Wordlist .txt -

john --wordlist=base.txt --rules=best --stdout > mutated.txt

crunch 4 6 abc123 -o wordlist.txt (Lengths 4–6 using a,b,c,1,2,3) cewl https://example.com -d 2 -m 5 -w wordlist.txt (Depth 2, minimum word length 5) 3.5 Using john (John the Ripper) rules john --wordlist=base.txt --rules --stdout > wordlist.txt 3.6 Using hashcat utilities hashcat --stdout -a 3 ?l?l?l?l > wordlist.txt (All 4-letter lowercase combos — huge!) 4. Manipulating Wordlists 4.1 Sorting & Removing Duplicates sort -u wordlist.txt > clean_wordlist.txt 4.2 Splitting Large Wordlists split -l 100000 huge_wordlist.txt part_ 4.3 Filtering by Length awk 'length($0) >= 6 && length($0) <= 10' wordlist.txt > filtered.txt 4.4 Case Manipulation tr '[:lower:]' '[:upper:]' < wordlist.txt > uppercase.txt # all uppercase 4.5 Adding Prefixes/Suffixes awk 'print "admin"$0' wordlist.txt > prefixed.txt awk 'print $0"2024"' wordlist.txt > suffixed.txt 4.6 Combining Multiple Wordlists cat list1.txt list2.txt list3.txt > combined.txt sort -u combined.txt > unique_combined.txt 5. Using Wordlists with Popular Tools 5.1 Hashcat (password cracking) hashcat -m 0 -a 0 hash.txt wordlist.txt (Straight dictionary attack) 5.2 John the Ripper john --wordlist=wordlist.txt hash.txt 5.3 Hydra (online brute force) hydra -l admin -P wordlist.txt ssh://192.168.1.1 5.4 Dirb (web directory brute force) dirb https://example.com wordlist.txt 5.5 Wfuzz wfuzz -c -z file,wordlist.txt https://example.com/FUZZ 6. Advanced: Mutating Wordlists Instead of only using a static list, apply mutations: wordlist .txt

cat textfile.txt | tr ' ' '\n' | sort -u > wordlist.txt john --wordlist=base

password 123456 admin qwerty letmein | Use Case | Description | |----------|-------------| | Password cracking | Tools like John the Ripper, Hashcat, Hydra try each line as a password. | | Brute-force login testing | Automate login attempts with wordlists. | | Fuzzing web apps | Discover hidden directories, files, or parameters (e.g., dirb , ffuf ). | | Dictionary attacks | Test system security against common passwords. | | Data cleaning | Compare, filter, or sort lists of terms. | | Word games / puzzles | Provide a list of valid inputs. | 3. Creating a Wordlist (.txt) 3.1 Manual Creation Open any text editor (Notepad, VS Code, Vim, Nano), write one item per line, save as .txt (UTF-8 encoding recommended). 3.2 From Existing Text Extract unique words from a book, website, or log file. Advanced: Mutating Wordlists Instead of only using a

msfvenom -p payload -o wordlist.txt -a x86 --platform windows -e x86/shikata_ga_nai (Not for password lists — more for payload generation) | Name | Description | Size | |------|-------------|------| | rockyou.txt | Classic breach password list (from RockYou) | ~14M lines | | SecLists/Passwords | Common passwords + real-world breaches | Large | | CrackStation | Includes word + mutation rules | ~20GB | | Openwall wordlists | English dictionary + passwords | ~500MB |

Get-Content .\input.txt -Raw | -split '\W+' | Sort-Object -Unique | Out-File wordlist.txt Generate wordlists based on character sets and length.

hashcat --stdout -r rules/best64.rule base_wordlist.txt > mutated.txt