Tuesday, December 06, 2011

Adding custom wordlists in Metasploit for brute force password audits

In any penetration test that involves brute forcing passwords, you may want to increase your chances of a successful password audit by adding custom wordlists specific to the organization that hired you. Some examples:
  • If you are security testing a hospital, you may want to add a dictionary with medical terms.
  • If you're testing a German organization, users are likely to use German passwords, so you should add a German wordlist.
  • Another good idea is to build a custom wordlist based on the organization's website (try the Worldlist Ruby gem to generate a wordlist based on a URL scrape)
For more details, please refer to this Metasploit Blog:

1 comment:

deepakw3c said...

Even though it's easy for us technicians, this is good data for the regular user.
Printer support
Printer Repair
Virus and Security Solution