We have already discussed about creating wordlist with crunch in earlier post. Today we will talk about another tool that also allows you to collect your own dictionary or wordlist:
- The tool also allows you to exclude words from the dictionary, which you have already used in the attack so as to avoid repetitions.
- There is a “lyric pass” module which allows you to include phrases and lyrics of artists in the dictionary.
- This tool interactively asks questions about the target of the target under attack and then creates a wordlist by replacing letters from the words given to it with symbols and numbers.
Steps to follow
Let’s talk about the tool now. This is called bopscrk, written in python and available at https://github.com/r3nt0n/bopscrk
- To install on Kali Linux, type in the terminal:
git clone https://github.com/r3nt0n/bopscrk.git
- Then go to the directory with bopscrk and run the script:
python3 bopscrk.py -i
- After we answer the questions of the system, set the following parameters offered to our attention:
- -Minimum length – 8.
- -Maximum length – 16.
- -Name – Vladimir.
- -Surname – Yagodichkin.
- -Date of birth – December 20, 1987.
- -Additional words associated with the target, separated by commas – honda, zenit, warcraft.
- -Set the parameters for replacing letters with numbers, as well as the substitution of special characters at the beginning and end of the password – we answer “y”.
- -How many words we go to combine – indicate 2.
- -The name of the artist whose lyrics we want to add – let’s skip, more on that below.
- -Exclude words from another dictionary – here we can indicate the path to the dictionary – skip.
- -Select the file with the result, by default tmp.txt in the current directory – leave it as it is.
The output is 260449 possible password values
- Let’s view the contents of the file in the nano editor
- We can use the specified file to attack
- Now we will consider the most interesting function, namely the use of phrases from the lyrics of artists’ songs, for this we will re-enter
python3 bopscrk.py -i
- We skip all the suggested values, except for the minimum and maximum length – put 20 characters each (for clarity) and stop at “Artist names to search song lyrics (comma-separated)”, in the specified line, enter, for example, 2pac (known killed benchmark).
- We see that the instrument has found 1244 songs of the specified artist and starts working with them.
- As a result, we get the result, of course it is better to mix with special characters and numbers
Conclusion
So we saw on how we can generate wordlist using song lyrics, which can be great fun for you.
Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.