Network Security Solutions : Adding custom wordlists in Metasploit for brute force password audits

Tuesday, December 06, 2011

Adding custom wordlists in Metasploit for brute force password audits

In any penetration test that involves brute forcing passwords, you may want to increase your chances of a successful password audit by adding custom wordlists specific to the organization that hired you. Some examples:

If you are security testing a hospital, you may want to add a dictionary with medical terms.
If you're testing a German organization, users are likely to use German passwords, so you should add a German wordlist.
Another good idea is to build a custom wordlist based on the organization's website (try the Worldlist Ruby gem to generate a wordlist based on a URL scrape)

For more details, please refer to this Metasploit Blog:

https://community.rapid7.com/community/metasploit/blog/2011/12/05/adding-custom-wordlists-in-metasploit-for-brute-force-password-audits

Network Security Solutions

Tuesday, December 06, 2011

Adding custom wordlists in Metasploit for brute force password audits

No comments:

Buy Hacker T-Shirt

Security Pro/Hackers Blog

About NSM Security Solutions

Blog History (Network Security is a process!!!)

Followers

Search This Blog

Network Security Solutions

Tuesday, December 06, 2011

Adding custom wordlists in Metasploit for brute force password audits

No comments:

Buy Hacker T-Shirt

Security Pro/Hackers Blog

About NSM Security Solutions

Blog History (Network Security is a process!!!)

Followers

Subscribe To

Search This Blog