bopscrk v2.3.1 releases: generate smart and powerful wordlists
Bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists.
The first idea was inspired by Cupp and Crunch. We could say that bopscrk is a wordlist generator situated between them, taking the best of each one. The challenge was to try to apply the Cupp’s idea to more generic-situations and amplify the shoot-range of the resultant wordlist, without losing this custom-wordlist-profiler feature.
How it works
- You have to provide some words which will act as a base.
- The tool will generate all possible combinations between them.
- To generate more combinations, it will add some common separators (e.g. “-“, “_”, “.”), random numbers, and special chars.
- You can enable leet and case transform to increase your chances.
- If you enable lyricpass mode, the tool will ask you about artists and it will download all his songs’ lyrics. Each line will be added as a new word. Then it will be transformed in several ways (leet, case, only first letters, with and without spaces…). Artist names will be added too.
- You can provide wordlists that you already tried against the target in order to exclude all these words from the resultant wordlist (-x).
2.3.1 version notes
- fixing namespace bug (related to aux.py module, renamed to auxiliars.py) when running on windows systems
- unittest (and simple unitary tests for transforms, excluders and combinators functions) implemented.
2.3 version notes (15/10/2020)
- Customizable configuration for artists and lyrics transforms using the cfg file
- Requirements at setup.py updated
- Multithreads logic improved
- Leet and case order reversed to improve operations efficiency
- BUG FIXED in lyrics space replacement
- BUG FIXED when remove duplicates (Type Error: unhashable type: ‘list’)
- Memory management and efficiency improved
- SPLIT INTO MODULES to improve project structure
- BUG FIXED in wordlists-exclusion feature
2.2 version notes (11/10/2020
- Configuration file implemented
- NEW FEATURE: Allow to create custom charsets and transforms patterns trough the config file
- NEW FEATURE: Recursive leet transforms implemented (disabled by default, can be enabled in cfg file)
2.2~beta version notes (10/10/2020)
- The lyricpass integration have been updated to run with last version released by initstring
--lyrics-alloption removed (feature integrated in other options)
git clone https://github.com/r3nt0n/bopscrk.git
pip3 install -r requirements.txt
- Fields can be left empty.
- Words have to be written without accents, just normal characters.
- In the others field, you can write several words comma-separated. Example: 2C, Flipper.
- Using the non-interactive mode, you should provide years in the long and short way (1970,70) to get the same result than the interactive mode.
- You have to be careful with -n argument. If you set a big value, it could result in too huge wordlists. I recommend the values between 2 and 5.
- To feed lyricpass with several artists through the command line you should provide it comma-separated and quotes-enclosed. Example: -a “john doe, john smith”
It will retrieve all lyrics from all songs which belong to artists that you provide. As this feature can make the wordlist grow too much, by default it will store each phrase reduced to its initials (which will be transformed later if you have activated leet and case transforms). As one of the main methods to use lyrics as a password is to take just initials, It should be usually enough.
With –lyrics-all, it will store the raw phrases too and apply some transforms over them (like convert spaces into dots and other special chars). This method is strongly unrecommended because 5000 phrases could become 5.000.000 easily.
If you want to make an extensive and accurate lyrics-wordlist related to a target, a better choice is to use it without any other words added (and maybe without leet and case transforms).
This tool is created for the sole purpose of security awareness and education, it should not be used against systems that you do not have permission to test/attack. The author is not responsible for misuse or for any damage that you may cause. You agree that you use this software at your own risk.
Copyright (C) 2018 r3nt0n