x/handbook
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
handbook/tools/Others/Wordlist/1.Generate.md
Anton Nesterov af9011411c
vault backup: 2024-08-31 01:07:21
2024-08-31 01:07:22 +02:00

3.2 KiB
Raw Blame History

General

Examine the small selection of tools provided here and identify the one that is most relevant to your requirements.

  • CUPP
  • Mentalist
  • Cewl
  • Crunch

CUPP

  • command
python3 cupp.py -h

python3 cupp.py -i (Interactive mod, Ask you question about your target)

puthon4 cupp.py -l (Download Pre-created wordlists to your machine)

cupp-example

Mentalist

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

Mentalist GUI

Cewl (Only work for english website)

Tools such as Cewl can be used to effectively crawl a website and extract strings or keywords. Cewl is a powerful tool to generate a wordlist specific to a given company or target. Consider the following example below:

cewl -w list.txt -d 5 -m 5 http://example.com

-w  ---> Will write the contents to a file. In this case, list.txt. -m 5  ---> Gathers strings (words) that are 5 characters or more -d 5  ---> Is the depth level of web crawling/spidering (default 2)

Username Generator

Gathering employees' names in the enumeration stage is essential. We can generate username lists from the target's website. For the following example, we'll assume we have a {first name} {last name} (ex: John Smith) and a method of generating usernames.

This can be usefull to generate username list for Acive Directory

Example

-   **{first name}:** john
-   **{last name}:** smith
-   **{first name}{last name}:  johnsmith** 
-   **{last name}{first name}:  smithjohn**  
-   first letter of the **{first name}{last name}: jsmith** 
-   first letter of the **{last name}{first name}: sjohn**  
-   first letter of the **{first name}.{last name}: j.smith** 
-   first letter of the **{first name}-{last name}: j-smith** 
-   and so on

git clone https://github.com/therodri2/username_generator.git

cd username_generator

python3 username_generator.py -h

echo "John Smith" > users.lst

python3 username_generator.py -w users.lst

Crunch

Crunch allow you to create custom brute force worlist (related to characters lengh)

Simple

crunch 2 2 01234abcd -o crunch.txt
  • The following example creates a wordlist containing all possible combinations of 2 characters, including 0-4 and a-d. We can use the -o argument and specify a file to save the output to.

Include a know variable (Example: We want that all password start with pass)

crunch 6 6 -t "pass%%" -o crunch.txt
  • We can use the % symbol from above to match the numbers. Here we generate a wordlist that contains pass followed by 2 numbers.

!Pasted image 20230317202043.png