wordlists

Wordlists play a crucial role in cybersecurity, particularly in penetration testing and password cracking. Various tools exist to create, manage, and manipulate wordlists, allowing security professionals to enhance their testing methodologies. This article explores some of the most widely used tools and commands for working with wordlists.

Seclists

Seclists is a collection of multiple types of wordlists used in security assessments. These include password lists, usernames, fuzzing payloads, web shells, and more.

To find where Seclists is stored on your system, you can use the following command:

seclists

Wordlistctl

wordlistctl is a command-line utility to search for specific wordlists.

Searching for a Wordlist

Use the following command to search for a particular wordlist:

wordlist search <word_list>

Wordlist Generators

There are various tools available for generating custom wordlists based on different parameters and methodologies.

Combination Wordlist

You can combine multiple wordlists into a single list and clean duplicate entries using:

cat file1.txt file2.txt file3.txt > combined_list.txt
sort combined_list.txt | uniq -u > cleaned_combined_list.txt

Cewl

Cewl is a tool that generates wordlists from the text found on a website.

cewl -d 2 -w example.txt https://example.org

This will scrape words from https://example.org up to a depth of 2 links and save them in example.txt.

TTPassGen

TTPassGen is useful for generating password lists with specific rules.

ttpassgen --rule '[?d]{4:4:*}' pin.txt

This command generates a list of 4-digit PINs.

ttpassgen --rule '[?l]{1:3:*}' abc.txt

This generates words consisting of 1 to 3 lowercase letters.

ttpassgen --dictlist 'pin.txt,abc.txt' --rule '$0[-]{1}$1' combination.txt

Combines pin.txt and abc.txt using the - delimiter.

Crunch

Crunch allows you to create wordlists of a specified length and pattern.

crunch 5 5 -t "THM^^" -o tryhackme.txt

This command generates 5-character words following the pattern THM^^ and saves them to tryhackme.txt.

Cupp

Cupp creates customized password lists based on user-provided information.

python3 cupp.py -a

This runs an automated mode to generate a comprehensive wordlist.

John the Ripper

John the Ripper (often called John) is a powerful password cracking tool that supports various mutation rules.

Mutation Techniques

  • Border Mutation – Adds commonly used digits or symbols at the start, end, or both.

  • Freak Mutation – Replaces letters with similar-looking special characters.

  • Case Mutation – Generates variations of uppercase and lowercase letters.

  • Order Mutation – Reverses character order.

  • Repetition Mutation – Repeats character groups.

  • Vowel Mutation – Omits or capitalizes vowels.

  • Strip Mutation – Removes one or several characters.

  • Swap Mutation – Swaps adjacent characters.

  • Duplicate Mutation – Duplicates characters.

  • Delimiter Mutation – Inserts delimiters between characters.

Using John with Wordlists

John uses rule sets defined in john.conf. Find its location with:

locate john.conf

To apply a specific rule to a wordlist:

john --wordlist=[path to wordlist] --rule=PoloPassword [path to new wordlist]

Custom rules can be added to /john/john-local.conf:

nano /john/john-local.conf

Then, execute:

john --wordlist=[path to wordlist] --rule=PoloPassword [path to new word list]

Hashcat

Hashcat is a fast password-cracking tool that supports GPU acceleration. It allows extensive rule-based attack customization.

Mentalist

Mentalist is a user-friendly tool for generating wordlists with rule-based manipulations via a graphical interface.

PreviousjohnNextWeb

Last updated