Some kind of bruteforce
Thank you all for letting me join this forum.
I have just started out with Hashcat, after finding that Pyrit was a dead end.

I want to try some kind of "conditional bruteforcing", and here's what I know about the password:

- The password is 12 chars long.
- The password consists of numbers and uppercase letters.

The possible number of combinations are way too many to bruteforce without some rules to exclude the least possible ones.
So, I'm looking for a clue about how to set up such rules.

Some example conditions:
No more than 3 identical chars after each other.
No more than 3 numbers after each other.
No more than a total of N of each char in the passphrase.

It's very unlikely that the password is "AAAAAAAAAAA2", so there should be possible to exclude quite a lot of combinations.

Can anyone point me in the right direction?
maskprocessor with -q & -r might help there
Do I have to create a wordlist, or can it be run as a subprocess to Hashcat?
Depending on the hashtype, it might be worth not sweating hitting some 'forbidden' combos and go for a series of masks that encompass the areas your sure about. Also, in my experience, running masks is always faster than wordlists; I'll take the wastage hit for the overall gain.

Knowing that it's only caps and numbers *drastically* reduces the keyspace, so doing some quick math on acceptable runtimes would be worth a look. Something somewhere is going to have to generate the candidate, is it worth it to try and curate a giant list, or just let hashcat do it's thing? Honest question, the answer is highly situational.

I've cobbled together scripts to output masks that encompass pw rules, or suspected themes, that can save a lot of inaccuracies vs fiddling by hand.

Good luck!
Are these scripts available for downloading?