قالب وردپرس درنا توس
Home / Tips and Tricks / How to use Wordlister to create custom password combinations for cracking «Null Byte :: WonderHowTo

How to use Wordlister to create custom password combinations for cracking «Null Byte :: WonderHowTo



Using Wordlister and all its options

We are working on Kali Linux to show off Wordlister, but any other Linux distro should suffice.

The first thing to do is download Wordlister from GitHub. We can use the tool wget to retrieve it directly from our terminal via HTTP:

  ~ # wget https://raw.githubusercontent.com/4n4nk3/Wordlister/master/wordlister.py

--2020-02-24 12: 45: 36-- https://raw.githubusercontent.com/4n4nk3/Wordlister/master/wordlister.py
Resolving Raw.githubusercontent.com (raw.githubusercontent.com) ... 1
51,101,148,133 Connect to raw.githubusercontent.com (raw.githubusercontent.com) | 151.101.148.133 |: 443 ... connected. HTTP request sent, awaiting response ... 200 OK Length: 6195 (6.0K) [text/plain] Save in: "wordlister.py" wordlister.py 100% [======================================================================================================================>] 6.05K - .- KB / s in 0s 2020-02-24 12:45:36 (18.5 MB / s) - & # 39; wordlister.py & # 39; saved [6195/6195]

The script needs Python 3 to work correctly, so if it is not already installed, do this with the following command: [19659004] ~ # apt-get install python3

Now we can run the script with the command python3 :

  ~ # python3 wordlister.py

use: wordlister.py [-h] - input INPUT - perm PERM - min MIN - max MAX
[--test TEST] [--cores CORES] [--leet] [--cap] [--up]
                     [--append APPEND] [--prepend PREPEND]
  wordlister.py: error: the following arguments are required: - input, --perm, --min, --max 

That gives us some usage information and which arguments are required. We can add the flag -h to see the help menu, which is a bit more organized and informative:

  ~ # python3 wordlister.py -h

use: wordlister.py [-h] - input INPUT - perm PERM - min MIN - max MAX
[--test TEST] [--cores CORES] [--leet] [--cap] [--up]
                     [--append APPEND] [--prepend PREPEND]

 A simple word list generator and mangler written in python.

optional arguments:
-h, - help view and close this help message
--test TEST Export first N iterations (process / core only)
--cores CORES Manually specify the processes / cores pool that you want
use
--fleet Activate l33t mutagen
--cap Activate mutage in capital letters
--up Activate mutagen in capital letters
- add APPEND Add the chosen word (add & # 39; word & # 39; to all passwords)
--prepend PREPEND Add the selected word (prepend & # 39; word & # 39; to all passwords)

required arguments:
--Input INPUT Enter file name
- perm PERM Max. number of words to be combined on the same line
--min MIN Minimum password length generated
--max MAX Maximum generated password length 

To use Wordlister, we first need an input file with a list of passwords for which we want to make permutations and mangle.

Create a text file with a few common passwords with your favorite text editor (I only use a small number of passwords here for demonstration purposes because the permutations can get quite large). This is what mine looks like:

  ~ # cat list.txt

password
hunter2
secret
iloveyou 

Now we are ready to execute the script. Here are the required arguments:

  • input = the name of the text file with passwords
  • perm = the number of permutations to be combined on the same line
  • minus = the minimum length of a generated password
  • max = the maximum length of a generated password

Here is the complete command and its execution:

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - max 32

secret
password
hunter2
I love you
secretpassword
secretary2
secretiloveyou
passwordsecret
passwordhunter2
passwordiloveyou
hunter2password
hunter2iloveyou
iloveyousecret
hunter2secret
iloveyoupassword
iloveyouhunter2 

We can see that it combined only the given passwords in all possible permutations.

Wordlister contains a handful of useful arguments that are also optional. The option leet transforms all letters into numbers using leetspeak:

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - max 32 - fleet

I love you
11vv3y0u
hunter2
hunt3r2
password
p455w0rd
secret
53cr3t
iloveyouhunter2
iloveyoupassword
1110v3y0uhunt3r2
1110v3y0up455w0rd
iloveyousecret
11vv3y0u53cr3t
hunter2iloveyou
hunt3r21l0v3y0u
hunter2password
hunt3r2p455w0rd
passwordiloveyou
p455w0rd1l0v3y0u
passwordhunter2
p455w0rdhunt3r2
hunter2secret
passwordsecret
p455w0rd53cr3t
secretiloveyou
hunt3r253cr3t
53cr3t110v3y0u
secretary2
53cr3thunt3r2
secretpassword
53cr3tp455w0rd 

With the option cap the first letter of each password is written with a capital letter:

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - - max 32 - -Cap

I love you
Secret
Hunter2
password
I love you
hunter2
secret
password
Iloveyou Secret
Iloveyouhunter2
Iloveyoupassword
IloveyouHunter2
Iloveyousecret
IloveyouPassword
SecretIloveyou
Secretpassword
Secretiloveyou
SecretHunter2
Secrethunter2
passwordiloveyou
passwordHunter2
iloveyou Secret
passwordhunter2
iloveyoupassword
passwordsecret
iloveyouHunter2
iloveyouhunter2
SecretPassword
iloveyousecret
iloveyouPassword
passwordIloveyou
passwordSecret
Hunter2Iloveyou
Hunter2Secret
Hunter2password
Hunter2secret
Hunter2iloveyou
Hunter2Password
hunter2Secret
hunter2Iloveyou
hunter2password
hunter2iloveyou
hunter2secret
secretPassword
PasswordIloveyou
hunter2Password
PasswordSecret
Passwordiloveyou
secretpassword
secretIloveyou
PasswordHunter2
Passwordhunter2
secretiloveyou
Password Secret
secretHunter2
secrethunter2 

The option up transforms every letter into a word in uppercase:

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - max 32 - -up

SECRET
secret
hunter2
HUNTER2
I LOVE YOU
password
PASSWORD
I love you
SECREThunter2
SECRET password
SECRETHUNTER2
SECRETILOVEYOU
SECRETPASSWORD
SECRETiloveyou
secretary2
secretpassword
secretHUNTER2
secretILOVEYOU
hunter2password
hunter2iloveyou
hunter2ILOVEYOU
hunter2PASSWORD
passwordSECRET
passwordHUNTER2
passwordsecret
passwordILOVEYOU
passwordhunter2
passwordiloveyou
HUNTER2 SECRET
HUNTER2secret
HUNTER2ILOVEYOU
HUNTER2PASSWORD
HUNTER2password
HUNTER2iloveyou
ILOVEYOUsecret
ILOVEYOUSECRET
ILOVEYOUhunter2
ILOVEYOUpassword
secretPASSWORD
ILOVEYOUHUNTER2
secretiloveyou
hunter2SECRET
hunter2secret
ILOVEYOUPASSWORD
PASSWORDhunter2
PASSWORDSECRET
PASSWORDHUNTER2
PASSWORDsecret
PASSWORDILOVEYOU
PASSWORDiloveyou
iloveyou SECRET
iloveyousecret
iloveyouhunter2
iloveyoupassword
iloveyouHUNTER2
iloveyouPASSWORD 

The option append adds any given word to all passwords:

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - max 32 - - add 1969

secret
secret1969
password
password1969
I love you
iloveyou1969
hunter2
hunter21969
secretpassword
secretpassword1969
secretiloveyou
secretiloveyou1969
secretary2
secrethunter21969
passwordsecret
passwordsecret1969
passwordiloveyou
passwordiloveyou1969
passwordhunter2
passwordhunter21969
iloveyousecret
iloveyousecret1969
iloveyoupassword
iloveyoupassword1969
iloveyouhunter2
iloveyouhunter21969
hunter2secret
hunter2secret1969
hunter2password
hunter2password1969
hunter2iloveyou
hunter2iloveyou1969 

The prepend option will place any given word before all passwords:

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - max 32 - Prepare Dave

secret
Davesecret
I love you
Daveiloveyou
password
Davepassword
hunter2
Davehunter2
secretiloveyou
Davesecretiloveyou
secretpassword
Davesecretpassword
secretary2
Davesecrethunter2
iloveyoupassword
iloveyouhunter2
Daveiloveyouhunter2
Daveiloveyoupassword
passwordsecret
Davepasswordsecret
iloveyousecret
Daveiloveyousecret
passwordiloveyou
Davepasswordiloveyou
passwordhunter2
Davepasswordhunter2
hunter2secret
Davehunter2secret
hunter2iloveyou
Davehunter2iloveyou
hunter2password
Davehunter2password 

And of course all these options can be combined for a larger number of possible passwords:

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - max 32 - fleet - -cap - add 1969

secret
secret1969
hunter2
53cr3t
53cr3t1969
hunter21969
hunt3r2
hunt3r21969
password
Password1969
P455 billion
P455wrrd1969
I love you
Iloveyou1969
I love you
11vv3y0u
iloveyou1969
11vv3y0u1969
Secret
Secret1969
11vv3y0u
53cr3t
11vv3y0u1969
53cr3t1969
password
password1969
p455w0rd
p455w0rd1969
Hunter2
Hunter21969
Hunt3r2
Hunt3r21969
secretary2
secrethunter21969
secretpassword
secretpassword1969
53cr3thunt3r2
53cr3thunt3r21969
secretPassword
53cr3tp455w0rd
secretPassword1969
53cr3tp455wrrd1969
53cr3tP455wrd

... 

This list can be quite long with just a few initial passwords, so it can be beneficial to create a custom dictionary for targeted password cracking.

Instead of printing the results to the terminal screen, we can output to a text file that can later be used to crack:

  ~ # python3 wordlister.py - input list.txt - perm 2 --min 6 - max 32 --leet --cap - add 1969> mywordlist.txt 

Wordlister has a function that only performs the specified number of iterations, in case we wanted to better adjust the length of our list. Use the option test :

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - max 32 - test 10

password
secret
I love you
hunter2
passwordsecret
passwordiloveyou
passwordhunter2
secretpassword
secretiloveyou
secrethunter2 

We can also manually specify the number of cores to be used with the option cores . It can be useful if we don't want all our resources to be used at the same time:

  ~ # python3 wordlister.py - input list.txt - perm 2 - min 6 - max 32 --cores 1

hunter2
password
secret
I love you
hunter2password
hunter2secret
hunter2iloveyou
passwordhunter2
passwordsecret
passwordiloveyou
secretary2
secretpassword
secretiloveyou
iloveyouhunter2
iloveyoupassword
iloveyousecret 

As we can see, this simple tool can be incredibly powerful when it comes to creating targeted word lists.


Source link