Zip password cracker with Node.js basic example. Importance of long, strong and secure passwords.

In this article I will show example, how you can unlock your zip file, even if you forgot your password, using brute force. And you will see why is important to use long and strong passwords.

You will learn how you can generate all possible string combinations using recursion and how you can use async/await.

I use recursive function to generate all possible combinations, for predefined possible password length and predefined possible characters.

Also I'm using this unzipper module, that can unzip the zip file. I guess you already have worked with Node.js, so you know that you need to install the unzipper first. You can see how you can do that on the link provided.

I try to unpack the zip file with every possible combination, until I find the first valid password. After that in output I print the first valid password.

You can see how it looks:

const unzipper = require('unzipper');

// Define possilbe chars, if you need upper case letters or special chars add them
const possibleChars = [];
const numbers = Array.from(Array(10).keys()).map(String);
const lowerCaseLetters = [...'abcdefghijklmnopqrstuvwxyz'];
possibleChars.push(...numbers, ...lowerCaseLetters);

// Location of the zip file
const ZIP_LOCATION = './';
const combinations = [];
// Define how long you think the password is
const passwordMaxLength = 3;

const generateAllCombinations = (append, maxLength) => {
    for (const char of possibleChars) {
        const newPass = append + char;
        if (newPass.length > maxLength) {
        generateAllCombinations(newPass, maxLength);

const unpackZip = async (password) => {
    try {
        const directory = await unzipper.Open.file(ZIP_LOCATION);
        let fileIndex = directory.files.length - 1;
        const extracted = await directory.files[fileIndex].buffer(password);
        return true;
    } catch (e) {
        return false;

const crackPassword = async () => {
    generateAllCombinations('', passwordMaxLength);

    let validPassword;
    for (const combination of combinations) {
        const passValid = await unpackZip(combination);
        if (passValid) {
            validPassword = combination;
    console.log('Valid password is: ' + validPassword);


You can try to unzip your zip file with the password that you got in the output.

Just to mention, for 4 characters password I needed to wait around 5 min, if your zip file have 8 characters long password you will probably need 300 years to wait until the algorithm finish 😁.

So it's always good to use long passwords. With characters, numbers and special characters, because chances for someone to hack you, using brute force are very small.


No Comments Yet