Comments (9)
digininja
commented on August 21, 2024
Sounds possible. What about in instances where a number can be multiple
letters, for example 1 could be i or l? Would you want both words?
…On Tue, 19 Sep 2017 at 12:54 Lexus89 ***@***.***> wrote:
It would be nice to have a feature for creating wordlists based on the
base words. A 'de-1337'-function could help creating these wordlists. The
password '1945un1c0rn01' could result in the base word 'unicorn' by
stripping the begin/end non-alpha's and replacing the inner 1 and 0 with
the alpha character (i/o).
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#40>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWfVJhVshrh17H8LLzScrEQldVBGrks5sj6tpgaJpZM4PcRoy>
.
from pipal.
Lexus89
commented on August 21, 2024
I pretty much only encounter the substitution 'i' with 1 than 'l' so based on that just keeping one word seems to be enough (using only the most common substitution). However if there are more examples like that with multiple letters and/or you experienced the 'l' being used a lot as well, it might be a good thing to keep it configurable maybe..? Can't think of a good solution for that now though :(
from pipal.
digininja
commented on August 21, 2024
The obvious one for 1 to l is 1337 going to leet.
Should be fairly easy to write, will see what I can do.
…On Tue, 19 Sep 2017 at 13:31 Lexus89 ***@***.***> wrote:
I pretty much only encounter the substitution 'i' with 1 than 'l' so based
on that just keeping one word seems to be enough (using only the most
common substitution). However if there are more examples like that with
multiple letters and/or you experienced the 'l' being used a lot as well,
it might be a good thing to keep it configurable maybe..? Can't think of a
good solution for that now though :(
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWSr30uIc3G57Zr7QxzoEUg6IcyJ5ks5sj7QQgaJpZM4PcRoy>
.
from pipal.
digininja
commented on August 21, 2024
How about this?
https://github.com/digininja/deleet/tree/master
from pipal.
Lexus89
commented on August 21, 2024
This looks good, thnx!
Going to be so handy for creating word lists with base words. Tried on some passwords and noticed a couple of possible improvements (brain dump):
- When having a strange character in the wordlist it shows the following error and quits. Can prevent this ofcourse by cleaning up the list in advance but just want to let you know
./deleet.rb:112:in `match': invalid byte sequence in UTF-8 (ArgumentError)
from ./deleet.rb:112:in `block in <main>'
from ./deleet.rb:110:in `each'
from ./deleet.rb:110:in `<main>'
- Convert string to lowercase, rules will handle uppercasing the first character etc.
- Additional substitutions: (@ > a, ! > i, ! > l)
- Perhaps an option to only output unique base words so you dont have to sort -u after
- Was thinking about possible language-based tweaks, for example if a word contains the string '1oord', the '1' is most likely an 'L" instead of a 'i' because of the double 'o'-vowels.
from pipal.
digininja
commented on August 21, 2024
Character encoding is always a pain, I'll see what I can do with it.
For the extra characters, working out what is the word and what is the
prefix/suffix is tricky if you want symbols including. I'm taking the first
non-alpha as the end of the word and stripping everything after that.
Doing a uniq on it should be easy to add.
If you can write language rules that can be implemented, feel free to send
them over, that is too much for me to think about.
…On Wed, 20 Sep 2017 at 10:46 Lexus89 ***@***.***> wrote:
This looks good, thnx!
Going to be so handy for creating word lists with base words. Tried on
some passwords and noticed a couple of possible improvements (brain dump):
- When having a strange character in the wordlist it shows the
following error and quits. Can prevent this ofcourse by cleaning up the
list in advance but just want to let you know
./deleet.rb:112:in `match': invalid byte sequence in UTF-8 (ArgumentError)
from ./deleet.rb:112:in `block in <main>'
from ./deleet.rb:110:in `each'
from ./deleet.rb:110:in `<main>'
- Convert string to lowercase, rules will handle uppercasing the first
character etc.
- Additional substitutions: (@ > a, ! > i, ! > l)
- Perhaps an option to only output unique base words so you dont have
to sort -u after
- Was thinking about possible language-based tweaks, for example if a
word contains the string '1oord', the '1' is most likely an 'L" instead of
a 'i' because of the double 'o'-vowels.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWTMV4D0FgpngjIyrh3FPkuI-WEeNks5skN7rgaJpZM4PcRoy>
.
from pipal.
Lexus89
commented on August 21, 2024
Yes it is indeed tricky, perhaps something like this:
!WiFi@irb4s3Rul3Z! <- Now no baseword printed by deleet
- First strip off non-alpha chars from left to right (until first alpha char): WiFi@irb4s3Rul3Z!
- Strip off non-alpha chars from right to left (until first alpha char): WiFi@irb4s3Rul3Z
- Substitute chars: WiFiairbaseRuleZ
- Convert to lowercase: wifiairbaserulez
For a password like @irb4se! this will ofcourse still result in 'irbase' but a rule placing all special chars in front of base word fixes this issue.
from pipal.
digininja
commented on August 21, 2024
Should be easy enough to do, I'll put it in a new branch so we can play
with it and get it tuned
…On Wed, 20 Sep 2017 at 15:03 Lexus89 ***@***.***> wrote:
Yes it is indeed tricky, perhaps something like this:
***@***.***! <- Now no baseword printed by deleet
1. First strip off non-alpha chars from left to right (until first
alpha char): ***@***.***!
2. Strip off non-alpha chars from right to left (until first alpha
char): ***@***.***
3. Substitute chars: WiFiairbaseRuleZ
4. Convert to lowercase: wifiairbaserulez
For a password like @irb4se! this will ofcourse still result in 'irbase'
but a rule placing all special chars in front of base word fixes this issue.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWQRuCxaNySUDJw4lWAVKd_0jwKc6ks5skRsfgaJpZM4PcRoy>
.
from pipal.
digininja
commented on August 21, 2024
Moving this discussion over to the deleet project, I'm going to do some updates and will comment over here digininja/deleet#1
from pipal.
Related Issues (20)
- [OS X] Not Working Properly HOT 4
- --external option gives error HOT 5
- Nop Such File or Directory HOT 4
- Mangling HOT 14
- list_checker.rb colour refs HOT 3
- See found strings inline HOT 2
- unknown regexp option s - bac (SyntaxError) HOT 8
- Change branding/wording HOT 2
- Pipal lag and failure to complete analysis (RAM limitations?) HOT 10
- Masks HOT 6
- Running a Batch HOT 4
- "Dates" aren't sorted by frequency [bug?] HOT 8
- syntax error ?!!! HOT 3
- Can't find password file HOT 5
- Passing email ids [question] HOT 4
- unknown regexp options - bac (SyntaxError) HOT 12
- Base words (feature request) HOT 13
- Output as markdown HOT 4
- Error with module HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pipal.