Weakpass is a tool generates a wordlist based on a set of words entered by the user.
For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organization name with some date, special character, etc. Therefore, it is simpler and easier to test some combinations before launching more complex and time-consuming checks. For example, cracking a Wi-Fi password with a wordlist can take several hours and can fail, even if you choose a great wordlist because there was no such password in it like Evilcorp2019.
Therefore, using the generated wordlist, it is possible to organize a targeted and effective online password check.
Link: https://zzzteph.github.io/weakpass/
Secondary: https://weakpass.com/generate
The hashcat rule syntax is used to generate the wordlist. By default, the generator uses a set of rules “online.rule”, which performs the following mutations:
As a result, for the word evilcorp, the following passwords will be generated (216 in total):
You can use your own hashcat rules, just click “Show rules” and put in the “Rules” textarea them with the list of rules you like best. Rules that are supported (source https://hashcat.net/wiki/doku.php?id=rule_based_attack):
Name | Function | Description | Example Rule | Input Word | Output Word |
---|---|---|---|---|---|
Nothing | : | Do nothing (passthrough) | : | p@ssW0rd | p@ssW0rd |
Lowercase | l | Lowercase all letters | l | p@ssW0rd | p@ssw0rd |
Uppercase | u | Uppercase all letters | u | p@ssW0rd | P@SSW0RD |
Capitalize | c | Capitalize the first letter and lower the rest | c | p@ssW0rd | P@ssw0rd |
Invert Capitalize | C | Lowercase first found character, uppercase the rest | C | p@ssW0rd | p@SSW0RD |
Toggle Case | t | Toggle the case of all characters in word. | t | p@ssW0rd | P@SSw0RD |
Toggle @ | TN | Toggle the case of characters at position N | T3 | p@ssW0rd | p@sSW0rd |
Reverse | r | Reverse the entire word | r | p@ssW0rd | dr0Wss@p |
Duplicate | d | Duplicate entire word | d | p@ssW0rd | p@ssW0rdp@ssW0rd |
Duplicate N | pN | Append duplicated word N times | p2 | p@ssW0rd | p@ssW0rdp@ssW0rdp@ssW0rd |
Reflect | f | Duplicate word reversed | f | p@ssW0rd | p@ssW0rddr0Wss@p |
Rotate Left | { | Rotate the word left. | { | p@ssW0rd | @ssW0rdp |
Rotate Right | } | Rotate the word right | } | p@ssW0rd | dp@ssW0r |
Append Character | $X | Append character X to end | $1 | p@ssW0rd | p@ssW0rd1 |
Prepend Character | ^X | Prepend character X to front | ^1 | p@ssW0rd | 1p@ssW0rd |
Truncate left | [ | Delete first character | [ | p@ssW0rd | @ssW0rd |
Trucate right | ] | Delete last character | ] | p@ssW0rd | p@assW0r |
Delete @ N | DN | Delete character at position N | D3 | p@ssW0rd | p@sW0rd |
Extract range | xNM | Extract M characters, starting at position N | x04 | p@ssW0rd | p@ss |
Omit range | ONM | Delete M characters, starting at position N | O12 | p@ssW0rd | psW0rd |
Insert @ N | iNX | Insert character X at position N | i4! | p@ssW0rd | p@ss!W0rd |
Overwrite @ N | oNX | Overwrite character at position N with X | o3$ | p@ssW0rd | p@s$W0rd |
Truncate @ N | ‘N | Truncate word at position N | ‘6 | p@ssW0rd | p@ssW0 |
Replace | sXY | Replace all instances of X with Y | ss$ | p@ssW0rd | p@$$W0rd |
Purge | @X | Purge all instances of X | @s | p@ssW0rd | p@W0rd |
Duplicate first N | zN | Duplicate first character N times | z2 | p@ssW0rd | ppp@ssW0rd |
Duplicate last N | ZN | Duplicate last character N times | Z2 | p@ssW0rd | p@ssW0rddd |
Duplicate all | q | Duplicate every character | q | p@ssW0rd | pp@@ssssWW00rrdd |
The generator automatically removes duplicate passwords.
By pressing the Wi-Fi, all passwords less than 8 characters long will be automatically deleted.
All data is generated using Javascript so that you can use the generator without internet access.
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…