m4ngl3m3: Common password pattern generator using strings list
m4ngl3m3
Install
$ git clone https://github.com/localh0t/m4ngl3m3
$ cd m4ngl3m3
$ ./main.py
Use
–from-year (-fy), –to-year (-ty):
Here we set where we want our script to start and end iterating over years. Many times people include the current year in an effort to add some entropy. Because passwords could be outdated, or the years included could be in the (near) future, we are going to add them as a range. For online environments, we would be looking at a conservative approach and only include ranges in the order of (-1, +1) or (-2, +2). For offline environments, the range could be wider to (-20, +5) or even(-50, +10). Output example:
password2017
[...]
password2018
[...]
password2019
–short-year (-sy):
When iterating years, also add its shorter double-digit form. Output example:
password17
[...]
password18
[...]
password19
–numbers-file (-nf):
In this argument, we are going to select a file containing numbers that people frequently add to their passwords. By default, I included 6 sets, the largest being the 6, and the rest being subsets of the previous one. The numbers included in the first sets (1,2…) are more likely to be present that the ones only included in the latest sets (…5,6). Again, for online environments, we would be looking at using the first three sets, wherein offline environments, we could use the last ones. By default, the script uses the set number 2. Output example:
password1
[...]
password123
[...]
password1234
–symbols-file (-sf):
In this argument, we are going to select a file containing symbols that people frequently add to their passwords. Again, set number 1 is the shortest, set number 6 is the largest. The symbols included in the first sets (1,2…) are more likely to be present that the ones only included in the latest sets (…5,6). By default, the script uses the set number 2. Output example:
password123!
[...]
password2018?
[...]
password1234.
–custom-file (-cf):
Here we add anything else we know about our targets (and it’s not considered as the “base” of the password itself). Let the creativity roll in! It could be from company initials, birth dates, special dates… to specific years, short keywords, etc. This custom strings will be treated in the same way that the years/numbers. Output example:
passwordABC
[...]
password01011980!
[...]
password.admin
MUTATION_MODE (positional argument):
In this parameter, we are going to select how the tool will work when shifting strings. You can choose one of three:
- suffix-mode: It will add years, numbers, symbols and custom after the main string. Example: password2018!
- prefix-mode: It will add years, numbers, symbols and custom before the main string. Example: !2018password
- dual-mode: As the name suggests, it uses both modes (generates both outputs).
STRINGS_FILE (positional argument):
A file containing strings to mutate. If you’re, for example, doing a pentest and don’t know where to start, I would suggest you use a tool like CeWL to spider the company website and keep the most recurring words (including the company name of course).
OUTPUT_FILE (positional argument):
Simply, a file where we want to write the mutated strings.
–symbols-before-suffix (-sbs):
When this flag is enabled, and we are running the tool either in suffix-mode or dual-mode, the script will also add the symbols before years/numbers/custom. Output example:
password2018!
[...]
password!2018
[...]
–symbols-after-prefix (-sap):
When this flag is enabled, and we are running the tool either in prefix-mode or dual-mode, the script will also add the symbols after years/numbers/custom. Output example:
!2018password
[...]
2018!password
[...]
–mutation-methods (-mm):
In this parameter, we define which mutation methods are going to be performed. Mutation methods are base transformations made before starting iterating over years/numbers/symbols/custom. You can select as many mutation methods as you want. For a list of all valid mutation methods, check MUTATION_METHODS.md.
By default, m4ngl3m3! runs with the following: Normal, UpperCase, FirstUp, and ReplaceVowels.
Tutorial
Source: https://github.com/localh0t/
