How To: Use Wordlister to Create Custom Password Combinations for Cracking

Use Wordlister to Create Custom Password Combinations for Cracking

Password cracking is a specialty of some hackers, and it's often thought that raw computing power trumps everything else. That is true in some cases, but sometimes it's more about the wordlist. Making a custom, targeted wordlist can cut down cracking time considerably, and Wordlister can help with that.

Wordlister vs Other Wordlist Generators

Wordlister is a wordlist generator and mangler written in Python that can be used to create custom password combinations for cracking. Its main features include multiprocessing for faster speeds and a handful of useful permutation options, including leetspeak, capitalization, and the ability to append and prepend words.

Crunch is a popular wordlist generator that also creates multiple combinations of passwords, but it relies more on patterns and characters than input files. Also, Crunch requires a flag to be set to limit duplicates, something that Wordlister handles automatically.

CeWL is another popular wordlist generator, although it is a different beast altogether. The tool works by spidering webpages and uses words from there to create custom password lists. CeWL could actually be a useful counterpart to Wordlister; by feeding Wordlister the output of CeWL scraping a webpage, even more targeted password lists could be created.

Using Wordlister & All Its Options

We will be working on Kali Linux to show off Wordlister, but any other Linux distro should suffice.

The first thing we need to do is download Wordlister from GitHub. We can use the wget utility to retrieve it over HTTP directly from our terminal:

~# wget https://raw.githubusercontent.com/4n4nk3/Wordlister/master/wordlister.py

--2020-05-03 12:45:36--  https://raw.githubusercontent.com/4n4nk3/Wordlister/master/wordlister.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.148.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.148.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6195 (6.0K) [text/plain]
Saving to: ‘wordlister.py’

wordlister.py                                         100%[======================================================================================================================>]   6.05K  --.-KB/s    in 0s

2020-05-03 12:45:36 (18.5 MB/s) - ‘wordlister.py’ saved [6195/6195]

The script needs Python 3 to work correctly, so if it's not already installed, do so with the following command:

~# apt-get install python3

Now we can run the script with the python3 command:

~# python3 wordlister.py

usage: wordlister.py [-h] --input INPUT --perm PERM --min MIN --max MAX
                     [--test TEST] [--cores CORES] [--leet] [--cap] [--up]
                     [--append APPEND] [--prepend PREPEND]
wordlister.py: error: the following arguments are required: --input, --perm, --min, --max

That gives us some usage information and includes which arguments are required. We can append the -h flag to see the help menu, which is a little more organized and informative:

~# python3 wordlister.py -h

usage: wordlister.py [-h] --input INPUT --perm PERM --min MIN --max MAX
                     [--test TEST] [--cores CORES] [--leet] [--cap] [--up]
                     [--append APPEND] [--prepend PREPEND]

A simple wordlist generator and mangler written in python.

optional arguments:
  -h, --help         show this help message and exit
  --test TEST        Output first N iterations (single process/core)
  --cores CORES      Manually specify processes/cores pool that you want to
                     use
  --leet             Activate l33t mutagen
  --cap              Activate capitalize mutagen
  --up               Activate uppercase mutagen
  --append APPEND    Append chosen word (append 'word' to all passwords)
  --prepend PREPEND  Append chosen word (prepend 'word' to all passwords)

required arguments:
  --input INPUT      Input file name
  --perm PERM        Max number of words to be combined on the same line
  --min MIN          Minimum generated password length
  --max MAX          Maximum generated password length

To use Wordlister, we first need an input file containing a list of passwords we wish to create permutations for and mangle.

Using your favorite text editor, create a text file containing a few common passwords (I am only using a small number of passwords here for demonstration purposes because the permutations can get quite large). Here's what mine looks like:

~# cat list.txt

password
hunter2
secret
iloveyou

Now, we're ready to run the script. Here are the required arguments:

  • input = the name of the text file containing passwords
  • perm = the number of permutations to be combined on the same line
  • min = the minimum length of any generated password
  • max = the maximum length of any generated password

Here is the full command and its output:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32

secret
password
hunter2
iloveyou
secretpassword
secrethunter2
secretiloveyou
passwordsecret
passwordhunter2
passwordiloveyou
hunter2password
hunter2iloveyou
iloveyousecret
hunter2secret
iloveyoupassword
iloveyouhunter2

We can see that it merely combined the given passwords into all possible permutations.

Wordlister contains a handful of useful arguments that are optional, as well. The leet option will transform any letters into numbers using leetspeak:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --leet

iloveyou
1l0v3y0u
hunter2
hunt3r2
password
p455w0rd
secret
53cr3t
iloveyouhunter2
iloveyoupassword
1l0v3y0uhunt3r2
1l0v3y0up455w0rd
iloveyousecret
1l0v3y0u53cr3t
hunter2iloveyou
hunt3r21l0v3y0u
hunter2password
hunt3r2p455w0rd
passwordiloveyou
p455w0rd1l0v3y0u
passwordhunter2
p455w0rdhunt3r2
hunter2secret
passwordsecret
p455w0rd53cr3t
secretiloveyou
hunt3r253cr3t
53cr3t1l0v3y0u
secrethunter2
53cr3thunt3r2
secretpassword
53cr3tp455w0rd

The cap option will capitalize the first letter of each password:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --cap

Iloveyou
Secret
Hunter2
password
iloveyou
hunter2
secret
Password
IloveyouSecret
Iloveyouhunter2
Iloveyoupassword
IloveyouHunter2
Iloveyousecret
IloveyouPassword
SecretIloveyou
Secretpassword
Secretiloveyou
SecretHunter2
Secrethunter2
passwordiloveyou
passwordHunter2
iloveyouSecret
passwordhunter2
iloveyoupassword
passwordsecret
iloveyouHunter2
iloveyouhunter2
SecretPassword
iloveyousecret
iloveyouPassword
passwordIloveyou
passwordSecret
Hunter2Iloveyou
Hunter2Secret
Hunter2password
Hunter2secret
Hunter2iloveyou
Hunter2Password
hunter2Secret
hunter2Iloveyou
hunter2password
hunter2iloveyou
hunter2secret
secretPassword
PasswordIloveyou
hunter2Password
PasswordSecret
Passwordiloveyou
secretpassword
secretIloveyou
PasswordHunter2
Passwordhunter2
secretiloveyou
Passwordsecret
secretHunter2
secrethunter2

The up option will transform every letter in a word into uppercase:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --up

SECRET
secret
hunter2
HUNTER2
ILOVEYOU
password
PASSWORD
iloveyou
SECREThunter2
SECRETpassword
SECRETHUNTER2
SECRETILOVEYOU
SECRETPASSWORD
SECRETiloveyou
secrethunter2
secretpassword
secretHUNTER2
secretILOVEYOU
hunter2password
hunter2iloveyou
hunter2ILOVEYOU
hunter2PASSWORD
passwordSECRET
passwordHUNTER2
passwordsecret
passwordILOVEYOU
passwordhunter2
passwordiloveyou
HUNTER2SECRET
HUNTER2secret
HUNTER2ILOVEYOU
HUNTER2PASSWORD
HUNTER2password
HUNTER2iloveyou
ILOVEYOUsecret
ILOVEYOUSECRET
ILOVEYOUhunter2
ILOVEYOUpassword
secretPASSWORD
ILOVEYOUHUNTER2
secretiloveyou
hunter2SECRET
hunter2secret
ILOVEYOUPASSWORD
PASSWORDhunter2
PASSWORDSECRET
PASSWORDHUNTER2
PASSWORDsecret
PASSWORDILOVEYOU
PASSWORDiloveyou
iloveyouSECRET
iloveyousecret
iloveyouhunter2
iloveyoupassword
iloveyouHUNTER2
iloveyouPASSWORD

The append option will append any given word to all passwords:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --append 1969

secret
secret1969
password
password1969
iloveyou
iloveyou1969
hunter2
hunter21969
secretpassword
secretpassword1969
secretiloveyou
secretiloveyou1969
secrethunter2
secrethunter21969
passwordsecret
passwordsecret1969
passwordiloveyou
passwordiloveyou1969
passwordhunter2
passwordhunter21969
iloveyousecret
iloveyousecret1969
iloveyoupassword
iloveyoupassword1969
iloveyouhunter2
iloveyouhunter21969
hunter2secret
hunter2secret1969
hunter2password
hunter2password1969
hunter2iloveyou
hunter2iloveyou1969

The prepend option will prepend any given word to all passwords:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --prepend Dave

secret
Davesecret
iloveyou
Daveiloveyou
password
Davepassword
hunter2
Davehunter2
secretiloveyou
Davesecretiloveyou
secretpassword
Davesecretpassword
secrethunter2
Davesecrethunter2
iloveyoupassword
iloveyouhunter2
Daveiloveyouhunter2
Daveiloveyoupassword
passwordsecret
Davepasswordsecret
iloveyousecret
Daveiloveyousecret
passwordiloveyou
Davepasswordiloveyou
passwordhunter2
Davepasswordhunter2
hunter2secret
Davehunter2secret
hunter2iloveyou
Davehunter2iloveyou
hunter2password
Davehunter2password

And, of course, any of these options can be combined for a greater number of potential passwords:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --leet --cap --append 1969

secret
secret1969
hunter2
53cr3t
53cr3t1969
hunter21969
hunt3r2
hunt3r21969
Password
Password1969
P455w0rd
P455w0rd1969
Iloveyou
Iloveyou1969
iloveyou
1l0v3y0u
iloveyou1969
1l0v3y0u1969
Secret
Secret1969
1l0v3y0u
53cr3t
1l0v3y0u1969
53cr3t1969
password
password1969
p455w0rd
p455w0rd1969
Hunter2
Hunter21969
Hunt3r2
Hunt3r21969
secrethunter2
secrethunter21969
secretpassword
secretpassword1969
53cr3thunt3r2
53cr3thunt3r21969
secretPassword
53cr3tp455w0rd
secretPassword1969
53cr3tp455w0rd1969
53cr3tP455w0rd

...

This list can grow quite long from only a few initial passwords, so it can be advantageous when creating a custom wordlist for targeted password cracking.

Rather than printing the results to the terminal screen, we can direct the output to a text file that can be used for cracking later:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --leet --cap --append 1969 > mywordlist.txt

Wordlister has a feature that will only output the specified number of iterations, too, in case we wanted to control the length of our list a little better. Use the test option to do so:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --test 10

password
secret
iloveyou
hunter2
passwordsecret
passwordiloveyou
passwordhunter2
secretpassword
secretiloveyou
secrethunter2

We can also manually specify the number of cores to use with the cores option. It can be useful when we don't want all of our resources being hogged at once:

~# python3 wordlister.py --input list.txt --perm 2 --min 6 --max 32 --cores 1

hunter2
password
secret
iloveyou
hunter2password
hunter2secret
hunter2iloveyou
passwordhunter2
passwordsecret
passwordiloveyou
secrethunter2
secretpassword
secretiloveyou
iloveyouhunter2
iloveyoupassword
iloveyousecret

As we can see, this simple tool can be incredibly powerful when it comes to creating targeted wordlists.

Common Password Mistakes

Often, compromised passwords are all a hacker needs to gain access to a system. Strong passwords should be one of the most important aspects of maintaining a proper security posture, but a lot of mistakes are made when it comes to this simple principle.

Passwords that are too short and passwords comprised only of letters are trivial to crack with any modern computer. Likewise, varying passwords by only one letter, or using numbers instead of letters (leetspeak), is something most cracking software takes into account already.

Using a password that is too old and using the same password everywhere makes it much more likely to be compromised over time. Passwords that are created using personal details are also a no-go because any decent hacker will be able to find out specific information that makes these passwords just as easy to crack.

Keeping your password a secret is also essential. That means no sharing it with anyone, and no writing it down on sticky notes next to your computer, however tempting it might be.

Wrapping Up

Today, we learned how to use a tool called Wordlister to create custom password combinations for cracking. First, we looked at a couple of other popular wordlist generators and how they compare to Wordlister. Next, we explored the tool and its options to create a list of custom password permutations. Finally, we covered some common mistakes that are made when coming up with passwords.

Wordlister is a powerful tool that can be used to create custom, targeted wordlists — something that should be valuable to any hacker.

Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.

Buy Now (90% off) >

Cover image by Steve Johnson/Pexels; Screenshots by drd_/Null Byte

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

1 Comment

They weren't lying when they said "the permutations can get quite large", I created a 4.5 GB file!

Share Your Thoughts

  • Hot
  • Latest