How can I generate custom brute-force dictionaries?
Try using crunch - wordlist generator.
Usage is:
./crunch <from-len> <to-len> [-f <path to charset.lst> charset-name] [-o wordlist.txt or START] [-t [FIXED]@@@@] [-s startblock]
-t option allows you to specify a pattern, eg: st%ck^%xch%ng%
Where only
- the @'s will change with lowercase letters
- the ,'s will change with uppercase letters
- the %'s will change with numbers
- the ^'s will change with symbols
Running as following:
./crunch 14 14 -t st%ck^%xch%ng% -o wordlist.txt
gives 330000 results:
st0ck!0xch0ng0
st0ck!0xch0ng1
st0ck!0xch0ng2
st0ck!0xch0ng3
st0ck!0xch0ng4
st0ck!0xch0ng5
st0ck!0xch0ng6
...
You can also modify the charset if you think it's insufficient.
I just created a tool that will do what you are talking about. It basically takes a word and generates different possible passwords by replace the characters with capital/lowercase letters and common substitutions. Feel free to take a look at it here:
https://github.com/Broham/PassGen
For a target word of stackexchange the potential password gets quite long since it is essentially creating a cartesian product of all possible character substitutions. The call below:
python passgen.py -f stackexchange
Generates a list with 11,943,936 passwords in it as seen below:
stackexchange
stackexchangE
stackexchang3
stackexchanGe
stackexchanGE
.
.
.
574<K3+<#4N9e
574<K3+<#4N9E
574<K3+<#4N93
I'm not sure about the algorithmic implications (which means there's probably a lot to improve in my solution) but here goes:
Every letter has an alternate spelling. From your example, o would have the array of O,0 (the last one's a zero). Similarly s would get S,5 etc. Even NULL can be replaced with !,1,2,3... etc. Digraphs are also possible where applicable.
So you don't permutate on words, you permutate on letters. I'm not sure if a precompiled ruleset exists but it doesn't matter; the most time-consuming part is typing up the letter permutations. The main loop would be perfectly straightforward.
for($i=0; $i<strlen($word); $i++){
$l=$word[$i];
for($j=0; $j<strlen($perms[$l]); $j++){
save(perms[$l][$j]);
isUpper($l) ? $word[$i]=tolower($l) : $word[$i]=toupper($l);
save($word);
}
for some PHP-flavored pseudocode. I chose PHP because associative arrays make it a bit more comfortable. In other words: Writing the tool yourself might be faster than actually searching for one.