bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists for targeted attacks.
Included in BlackArch Linux pentesting distribution and Rawsec’s Cybersecurity Inventory since August 2019.
Targeted-attack wordlist creator: introduce personal info related to target, combines every word and transforms results into possible passwords. The lyricpass module allows to search lyrics related to artists and include them to the wordlists.
Customizable case and leet transforms: create custom charsets and transforms patterns trough a simple config file.
Wordlists exclusion: Exclude words from another wordlist (to avoid passwords that you have already tested).
Interactive mode and one-line command interface supported.
Requirements
lyricpass
module:pip install requirements.txt
Usage
-h, --help show this help message and exit
-i, --interactive interactive mode, the script will ask you about target
-w words to combine comma-separated (non-interactive mode)
--min min length for the words to generate (default: 4)
--max max length for the words to generate (default: 32)
-c, --case enable case transformations
-l, --leet enable leet transformations
-n max amount of words to combine each time (default: 2)
-a , --artists artists to search song lyrics (comma-separated)
-x , --exclude exclude all the words included in other wordlists
(several wordlists should be comma-separated)
-o , --output output file to save the wordlist (default: tmp.txt)
-C , --config specify config file to use (default: ./bopscrk.cfg)
How it works
-x
).Tips
-a johndoe,johnsmith
-a "john doe,john smith"
Lyricpass
This feature is based in a modified version of a tool developed originally by initstring. The changes are made to integrate input and output’s tool with bopscrk.
It will retrieve all lyrics from all songs which belongs to artists that you provide. By default it will store each artist, each phrase found with space substitution, each phrase found reduced to its initials (which will be transformed later if you have activated leet and case transforms).
Advanced usage
Customizing behaviour using .cfg file
In bopscrk.cfg
file you can specify your own charsets and enable/disable options:
(john, doe) => 123john, john123, 123doe, doe123, john123doe doe123john
) are enabled by default. You can disable it in the configuration file in order to get more focused wordlists.!?-/&(
123
34!@
e:3 b:8 t:7 a:4
!?-/&(
123
34!@
Some transforms have extensive charsets preincluded. To use it instead of the basic, just uncomment the corresponding line.
Parameters configuration examples
separators_chars=.,
leet_charset=a:4 e:3
Weighted-words system
[…] Coming soon […]
Changelist
2.3.1 version notes
2.3 version notes (15/10/2020)
2.2 version notes (11/10/2020
2.2~beta version notes (10/10/2020)
--lyrics-all
option removed (feature integrated in other options)2.1 version notes (11/07/2020)
2.0/1.5 version notes (17/06/2020)
0-1.2(beta) version notes
TO-DO list
Legal disclaimer
This tool is created for the sole purpose of security awareness and education, it should not be used against systems that you do not have permission to test/attack. The author is not responsible for misuse or for any damage that you may cause. You agree that you use this software at your own risk.
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment