Kali Linux

Weakpass : Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

Weakpass is a tool generates a wordlist based on a set of words entered by the user.

For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organization name with some date, special character, etc. Therefore, it is simpler and easier to test some combinations before launching more complex and time-consuming checks. For example, cracking a Wi-Fi password with a wordlist can take several hours and can fail, even if you choose a great wordlist because there was no such password in it like Evilcorp2019.

Therefore, using the generated wordlist, it is possible to organize a targeted and effective online password check.

Link: https://zzzteph.github.io/weakpass/

Secondary: https://weakpass.com/generate

Features

The hashcat rule syntax is used to generate the wordlist. By default, the generator uses a set of rules “online.rule”, which performs the following mutations:

  • Adding special characters and popular endings to the end of the word – !,!@, !@#, 123! etc. evilcorp!, evilcorp!123
  • Adding digits from 1 to 31, from 01 to 12 – evilcorp01, evilcorp12.
  • Adding the date 2018-2023 – evilcorp2018, evilcorp2019
  • Various combinations of 1-3 – evilcorp2018!
  • Capitalize the first letter and lower the rest, apply 1-4. Evilcorp!2021

As a result, for the word evilcorp, the following passwords will be generated (216 in total):

  • evilcorp
  • Evilcorp
  • EVILCORP
  • evilcorp123456
  • evilcorp2018
  • Evilcorp!2021
  • Evilcorp!2022
  • Evilcorp2018!@#

You can use your own hashcat rules, just click “Show rules” and put in the “Rules” textarea them with the list of rules you like best. Rules that are supported (source https://hashcat.net/wiki/doku.php?id=rule_based_attack):

NameFunctionDescriptionExample RuleInput WordOutput Word
Nothing:Do nothing (passthrough):p@ssW0rdp@ssW0rd
LowercaselLowercase all letterslp@ssW0rdp@ssw0rd
UppercaseuUppercase all lettersup@ssW0rdP@SSW0RD
CapitalizecCapitalize the first letter and lower the restcp@ssW0rdP@ssw0rd
Invert CapitalizeCLowercase first found character, uppercase the restCp@ssW0rdp@SSW0RD
Toggle CasetToggle the case of all characters in word.tp@ssW0rdP@SSw0RD
Toggle @TNToggle the case of characters at position NT3p@ssW0rdp@sSW0rd
ReverserReverse the entire wordrp@ssW0rddr0Wss@p
DuplicatedDuplicate entire worddp@ssW0rdp@ssW0rdp@ssW0rd
Duplicate NpNAppend duplicated word N timesp2p@ssW0rdp@ssW0rdp@ssW0rdp@ssW0rd
ReflectfDuplicate word reversedfp@ssW0rdp@ssW0rddr0Wss@p
Rotate Left{Rotate the word left.{p@ssW0rd@ssW0rdp
Rotate Right}Rotate the word right}p@ssW0rddp@ssW0r
Append Character$XAppend character X to end$1p@ssW0rdp@ssW0rd1
Prepend Character^XPrepend character X to front^1p@ssW0rd1p@ssW0rd
Truncate left[Delete first character[p@ssW0rd@ssW0rd
Trucate right]Delete last character]p@ssW0rdp@assW0r
Delete @ NDNDelete character at position ND3p@ssW0rdp@sW0rd
Extract rangexNMExtract M characters, starting at position Nx04p@ssW0rdp@ss
Omit rangeONMDelete M characters, starting at position NO12p@ssW0rdpsW0rd
Insert @ NiNXInsert character X at position Ni4!p@ssW0rdp@ss!W0rd
Overwrite @ NoNXOverwrite character at position N with Xo3$p@ssW0rdp@s$W0rd
Truncate @ N‘NTruncate word at position N‘6p@ssW0rdp@ssW0
ReplacesXYReplace all instances of X with Yss$p@ssW0rdp@$$W0rd
Purge@XPurge all instances of X@sp@ssW0rdp@W0rd
Duplicate first NzNDuplicate first character N timesz2p@ssW0rdppp@ssW0rd
Duplicate last NZNDuplicate last character N timesZ2p@ssW0rdp@ssW0rddd
Duplicate allqDuplicate every characterqp@ssW0rdpp@@ssssWW00rrdd

The generator automatically removes duplicate passwords.

By pressing the Wi-Fi, all passwords less than 8 characters long will be automatically deleted.

All data is generated using Javascript so that you can use the generator without internet access.

How-To

  • To generate a wordlist, enter in the Words field, words that can be used as part of the password.
  • Click on the Generate button
  • Copy the received content or click on the Copy to clipboard button for automatic copying.
  • Profit!
R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

18 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

18 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago