RSMangler – Keyword Based Wordlist Generator For Bruteforcing


RSMangler will take a word list and perform various manipulations on it similar to those done by John the Ripper with a few extras. It goes along well with our previous post on Password Cracking Wordlists and Tools for Brute Forcing.

There are other options too like Wyd – Automated Password Profiling Tool, which is a little more advanced – or The Associative Word List Generator (AWLG).

The main new feature is permutations mode which takes each word in the list and combines it with the others to produce all possible permutations (not combinations, order matters). For example the words freds, fresh, fish will produce the following list:

Each of these new words is then subject to the other mangles, because of this we strongly recommend with permutations mode enabled (default) you use a very small wordlist, 3 start words create a final list containing 4245 words and 5 start words creates a list containing 91975. As a test we tried it with a few hundred words and gave up when the output file got to 3G. If you try to use a file with more than 5 words you will get a warning and the option to abort. Other mangles include adding the numbers 1 to 123 to the start and end, 01 to 09 to the start and end, various case manipulations, leet speak, word reversal, ed and ing on the end and doubling words up.

The initial wordlist can either be specified as a file or can be piped in through STDIN.

Installation

RSMangler is written in Ruby and therefore needs Ruby to be installed and working. The script needs to be made executable and it doesn’t rely on any gems or anything external.

You can download RSMangler here:

rsmangler_1.0.tar.bz2

Or read more here.

Posted in: Hacking Tools, Password Cracking

, , , , , ,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


Comments are closed.