Password cracking is a specialty of some hackers, and it's often thought that raw computing power trumps everything else. That is true in some cases, but sometimes it's more about the wordlist. Making a custom, targeted wordlist can cut down cracking time considerably, and Wordlister can help with that.
Wordlister is a wordlist generator and mangler written in Python that can be used to create custom password combinations for cracking. Its main features include multiprocessing for faster speeds and a handful of useful permutation options, including leetspeak, capitalization, and the ability to append and prepend words.
Crunch is a popular wordlist generator that also creates multiple combinations of passwords, but it relies more on patterns and characters than input files. Also, Crunch requires a flag to be set to limit duplicates, something that Wordlister handles automatically.
CeWL is another popular wordlist generator, although it is a different beast altogether. The tool works by spidering webpages and uses words from there to create custom password lists. CeWL could actually be a useful counterpart to Wordlister; by feeding Wordlister the output of CeWL scraping a webpage, even more targeted password lists could be created.
The first thing we need to do is download Wordlister from GitHub. We can use the wget utility to retrieve it over HTTP directly from our terminal:
~# wget https://raw.githubusercontent.com/4n4nk3/Wordlister/master/wordlister.py --2020-05-03 12:45:36-- https://raw.githubusercontent.com/4n4nk3/Wordlister/master/wordlister.py Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 18.104.22.168 Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|22.214.171.124|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 6195 (6.0K) [text/plain] Saving to: ‘wordlister.py’ wordlister.py 100%[======================================================================================================================>] 6.05K --.-KB/s in 0s 2020-05-03 12:45:36 (18.5 MB/s) - ‘wordlister.py’ saved [6195/6195]
The script needs Python 3 to work correctly, so if it's not already installed, do so with the following command:
~# apt-get install python3
Now we can run the script with the python3 command:
~# python3 wordlister.py usage: wordlister.py [-h] --input INPUT --perm PERM --min MIN --max MAX [--test TEST] [--cores CORES] [--leet] [--cap] [--up] [--append APPEND] [--prepend PREPEND] wordlister.py: error: the following arguments are required: --input, --perm, --min, --max
That gives us some usage information and includes which arguments are required. We can append the -h flag to see the help menu, which is a little more organized and informative:
~# python3 wordlister.py -h usage: wordlister.py [-h] --input INPUT --perm PERM --min MIN --max MAX [--test TEST] [--cores CORES] [--leet] [--cap] [--up] [--append APPEND] [--prepend PREPEND] A simple wordlist generator and mangler written in python. optional arguments: -h, --help show this help message and exit --test TEST Output first N iterations (single process/core) --cores CORES Manually specify processes/cores pool that you want to use --leet Activate l33t mutagen --cap Activate capitalize mutagen --up Activate uppercase mutagen --append APPEND Append chosen word (append 'word' to all passwords) --prepend PREPEND Append chosen word (prepend 'word' to all passwords) required arguments: --input INPUT Input file name --perm PERM Max number of words to be combined on the same line --min MIN Minimum generated password length --max MAX Maximum generated password length
To use Wordlister, we first need an input file containing a list of passwords we wish to create permutations for and mangle.
Using your favorite text editor, create a text file containing a few common passwords (I am only using a small number of passwords here for demonstration purposes because the permutations can get quite large). Here's what mine looks like:
~# cat list.txt password hunter2 secret iloveyou
Now, we're ready to run the script. Here are the required arguments:
- input = the name of the text file containing passwords
- perm = the number of permutations to be combined on the same line
- min = the minimum length of any generated password
- max = the maximum length of any generated password
Here is the full command and its output:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 secret password hunter2 iloveyou secretpassword secrethunter2 secretiloveyou passwordsecret passwordhunter2 passwordiloveyou hunter2password hunter2iloveyou iloveyousecret hunter2secret iloveyoupassword iloveyouhunter2
We can see that it merely combined the given passwords into all possible permutations.
Wordlister contains a handful of useful arguments that are optional, as well. The leet option will transform any letters into numbers using leetspeak:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --leet iloveyou 1l0v3y0u hunter2 hunt3r2 password p455w0rd secret 53cr3t iloveyouhunter2 iloveyoupassword 1l0v3y0uhunt3r2 1l0v3y0up455w0rd iloveyousecret 1l0v3y0u53cr3t hunter2iloveyou hunt3r21l0v3y0u hunter2password hunt3r2p455w0rd passwordiloveyou p455w0rd1l0v3y0u passwordhunter2 p455w0rdhunt3r2 hunter2secret passwordsecret p455w0rd53cr3t secretiloveyou hunt3r253cr3t 53cr3t1l0v3y0u secrethunter2 53cr3thunt3r2 secretpassword 53cr3tp455w0rd
The cap option will capitalize the first letter of each password:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --cap Iloveyou Secret Hunter2 password iloveyou hunter2 secret Password IloveyouSecret Iloveyouhunter2 Iloveyoupassword IloveyouHunter2 Iloveyousecret IloveyouPassword SecretIloveyou Secretpassword Secretiloveyou SecretHunter2 Secrethunter2 passwordiloveyou passwordHunter2 iloveyouSecret passwordhunter2 iloveyoupassword passwordsecret iloveyouHunter2 iloveyouhunter2 SecretPassword iloveyousecret iloveyouPassword passwordIloveyou passwordSecret Hunter2Iloveyou Hunter2Secret Hunter2password Hunter2secret Hunter2iloveyou Hunter2Password hunter2Secret hunter2Iloveyou hunter2password hunter2iloveyou hunter2secret secretPassword PasswordIloveyou hunter2Password PasswordSecret Passwordiloveyou secretpassword secretIloveyou PasswordHunter2 Passwordhunter2 secretiloveyou Passwordsecret secretHunter2 secrethunter2
The up option will transform every letter in a word into uppercase:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --up SECRET secret hunter2 HUNTER2 ILOVEYOU password PASSWORD iloveyou SECREThunter2 SECRETpassword SECRETHUNTER2 SECRETILOVEYOU SECRETPASSWORD SECRETiloveyou secrethunter2 secretpassword secretHUNTER2 secretILOVEYOU hunter2password hunter2iloveyou hunter2ILOVEYOU hunter2PASSWORD passwordSECRET passwordHUNTER2 passwordsecret passwordILOVEYOU passwordhunter2 passwordiloveyou HUNTER2SECRET HUNTER2secret HUNTER2ILOVEYOU HUNTER2PASSWORD HUNTER2password HUNTER2iloveyou ILOVEYOUsecret ILOVEYOUSECRET ILOVEYOUhunter2 ILOVEYOUpassword secretPASSWORD ILOVEYOUHUNTER2 secretiloveyou hunter2SECRET hunter2secret ILOVEYOUPASSWORD PASSWORDhunter2 PASSWORDSECRET PASSWORDHUNTER2 PASSWORDsecret PASSWORDILOVEYOU PASSWORDiloveyou iloveyouSECRET iloveyousecret iloveyouhunter2 iloveyoupassword iloveyouHUNTER2 iloveyouPASSWORD
The append option will append any given word to all passwords:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --append 1969 secret secret1969 password password1969 iloveyou iloveyou1969 hunter2 hunter21969 secretpassword secretpassword1969 secretiloveyou secretiloveyou1969 secrethunter2 secrethunter21969 passwordsecret passwordsecret1969 passwordiloveyou passwordiloveyou1969 passwordhunter2 passwordhunter21969 iloveyousecret iloveyousecret1969 iloveyoupassword iloveyoupassword1969 iloveyouhunter2 iloveyouhunter21969 hunter2secret hunter2secret1969 hunter2password hunter2password1969 hunter2iloveyou hunter2iloveyou1969
The prepend option will prepend any given word to all passwords:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --prepend Dave secret Davesecret iloveyou Daveiloveyou password Davepassword hunter2 Davehunter2 secretiloveyou Davesecretiloveyou secretpassword Davesecretpassword secrethunter2 Davesecrethunter2 iloveyoupassword iloveyouhunter2 Daveiloveyouhunter2 Daveiloveyoupassword passwordsecret Davepasswordsecret iloveyousecret Daveiloveyousecret passwordiloveyou Davepasswordiloveyou passwordhunter2 Davepasswordhunter2 hunter2secret Davehunter2secret hunter2iloveyou Davehunter2iloveyou hunter2password Davehunter2password
And, of course, any of these options can be combined for a greater number of potential passwords:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --leet --cap --append 1969 secret secret1969 hunter2 53cr3t 53cr3t1969 hunter21969 hunt3r2 hunt3r21969 Password Password1969 P455w0rd P455w0rd1969 Iloveyou Iloveyou1969 iloveyou 1l0v3y0u iloveyou1969 1l0v3y0u1969 Secret Secret1969 1l0v3y0u 53cr3t 1l0v3y0u1969 53cr3t1969 password password1969 p455w0rd p455w0rd1969 Hunter2 Hunter21969 Hunt3r2 Hunt3r21969 secrethunter2 secrethunter21969 secretpassword secretpassword1969 53cr3thunt3r2 53cr3thunt3r21969 secretPassword 53cr3tp455w0rd secretPassword1969 53cr3tp455w0rd1969 53cr3tP455w0rd ...
This list can grow quite long from only a few initial passwords, so it can be advantageous when creating a custom wordlist for targeted password cracking.
Rather than printing the results to the terminal screen, we can direct the output to a text file that can be used for cracking later:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --leet --cap --append 1969 > mywordlist.txt
Wordlister has a feature that will only output the specified number of iterations, too, in case we wanted to control the length of our list a little better. Use the test option to do so:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --test 10 password secret iloveyou hunter2 passwordsecret passwordiloveyou passwordhunter2 secretpassword secretiloveyou secrethunter2
We can also manually specify the number of cores to use with the cores option. It can be useful when we don't want all of our resources being hogged at once:
~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --cores 1 hunter2 password secret iloveyou hunter2password hunter2secret hunter2iloveyou passwordhunter2 passwordsecret passwordiloveyou secrethunter2 secretpassword secretiloveyou iloveyouhunter2 iloveyoupassword iloveyousecret
As we can see, this simple tool can be incredibly powerful when it comes to creating targeted wordlists.
Often, compromised passwords are all a hacker needs to gain access to a system. Strong passwords should be one of the most important aspects of maintaining a proper security posture, but a lot of mistakes are made when it comes to this simple principle.
Passwords that are too short and passwords comprised only of letters are trivial to crack with any modern computer. Likewise, varying passwords by only one letter, or using numbers instead of letters (leetspeak), is something most cracking software takes into account already.
Using a password that is too old and using the same password everywhere makes it much more likely to be compromised over time. Passwords that are created using personal details are also a no-go because any decent hacker will be able to find out specific information that makes these passwords just as easy to crack.
Keeping your password a secret is also essential. That means no sharing it with anyone, and no writing it down on sticky notes next to your computer, however tempting it might be.
Today, we learned how to use a tool called Wordlister to create custom password combinations for cracking. First, we looked at a couple of other popular wordlist generators and how they compare to Wordlister. Next, we explored the tool and its options to create a list of custom password permutations. Finally, we covered some common mistakes that are made when coming up with passwords.
Wordlister is a powerful tool that can be used to create custom, targeted wordlists — something that should be valuable to any hacker.
Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.