P12 Password Cracking
Recover or verify passwords for P12/PKCS#12 certificate files.
Plan Limits
| Feature | Free | VIP 1+ |
|---|---|---|
| Attack modes | smart, dictionary | All modes |
| Wordlist (array) | 100 passwords | Unlimited |
| Wordlist (file/URL) | 1,000 passwords | 50MB / unlimited |
| Brute force | ❌ Not available | ✅ Full access |
Note: Upgrade to VIP to unlock brute force mode and larger wordlists.
Verify Password
POST /api/p12-verify
Check if a password is correct for a P12 file.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
file |
file | Yes | The .p12 or .pfx file (max 10MB) |
password |
string | Yes | Password to verify |
Example Request
curl -X POST "https://developer.nabzclan.vip/api/p12-verify" \
-H "Authorization: Bearer YOUR_TOKEN" \
-F "[email protected]" \
-F "password=mypassword"
Example Response (Valid)
{
"success": true,
"valid": true,
"password": "mypassword"
}
Example Response (Invalid)
{
"success": true,
"valid": false,
"password": null
}
Crack Password
POST /api/p12-crack
Attempt to recover the password for a P12 file using various attack modes.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
file |
file | Yes | The .p12 or .pfx file (max 10MB) |
mode |
string | No | smart (default), dictionary, brute_force |
wordlist |
array/file | No | Password array or .txt file (max 50MB) |
wordlist_url |
string | No | URL to download wordlist (must return plain text) |
charset |
string | No | Characters for brute force (default: a-z0-9) |
min_length |
int | No | Min password length for brute force (default: 1, max: 6) |
max_length |
int | No | Max password length for brute force (default: 4, max: 6) |
File Size Limits
| File | Max Size | Notes |
|---|---|---|
P12/PFX file (file) |
10 MB | Certificate file to crack |
Wordlist file (wordlist) |
50 MB | ~5 million passwords |
Wordlist URL (wordlist_url) |
No limit | Downloaded server-side |
Smart Mode
Uses previously cracked passwords + common P12 patterns. Recommended for most cases.
Example Request
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
-H "Authorization: Bearer YOUR_TOKEN" \
-F "[email protected]" \
-F "mode=smart"
Example Response
{
"success": true,
"found": true,
"password": "admin123",
"attempts": 15,
"elapsed_seconds": 0.003,
"speed_per_second": 5000
}
Dictionary Mode
Supply passwords via array, file upload, or URL.
Option 1: Password Array
Pass passwords inline using wordlist[] for each password.
Format: -F "wordlist[]=password1" -F "wordlist[]=password2"
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
-H "Authorization: Bearer YOUR_TOKEN" \
-F "[email protected]" \
-F "mode=dictionary" \
-F "wordlist[]=password123" \
-F "wordlist[]=admin" \
-F "wordlist[]=mysecret" \
-F "wordlist[]=nabzclan.vip"
Option 2: Upload Wordlist File
Upload a .txt file with one password per line. (Free: 1,000 passwords max, VIP: 50MB)
Format: -F "wordlist=@/path/to/wordlist.txt"
File Format (wordlist.txt):
password123
admin
mysecret
company2026
nabzclan.vip
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
-H "Authorization: Bearer YOUR_TOKEN" \
-F "[email protected]" \
-F "mode=dictionary" \
-F "[email protected]"
Option 3: Wordlist from URL
Download wordlist from a URL. (Free: 1,000 passwords max, VIP: unlimited)
Format: -F "wordlist_url=https://example.com/wordlist.txt"
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
-H "Authorization: Bearer YOUR_TOKEN" \
-F "[email protected]" \
-F "mode=dictionary" \
-F "wordlist_url=https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Common-Credentials/10k-most-common.txt"
Dictionary Response
{
"success": true,
"found": true,
"password": "nabzclan.vip",
"attempts": 5,
"elapsed_seconds": 0.002,
"speed_per_second": 2500
}
Brute Force Mode (VIP ⭐️)
VIP Only: This mode requires a VIP subscription.
Tries all character combinations. Best for short passwords (1-4 characters).
Parameters
| Name | Default | Description |
|---|---|---|
charset |
abcdefghijklmnopqrstuvwxyz0123456789 |
Characters to use |
min_length |
1 |
Minimum password length |
max_length |
4 |
Maximum password length (max: 6) |
Example Request
curl -X POST "https://developer.nabzclan.vip/api/p12-crack" \
-H "Authorization: Bearer YOUR_TOKEN" \
-F "[email protected]" \
-F "mode=brute_force" \
-F "charset=abcdefghijklmnopqrstuvwxyz0123456789" \
-F "min_length=1" \
-F "max_length=4"
Custom Charset Examples
Lowercase + Numbers (default):
-F "charset=abcdefghijklmnopqrstuvwxyz0123456789"
Numbers Only:
-F "charset=0123456789"
Alphanumeric + Special:
-F "charset=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$"
Example Response
{
"success": true,
"found": true,
"password": "test",
"attempts": 45678,
"elapsed_seconds": 5.234,
"speed_per_second": 8729
}
Response Reference
Password Found
{
"success": true,
"found": true,
"password": "discovered_password",
"attempts": 123,
"elapsed_seconds": 0.015,
"speed_per_second": 8200
}
Password Not Found
{
"success": true,
"found": false,
"password": null,
"attempts": 10000,
"elapsed_seconds": 1.145,
"speed_per_second": 8734
}
Response Fields
| Field | Type | Description |
|---|---|---|
success |
boolean | Whether the request completed without errors |
found |
boolean | Whether the password was recovered |
password |
string/null | The recovered password, or null if not found |
attempts |
int | Number of passwords tried |
elapsed_seconds |
float | Server-side processing time in seconds |
speed_per_second |
int | Cracking speed (passwords tested per second) |
Error Responses
Invalid File Type
{
"error": "Invalid file type. Only .p12 and .pfx files are allowed."
}
Missing Wordlist
{
"error": "Wordlist required for dictionary mode. Provide as array, file upload, or URL."
}