🥷
Offensive Security
  • Shells and stuffs
    • Bind Shell
    • Reverse Shell
    • TTY Shell
    • File Transfer
    • Handmade Network Scan
  • Services enumeration
    • DNS Enumeration
    • SMB Enumeration
    • NFS Enumeration
  • Linux Privilege Escalation
    • Useful Tools
    • Hijack X11 session
    • Linux capabilities
    • LXC membership
  • Windows Privilege Escalation
    • Useful Tools
  • Password Attacks
    • Build Wordlist
    • Network Service Attacks
    • Password Cracking
  • Active Directory
    • AD CS
  • OSINT
    • Google Dorks
Powered by GitBook
On this page
  • Scrap a website
  • Create more complex passwords
  • Generate passwords following specific patterns
  1. Password Attacks

Build Wordlist

Scrap a website

The cewl command scrapes a website and return all the words contains in the pages of the application.

cewl <website> -w <output file>

It is also possible to filter the words returned by indicating a minimum number of letters:

cewl <website> -m 6 -w <output file>

Create more complex passwords

From a simple wordlist made by hand or from tools like cewl, it is possible to create even more complex wordlists.

To do so, invoke john as shown below:

john --wordlist=<initial wordlist> --rules --stdout > <complex wordlist>

Specify --rules=All to use all available rules and get more possibilities.

Generate passwords following specific patterns

Crunch, included with Kali Linux, is a powerful wordlist generator that can create a wordlist containing every possible password that matches the defined pattern.

PLACEHOLDER
CHARACTER TRANSLATION

@

Lower case alpha characters

,

Upper case alpha characters

%

Numeric characters

^

Special characters including space

For example, specify a minimum and maximum word length of eight characters (8 8) and describe the rule pattern with -t ,@@^^%%%:

crunch 8 8 -t ,@@^^%%%
PreviousUseful ToolsNextNetwork Service Attacks

Last updated 2 years ago