How to Create a Custom Wordlist for bruteforcing from a website.

Creating Custom Wordlists For Password Brute Forcing 

       wget -r -l 2 www.target-hackme.com

Next step is to remove the weird characters. Don't worry, we can put them back. This primarily removes the HTML tags and such:


     grep -hr "" www.targetwebsite.com/ | tr '[:space:]' '\n' | sort | uniq > wordlist.lst

  egrep -v '('\,'|'\;'|'\}'|'\{'|'\<'|'\>'|'\:'|'\='|'\"'|'\/'|'\/'|'\['|'\]')' wordlist.lst | sort -u > wordlist.clean


   john --wordlist=wordlist.lst --rules --stdout | uniq > wordlist_Clean.lst        modify the rules so that it does a better job of adding in special characters (such as replacing all "i" with "1").
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s