Wordlist
Public Wordlists and Wordlist Generation.
Public Wordlists
Default Credentials
Default credentials collected from multiple sources.
creds update
creds search <STRING> [export]
Wordlist Generation
crunch <MIN> <MAX> <CHARSET> [-t <PATTERN> -o <OUTPUT>]
, for all uppercase letters
@ for all lowercase letters
% for all numeric characters
^ for all special characters
CONST
Wordlists based on the content of websites.
cewl http://<IP> -w <OUTPUT> -d <DEEP> -m <MIN> -x <MAX> --with-numbers --lowercase
Wordlists based on the profiling of a user.
cupp -i
A powerful and useful hacker dictionary builder.
pydictor -sedb
Tool for generating possible usernames.
username-anarchy <NAME>
username-anarchy -i <FILE_NAMES>
Performs various manipulations on a wordlist.
rsmangler.rb -f <WORDLIST>
Apply rules to a wordlist
hashcat -r <RULE_FILE> --stdout <WORDLIST>
Leaks
Searching for sensitive information via data breach
Filtering wordlist
It is very important to generate and use a wordlists that meets the password requirements and policy.
Infer Policy
You can infer the password complexity policy in use on the target in the following ways:
Using the
user registration form.If
policy is provided on first error, and ifpolicy is provided after n attempts.guess policy by trial and error, i.e., start with complex and appropriate password and then remove components to see if they are needed.
Filter Wordlist
To filter the wordlist you can use grep
grep [-v] '[[:classname:]]' <WORDLIST>
Based on what they contain.
-v (NOT contain)
grep -x '.\{<LEN>\}’
Of exact length <LEN>
grep -E '^.{<MIN>,<MAX>}$'
Of length between <MIN> and <MAX>
grep -E '^.{6,}$' <WORDLIST> | grep -E '[A-Z]' | grep -E '[a-z]' | grep -E '[0-9]' | grep -E '([!@#$%^&*].*){2,}' > <OUTPUT_FILE>
Concatenation
[[:graph:]]
All printable characters except spaces and control characters.
[[:lower:]]
All lowercase letters of the alphabet.
[[:print:]]
All printable characters, including spaces.
[[:punct:]]
All punctuation characters, such as commas, periods, semicolons, etc.
[[:space:]]
All spacing characters, including spaces, tabs, line feeds, etc.
[[:upper:]]
All capital letters of the alphabet.
[[:digit:]]
All digits, from 0 to 9
[[:xdigit:]]
All characters that are hexadecimal digits, that is, 0 to 9 and A to F (or a-f).
Edit Wordlist
Or edit the wordlist with sed
sed -ri '/^.{,7}$/d' <WORDLIST>
Remove shorter than 8
sed -ri '/[!-/:-@\[-`\{-~]+/!d' <WORDLIST>
Remove no special chars
sed -ri '/[0-9]+/!d' <WORDLIST>
Remove no numbers
sed -ri '/[A-Z]/!d' <WORDLIST>
Remove no uppercase
sed -ri '/[a-z]/!d' <WORDLIST>
Remove no lowercase
sed -r '/^.{,7}$/d' <WORDLIST> | sed -r '/[!-/:-@\[-`\{-~]+/!d' | sed -r '/[0-9]+/!d' >> <OUTPUT>
Concatenation
Last updated
Was this helpful?