
| **Wordlist (array)** | 100 passwords | Unlimited |
| **Wordlist (file/URL)** | 1,000 passwords | 50MB / unlimited |
| **Brute force** | ❌ Not available | ✅ Full access |

> **Note:** Upgrade to VIP to unlock brute force mode and larger wordlists.

---

## Verify Password

`POST /api/p12-verify`

Check if a password is correct for a P12 file.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `file` | file | Yes | The .p12 or .pfx file (max 10MB) |
| `password` | string | Yes | Password to verify |

### Example Request

```bash
curl -X POST "https://developer.nabzclan.vip/api/p12-verify" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "file=@certificate.p12" \
  -F "password=mypassword"
```

### Example Response (Valid)

```json
{
  "success": true,
  "valid": true,
  "password": "mypassword"
}
```

### Example Response (Invalid)

```json
{
  "success": true,
  "valid": false,
  "password": null
}
```

---

## Crack Password

`POST /api/p12-crack`

Attempt to recover the password for a P12 file using various attack modes.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `file` | file | Yes | The .p12 or .pfx file **(max 10MB)** |
| `mode` | string | No | `smart` (default), `dictionary`, `brute_force` |
| `wordlist` | array/file | No | Password array or .txt file **(max 50MB)** |
| `wordlist_url` | string | No | URL to download wordlist (must return plain text) |
| `charset` | string | No | Characters for brute force (default: a-z0-9) |
| `min_length` | int | No | Min password length for brute force (default: 1, max: 6) |
| `max_length` | int | No | Max password length for brute force (default: 4, max: 6) |

### File Size Limits

| File | Max Size | Notes |
|------|----------|-------|
| P12/PFX file (`file`) | **10 MB** | Certificate file to crack |
| Wordlist file (`wordlist`) | **50 MB** | ~5 million passwords |
| Wordlist URL (`wordlist_url`) | **No limit** | Downloaded server-side |

---

## Smart Mode

Uses previously cracked passwords + common P12 patterns. **Recommended for most cases.**

### Example Request

```bash
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "file=@certificate.p12" \
  -F "mode=smart"
```

### Example Response

```json
{
  "success": true,
  "found": true,
  "password": "admin123",
  "attempts": 15,
  "elapsed_seconds": 0.003,
  "speed_per_second": 5000
}
```

---

## Dictionary Mode

Supply passwords via **array**, **file upload**, or **URL**.

---

### Option 1: Password Array

Pass passwords inline using `wordlist[]` for each password.

**Format:** `-F "wordlist[]=password1" -F "wordlist[]=password2"`

```bash
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "file=@certificate.p12" \
  -F "mode=dictionary" \
  -F "wordlist[]=password123" \
  -F "wordlist[]=admin" \
  -F "wordlist[]=mysecret" \
  -F "wordlist[]=nabzclan.vip"
```

---

### Option 2: Upload Wordlist File

Upload a `.txt` file with one password per line. **(Free: 1,000 passwords max, VIP: 50MB)**

**Format:** `-F "wordlist=@/path/to/wordlist.txt"`

**File Format (wordlist.txt):**
```
password123
admin
mysecret
company2026
nabzclan.vip
```

```bash
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "file=@certificate.p12" \
  -F "mode=dictionary" \
  -F "wordlist=@wordlist.txt"
```

---

### Option 3: Wordlist from URL

Download wordlist from a URL. **(Free: 1,000 passwords max, VIP: unlimited)**

**Format:** `-F "wordlist_url=https://example.com/wordlist.txt"`

```bash
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "file=@certificate.p12" \
  -F "mode=dictionary" \
  -F "wordlist_url=https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Common-Credentials/10k-most-common.txt"
```

---

### Dictionary Response

```json
{
  "success": true,
  "found": true,
  "password": "nabzclan.vip",
  "attempts": 5,
  "elapsed_seconds": 0.002,
  "speed_per_second": 2500
}
```

---

## Brute Force Mode (VIP ⭐️)

> **VIP Only:** This mode requires a VIP subscription.

Tries all character combinations. Best for short passwords (1-4 characters).

### Parameters

| Name | Default | Description |
|------|---------|-------------|
| `charset` | `abcdefghijklmnopqrstuvwxyz0123456789` | Characters to use |
| `min_length` | `1` | Minimum password length |
| `max_length` | `4` | Maximum password length (max: 6) |

### Example Request

```bash
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "file=@certificate.p12" \
  -F "mode=brute_force" \
  -F "charset=abcdefghijklmnopqrstuvwxyz0123456789" \
  -F "min_length=1" \
  -F "max_length=4"
```

### Custom Charset Examples

**Lowercase + Numbers (default):**
```
-F "charset=abcdefghijklmnopqrstuvwxyz0123456789"
```

**Numbers Only:**
```
-F "charset=0123456789"
```

**Alphanumeric + Special:**
```
-F "charset=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$"
```

### Example Response

```json
{
  "success": true,
  "found": true,
  "password": "test",
  "attempts": 45678,
  "elapsed_seconds": 5.234,
  "speed_per_second": 8729
}
```

---

## Response Reference

### Password Found

```json
{
  "success": true,
  "found": true,
  "password": "discovered_password",
  "attempts": 123,
  "elapsed_seconds": 0.015,
  "speed_per_second": 8200
}
```

### Password Not Found

```json
{
  "success": true,
  "found": false,
  "password": null,
  "attempts": 10000,
  "elapsed_seconds": 1.145,
  "speed_per_second": 8734
}
```

### Response Fields

| Field | Type | Description |
|-------|------|-------------|
| `success` | boolean | Whether the request completed without errors |
| `found` | boolean | Whether the password was recovered |
| `password` | string/null | The recovered password, or null if not found |
| `attempts` | int | Number of passwords tried |
| `elapsed_seconds` | float | Server-side processing time in seconds |
| `speed_per_second` | int | Cracking speed (passwords tested per second) |

---

## Error Responses

### Invalid File Type

```json
{
  "error": "Invalid file type. Only .p12 and .pfx files are allowed."
}
```

### Missing Wordlist

```json
{
  "error": "Wordlist required for dictionary mode. Provide as array, file upload, or URL."
}
```