Generating wordlist
Types of wordlist
There 5 types of wordlists
Weak common Password (e.g. rockyou.txt, darkweb2017-top100.txt and etc)
Scrapped wordlist - scrape a website for words that can be used as password (tool - CeWL)
Generated words - generate a common pattern words (e.g. aaaa, bbbb , cccc) (tool - crunch)
Generate keyboard walks (tool - kwprocessor)
Wordlists based on current year / season (e.g. Summer2020 , Winter2019 and etc) (tool - weakpass_generator)
CeWL
CeWL - Custom Word List generator
Creating custom word lists spidering a targets website and collecting unique words.
GitHub: https://github.com/digininja/CeWL
Usage:
Weak Passwords
SecList- https://github.com/danielmiessler/SecLists/tree/master/Passwords
Crunch
crunch enables us to create a custom password-cracking wordlist that we can use with such tools like Hashcat, Cain and Abel, John the Ripper, Aircrack-ng, and others. This custom wordlist might be able to save us hours or days in password cracking if we can craft it properly.
Syntax:
kali > crunch <min> max<max> <characterset> -t <pattern> -o <output filename>
Example:
crunch 4 4 -f /usr/share/crunch/charset.lst lalpha-numeric -o wordlist.txt
We could generate all the possibilities of ten-character passwords that end with 0728 and send the output to a file in the root user's directory named birthdaywordlist.lst, by typing:
crunch 10 10 -t @@@@@@0728 -o /root/birthdaywordlist.lst
kwprcessor
Advanced keyboard-walk generator with configureable basechars, keymap and routes
Link: https://github.com/hashcat/kwprocessor
Example:
./kwp basechars/full.base keymaps/en-us.keymap routes/2-to-16-max-3-direction-changes.route > wordlist.txt
weakpass generator
script: https://github.com/nyxgeek/weakpass_generator or online version http://www.weakpasswords.net/
Usage:
Last updated