Security in Obscurity
A script by Jeff Stein
Wordlist-Variant.py
Appends a wordlist with randomized versions of existing words in the list, March 2020
The script entitled "wordlist-variant" will import a text list of words and add variants of each word to the list. The script was ideally designed to increase the size and speed in which a viable wordlist can be generated for use in performing a dictionary attack against passwords or Wi-Fi pre-shared keys however the script can be used for numerous purposes where word variants are needed. The script is designed for any system with Python installed, leveraging Python 3.
DISCLAIMER
This script is offered 'as is' with no warranty. While it has been tested and verified to work in my environment, it is recommended that you test this script in a test environment before utilizing in your own production environment.
Installation
To get started download the files listed in the resource section below. The files should be extracted to the location where Python and the script will run from. Python 3 should be installed on the machine for the script to run properly. Once extracted, the wordlist-variant.py file can be executed from Python.
Overview
The script will add word variants of words contained in a text file list. The script should be used in conjunction of a source.txt which should contain seed words to use to generate a larger dictionary list including the word variants that the script will generate. The output of the new wordlist, entitled dictionary.txt will be found in the same directory that you run the python script from. You can see an sample of the code below:
Pulling in pre-built source file
wordlist = [x.rstrip('\n') for x in open('source.txt')]
Creating Variants
After pulling the source file source.txt into Python as a list, each word in the source file is analyzed and modified to include alternative versions of the word with different types of characters replacing letters in each word. For example apple can become @ppl3 or ApPlE. You can see samples of the code below:
Converting to lowercase
list_lower = [x.lower() for x in wordlist]
for x in list_lower:
wordlist.append(x)
The code above illustrates how you can use python to convert all of the letters in each word to lowercase.
Swapping letter case
list_swap = [x.swapcase() for x in wordlist]
for x in list_swap:
wordlist.append(x)
The code above serves two purposes. The first purpose is to convert lowercase text to uppercase as well as the reverse. Using case swap will also convert the previous code we wrote in the prior example to uppercase.
Replacing letter with characters (Option 1)
list_converta = [x.replace("a", "@") for x in wordlist]
for x in list_converta:
wordlist.append(x)
This code takes some common substitutions in passwords such as replacing an "a" with an "@" symbol and preforms the substitution. Another option for the substitution is to do some but not all of the letter substitutions. An example of this code is below:
Replacing letter with characters (Option 2)
list_convert1e = [x.replace("e", "3", 1) for x in wordlist]
for x in list_convert1e:
wordlist.append(x)
Deduplication
One Function I leverage after each conversion is to dedup the word list to ensure that we do not have the same variant repeated multiple times. This also helps reduce the work of additional interactions as the script runs. To dedup the list I created a Function to convert the Python list to a Python dictionary (which does not allow duplicates). The Function then convert the dictionary back to a list (duplicate free) so we can continue to manipulate our wordlist. You can see an sample of the code below:
Function
def dedup(x):
return list(dict.fromkeys(x))
Using the Function I can call it after each iteration I run against the wordlist so that the list is deduped prior to the next round of iterations. An example of the code to do this is below:
Applying the Function
wordlist = dedup(wordlist)
Resources
Tags
Security Vulnerabilities IDS/IPS Malware Policies PowerShell Python Wi-Fi Cloud Script PKI
