Types of wordlist

There 5 types of wordlists

1. Weak common Password (e.g. rockyou.txt, darkweb2017-top100.txt and etc)
2. Scrapped wordlist - scrape a website for words that can be used as password (tool - CeWL)
3. Generated words - generate a common pattern words (e.g. aaaa, bbbb , cccc) (tool - crunch)
4. Generate keyboard walks (tool - kwprocessor)
5. Wordlists based on current year / season (e.g. Summer2020 , Winter2019 and etc) (tool - weakpass_generator)

CeWL

CeWL - Custom Word List generator

Creating custom word lists spidering a targets website and collecting unique words.

GitHub: https://github.com/digininja/CeWL

Usage:

└─$ cewl <https://digi.ninja/>
CeWL 5.4.8 (Inclusion) Robin Wood ([email protected]) (<https://digi.ninja/>)
the
and
you
with
this
for
that
Share
The
but
close
can
ninja
get
are
was
from
have
all
site
they
[--sniped--]

Weak Passwords

SecList- https://github.com/danielmiessler/SecLists/tree/master/Passwords

Crunch

crunch enables us to create a custom password-cracking wordlist that we can use with such tools like Hashcat, Cain and Abel, John the Ripper, Aircrack-ng, and others. This custom wordlist might be able to save us hours or days in password cracking if we can craft it properly.

Syntax:

kali > crunch <min> max<max> <characterset> -t <pattern> -o <output filename>

Example: