0

Suppose that we are going to perform a dictionary attack to crack the password of a known account. If we have some simple information from the account owner, such as first name, surname, age, date of birth, birthplace, etc, in form of a wordlist, is there any tool to automatically generate a more complex password dictionary, say by combining different words, capitalizing them, mutating, etc?

sisaman
  • 13
  • 4
  • in fact, it's part of a university course project. – sisaman Oct 04 '16 at 13:37
  • 1
    Of course, the course did not tell us to do so. We want to propose building an automated tool for cracking passwords based on simple information as our course project. So I just want to know whether there is any tool already present or not. – sisaman Oct 04 '16 at 13:45
  • I see. Well, your question by itself seems reasonable. However, I think our site policies will prevent you from getting a specific product recommendation. Maybe someone else (besides me) knows something that can help you. – 700 Software Oct 04 '16 at 13:47
  • I think the exercise of cracking password hashes ranks pretty low on the 'real-world usefulness' scale. Such is the typical case of university IT courses. I suppose such an exercise has some benefits, but it just seems to me that exercises in defense would be more useful and morally rewarding. – 700 Software Oct 04 '16 at 13:52
  • 4
    @GeorgeBailey I'm inclined to disagree. Cracking passwords is still insanely useful in real-world engagements; resulting from the continued use of weak passwords. User education has its place and may help reduce the effectiveness of password guessing/cracking, but I still routinely crack 60-80% of an entire Domain's hashes on a typical pentest. – HashHazard Oct 04 '16 at 13:55
  • @GeorgeBailey Thanks for your advice. Actually, I have a few projects in my mind and I'm now checking the feasibility of each one. – sisaman Oct 04 '16 at 13:57

1 Answers1

2

There is already an open source tool out there that does this. It's called CeWL. It comes with Kali Linux or available on GitHub.

You can also use Crunch.

A third option: Transmute.py

HashHazard
  • 5,105
  • 1
  • 17
  • 29