All Linux HowTo's Security HowTo's

Creating your own Password list

If you want to create a customised password list for a specific target (client, I hope), this article is for you. It’s basically just a re-write of “https://karimlalji.wordpress.com/2018/04/26/password-guessing-mangle-a-custom-wordlist-with-cewl-and-hashcat/” which I’ll probably forget later so I’m documenting here.

We don’t just want a list of passwords, we want a list of targeted passwords. Actually, we want a list of targeted passwords with variations such as adding numbers and capitals to make them more likely to match.

We’re using Ubuntu 20.04.

Install the packages we need:

apt install hashcat cewl 

Let’s create the password list based on words used on their website:

cewl -d 2 -m 5 -w example-clean.txt https://www.example.com

Note: Where -d means depth of searching the target website for words. -m means minimum password length. -w is the file we’re storing the passwords in. And then there’s the website we want to search for interesting words.

But the above password list is just words from the target website. We need to “mangle” them… get more variations. For example. the word “hello” might become: hello1, Hello, Hello123, etc.

hashcat --stdout --rules-file /usr/share/hashcat/rules/best64.rule example-clean.txt | uniq -u >> example-mangled.txt

Now we can use our cracking tool with our new and targeted “example-mangled.txt” password file.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.