Create an online list with https://relatedwords.io/dragon-ball-z

Username-anarchy

https://github.com/urbanadventurer/username-anarchy

username-anarchy -i INFILE > OUTFILE

# users.txt: firstname,lastname
username-anarchy -i users.txt -f flast,f.last,first.last,last.first,

#same as ctf-wordlist-names.sh

Cewl

# Download all words from example.org with a depth of 2
# The depth is the number of link level the spider will follow.
cewl -d 2 -w $(pwd)/example.txt https://example.org
cewl www.megacorpone.com -m 6 -w megacorp-cewl.txt

# Lets create a wordlist based on the email id details available under Team link.
cewl -n -e —email_file mailid.txt http://sneakycorp.htb

Manual scrap of relatedwords site

curl https://relatedwords.io/dragon-ball-z -s -L | grep -oi 'nofollow">.*</a>' | perl -pe 's/^nofollow">//; s/<\/a>//'

Shares spidering

Find files from shares

crackmapexec smb -u "<USER>" -p "<PASS>" --shares <IP RANGE> -d <DOMAIN> --spider "*" --content --pattern "<KEYWORD>"

Hashcat

# --force to avoid using the gpu
hashcat --force --stdout pwlist.txt -r /usr/share/hashcat/rules/best64.rule | grep '!'

for i in $(cat pwlist.txt); do echo $i;  echo ${i}2019; echo ${i}2020; done > t

cat /usr/share/seclists/Passwords/Common-Credentials/top-passwords-shortlist.txt > pass.txt
hashcat --force --stdout users.txt -r /usr/share/hashcat/rules/best64.rule /usr/share/hashcat/rules/InsidePro-PasswordsPro.rule >> pass.txt

#remove duplicates
sort -u pass.txt >> clean_pass.txt

# remove space
grep --text -v '^[[:space:]]*$' clean_pass.txt > pass.txt

# Remove less than 7 characters words
egrep -xv '.{1,7}' pass.txt

# Keep 7 to 10 characters words
egrep -x '.{7,10}' clean_pass.txt > pass.txt

# Remove non text words
grep -naxv '.*' file.txt

TTPassGen

With TTPassGen we can craft wordlists from scratch.

# Create a wordlist containing all 4 digits PIN code values
ttpassgen --rule '[?d]{4:4:*}' pin.txt

# Generate a list of all lowercase chars combinations of length 1 to 3
ttpassgen --rule '[?l]{1:3:*}' abc.txt

# Create a new wordlist that is a combination of several wordlists.
# combine all wordlists data separated by a dash.
ttpassgen --dictlist 'pin.txt,abc.txt' --rule '$0[-]{1}$1' combination.txt

# Generate something like text1234
ttpassgen --rule '[?d]{1:4:*}' pin.txt
ttpassgen --dictlist 'megacorp-cewl.txt,pin.txt' --rule '$0$1' combination.txt

Crunch

https://www.hackingarticles.in/a-detailed-guide-on-crunch/

# Create a wordlist of letter from 2 to 2 characters
crunch 2 2 -o words.txt

#generate something like rosie2324%%
crunch 11 11 -t rosie%%%%^^

Bash: Generate a list

With a loop

for i in `seq 1 100`; do echo $i; done

write on the fly

└─$ cat > community <<EOF
heredoc> hello
heredoc> haha
heredoc> commen
heredoc> ddd                             
heredoc> EOF
                                                                   
└─$ cat community        
hello
haha
commen
ddd

Other

Combine 2 lists (to create one)

./combinator.bin <file1> <file2>

Use loop in bash to combine 2 lists

for i in $(seq 1990 2050); do for a in $(cat months.txt); do echo "$a$i" >> wordlist.txt; done; done

Hashcat custom rules

Create a rule to add “1@3$5” to each password of the rockyou.txt

echo \$1@3$5 > demo.rule

hashcat -r demo.rule --stdout demo_passes.txt