Generating a custom password list
- 1.cewl method
cewl -d 7 -m 8 --with-numbers -w cewl.out http://URL
- -d (depth) - how deep you want it to crawl
- --with-numbers - you need this flag if you want the cewl to generate password with numbers.
2. hashcat
hashcat --force password_list -r /usr/share/hashcat/rules/best64_rule --stdout > hashcat_words
- generate the password_list using keywords you found on a web or somewhere else during enum.
- there are many other rules under rules folder other than the best64 rule.
Adding other rules
- 1.create a document with the following content
:$ #do nothing rule in hashcat (so that it will leave out the original phrases alone)
$!$ #this adds an exclamation point at the end of every word
hashcat --force passowrdlist -r append_exclamation.rule -r /usr/share/hashcat/rules/best64.rule --stdout >
- you can have more than 1 rules.
Last modified 10mo ago