14

I have found during testing that companies often use variations of their names for critical passwords (for example Microsoft's password might be M1cr0s0f+ or m1cros0ft etc etc).

So if I gave it the phrase "stack exchange' it would ideally compute as many logical variations as possible including things like:

stack_exchange!

I've seen many dictionary generators but they all seem to do something along the lines of

aaaaaaa
aaaaaab
aaaaaac
aaaaaad

I'm wondering if there are any tools available that will allow me to generate a large number of permutations given a 'starting' word.

user2428118
  • 2,768
  • 16
  • 23
NULLZ
  • 11,426
  • 17
  • 77
  • 111
  • Use the Python Luke! –  Sep 11 '13 at 02:07
  • @TerryChia yeah, that's my fall-back plan but a pre-existing solution would help greatly :) – NULLZ Sep 11 '13 at 04:37
  • 1
    Seriously though, is there a need to do this? I thought common password crackers like `john` already mangle whatever dictionaries you throw at it? –  Sep 11 '13 at 05:03

6 Answers6

8

Try using crunch - wordlist generator.

Usage is:

./crunch <from-len> <to-len> [-f <path to charset.lst> charset-name] [-o wordlist.txt or START] [-t [FIXED]@@@@] [-s startblock]

-t option allows you to specify a pattern, eg: st%ck^%xch%ng%

Where only

  • the @'s will change with lowercase letters
  • the ,'s will change with uppercase letters
  • the %'s will change with numbers
  • the ^'s will change with symbols

Running as following:

./crunch 14 14 -t st%ck^%xch%ng% -o wordlist.txt

gives 330000 results:

st0ck!0xch0ng0
st0ck!0xch0ng1
st0ck!0xch0ng2
st0ck!0xch0ng3
st0ck!0xch0ng4
st0ck!0xch0ng5
st0ck!0xch0ng6
...

You can also modify the charset if you think it's insufficient.

5

I just created a tool that will do what you are talking about. It basically takes a word and generates different possible passwords by replace the characters with capital/lowercase letters and common substitutions. Feel free to take a look at it here:

https://github.com/Broham/PassGen

For a target word of stackexchange the potential password gets quite long since it is essentially creating a cartesian product of all possible character substitutions. The call below:

python passgen.py -f stackexchange

Generates a list with 11,943,936 passwords in it as seen below:

stackexchange
stackexchangE
stackexchang3
stackexchanGe
stackexchanGE
.
.
.
574<K3+<#4N9e
574<K3+<#4N9E
574<K3+<#4N93
Abe Miessler
  • 8,155
  • 10
  • 44
  • 72
2

I'm not sure about the algorithmic implications (which means there's probably a lot to improve in my solution) but here goes:

Every letter has an alternate spelling. From your example, o would have the array of O,0 (the last one's a zero). Similarly s would get S,5 etc. Even NULL can be replaced with !,1,2,3... etc. Digraphs are also possible where applicable.

So you don't permutate on words, you permutate on letters. I'm not sure if a precompiled ruleset exists but it doesn't matter; the most time-consuming part is typing up the letter permutations. The main loop would be perfectly straightforward.

for($i=0; $i<strlen($word); $i++){
    $l=$word[$i];
    for($j=0; $j<strlen($perms[$l]); $j++){
        save(perms[$l][$j]);
    isUpper($l) ? $word[$i]=tolower($l) : $word[$i]=toupper($l);
    save($word);
}

for some PHP-flavored pseudocode. I chose PHP because associative arrays make it a bit more comfortable. In other words: Writing the tool yourself might be faster than actually searching for one.

rath
  • 406
  • 4
  • 12
2

here you go! i made it few months ago, it's a Python 2.7 script :p hope it'll help

import time
print ("---------------------------------------------------");
print ("Welcome to BruteForce List Generator!");
print ("---------------------------------------------------");
print ("File output can be long, sometimes in x100Mbs!");
print ("so, have patience fgt,");
print (" ");
print ("Press ^C to exit");
print ("---------------------------------------------------");
length=int(raw_input("Enter the maximum of characters: "))
name=raw_input("Enter destination file name with extension (.txt): ")
tic = time.clock()
print ("---------------------------------------------------");
print ("Running, Please Wait!");
print ("---------------------------------------------------");
lista=[0 for x in xrange(length)]
x=length-1
string="abcdefghijklnmopqrstuvwxyz1234567890"
list_of_results=[]
file1=file(name,"w")
while(x>-1):
    result=""
    if lista[x]==len(string)-1:
        for z in xrange(length):
            result+=string[lista[z]]
        lista[x]=0
        x-=1
    elif x==length-1:
        for z in xrange(length):
            result+=string[lista[z]]
        lista[x]+=1
    else:
        for z in xrange(length):
            result+=string[lista[z]]
        lista[x]+=1
        if x>0:
            x+=1
        else:
            x=length-1
    file1.write(result+"\n")
toc = time.clock()
ttn = toc - tic
print ("Done! in "+str(ttn)+" seconds.");
print ("Please check "+str(name)+" in your directory");
print ("---------------------------------------------------");

Cheers!

v1k45
  • 121
  • 3
1

I have started to create a Qt application to do this. It's designed to be used against a specific user. I created it to satisfy my own need so it's geared up one way but I plan to make it more customisable. You have to compile it yourself at the moment but it's Qt so it will run on most platforms.

It's on Github

You give it the users name company and optionally some extra keywords and it will generate passwords based on them. Its at 0.1 right now and under active development. The code is easy so if it doesn't do exactly what you need it to you can make changes ( and even contribute them back )

enter image description here

squareborg
  • 163
  • 6
0

Hmmm. you could use this with extra configurations

https://github.com/TilakMaddy/-BruteForceListGenerator-

Tilak Madichetti
  • 252
  • 1
  • 6
  • 16