Generating a custom password list

1.cewl method
cewl -d 7 -m 8 --with-numbers -w cewl.out http://URL
-d (depth) - how deep you want it to crawl
--with-numbers - you need this flag if you want the cewl to generate password with numbers.
2. hashcat 
hashcat --force password_list -r /usr/share/hashcat/rules/best64_rule --stdout > hashcat_words
generate the password_list using keywords you found on a web or somewhere else during enum.
there are many other rules under rules folder other than the best64 rule.
Adding other rules 
1.create a document with the following content 
:$ #do nothing rule in hashcat (so that it will leave out the original phrases alone) 
$!$  #this adds an exclamation point at the end of every word 
more rules can be found here: https://hackingvision.com/2020/03/27/hashcat-rule-based-attack/#:~:text=Hashcat%20rules%20are%20rules%20that%20are%20programmed%20to,crack%20more%20passwords%20from%20our%20target%20hash%20table.​
hashcat --force passowrdlist -r append_exclamation.rule -r /usr/share/hashcat/rules/best64.rule --stdout > 
you can have more than 1 rules. 
​
Cracking Passwords
shellshock
Last modified 10mo ago