Before we begin an infrastructure penetration test it is important before we go onsite to have a customized password wordlist that will apply only to the client that we are conducting the job. A good password list can play major role in the success of a penetration test as the timeframe is most of the time limited and we don’t want to spend hours of trying to brute force a system with a public and more generic password list that contain passwords which are not relevant when can focus more on passwords that might apply to the customer and to the systems that we are targeting.

In order to achieve that we will use Wyd. The idea behind this tool is to analyze files in various formats (plain, html, php, doc, ppt, mp3, pdf, jpeg) and to extract words and strings.

The first step is to download the web content of the site of our client with wget.

Downloading Web Content of the Target Site

Then we run Wyd and we write the output into an txt file.

Running Wyd tool to generate passwords

Running Wyd tool to generate passwords

We used the -t parameter in order to separate wordlist files by type and the -b and -e for disabling the removal of non-alpha characters at the beginning and at the end of the word.

Afterwards we can view the contents of the wordlist and we can choose the most relevant keywords for our custom password list.

View the contents of the Password List

View the contents of the Password List

Contents of Password List

Contents of Password List

Generation of custom password lists can be done as well with Crunch and CUPP.

https://pentestlab.wordpress.com/2012/03/06/common-user-passwords-profiler/

https://pentestlab.wordpress.com/2012/07/12/creating-wordlists-with-crunch/