Generating a custom password list

  1. cewl method

cewl -d 7 -m 8 --with-numbers -w cewl.out http://URL
  • -d (depth) - how deep you want it to crawl

  • --with-numbers - you need this flag if you want the cewl to generate password with numbers.

2. hashcat

hashcat --force password_list -r /usr/share/hashcat/rules/best64_rule --stdout > hashcat_words
  • generate the password_list using keywords you found on a web or somewhere else during enum.

  • there are many other rules under rules folder other than the best64 rule.

Adding other rules

  1. create a document with the following content

:$ #do nothing rule in hashcat (so that it will leave out the original phrases alone) 
$!$  #this adds an exclamation point at the end of every word 

more rules can be found here: https://hackingvision.com/2020/03/27/hashcat-rule-based-attack/#:~:text=Hashcat%20rules%20are%20rules%20that%20are%20programmed%20to,crack%20more%20passwords%20from%20our%20target%20hash%20table.

hashcat --force passowrdlist -r append_exclamation.rule -r /usr/share/hashcat/rules/best64.rule --stdout > 
  • you can have more than 1 rules.

Last updated