BEWGor: Bull’s Eye Wordlist Generator
What does BEWGor do?
At its core, BEWGor is designed help with ensuring password security. It is a Python script that prompts the user for biographical data about a person (called the Subject), which is then used to create likely passwords for that Subject.
All information is manually inputted and stored locally. No information is sent to any other location, or pulled from the web.
If you want to improve your password security, run BEWGor on yourself!
What are “likely” passwords for a given subject?
When it comes to generating passwords, humanity, on average, has not demonstrated too much creativity. The most common password is 123456 and the 2nd most common is password. My first project, Probable-Wordlists explores this in depth. It contains billions of the world’s most common passwords – in order of how common they are.
If a person doesn’t use a single-word password straight out of a dictionary, they are likely to use words from their personal lives. These words are easy to remember and not screamingly obvious to others – and for many, those are good enough reasons to use them as passwords…
Does your password sound like the answer to a security question?
Passwords often include information like:
- Mother’s Maiden Name
- Name of a Childhood Pet
- Birthdays of the password holder or a loved one
- The password holder’s nationality
Due to Social Media use and the strength of modern day Open-Source Intelligence (OSINT), this information is NOT HARD TO COME BY. Therefore, making it it your password is NOT SECURE.
BEWGor asks for information about a person, and those they associate with, and generates potential passwords based on that data.
Did your subject have a dog named Spot? Was your subject born in 1980?
BEWGor will come up with many variations of these two pieces of information:
spot1980, 1980spot, SPOT80, 80Spot and more.
BEWGor takes the simplest features of CUPP and does a very deep dive. It prompts the user for a lot more specific information, but not have all of CUPP’s capabilities.
- Vastly Increased Information Detail on Main Subject
- Includes Support for an arbitrary number of family members and pets
- By using permutations to generate possible passwords, BEWGor can generate huge numbers of passwords
- Create Upper/Lower/Reverse variations of inputted values
- Save raw inputted values to a Terms file before variations are generated
- Set upper and lower limits on output line length
- Check that an inputted Birthday is valid (not in the future, a false leap day, June 32nd, etc.)
- Allow the User to download Wordlists from within CUPP
- Create ‘l33t’ variations of given lines
- Allow the user to add special characters at the end of words without entering them specifically
- Limit the number of outputs to the most likely formats, such as Name+birthyear
- I’ve got you covered on wordlists – check out my other project Probable-Wordlists
- ’l33t’ variations might be included in a future release, but for now, using a program like HashCat will allow you to create 133t-style and other variations of a BEWGOr wordlist as-needed
- HashCat can do this as well with the ‘rule’ function
- BEWGor is not subtle, it will generate ALL the combinations – including plenty of unlikely ones.
- This may be slimmed down in the future, but why not err on the side of having all the possibilities?
What information does BEWGor collect?
In Alpha release, associates are limited to: 1 Significant other, and an arbitrary number of Children, Parents, Siblings and Pets.
- Full Name
- Maiden Name
- Birthday (day and month)
- Birth Year
- From this information, it can generate initials, Greek/Chinese Zodiac Sign and Birthstone (Western and Hindu Style)
- Everything in All Subjects
- Gender Identity
- National Demonym (Such as Briton, or British)
- National Day
- Full Dates (input the day they founded their company, anniversary, etc.)
- Range of Years (if you don’t know subject’s exact age)