Build a custom wordlist for the password cracking/guessing tools.
General wordlist idea
- football, team and players
- movies, characters
- series, characters
The Custom Word List generator, spiders a target website and builds a list of unique words.
cewl -w <OUTPUT FILE> -d 1 <URL>
Alternatively, try using the beautifulsoup python library.t
Custom company wordlist
- company and service provider names, including previous, current and future years (+/- 5 years)
- product names used internally
- brands referred to on the company website
- days and months (monday, january, …) in the company language
- default password provided by helpdesk
Generate using hashcat
hashcat64.exe -r rules\rockyou-30000.rule --stdout custom.txt
STILL NEED TO BE TESTED AND IMPROVED
Trim wordlist based on known password policy
pw-inspector tool that comes with
hydra for this purpose.