Home / Security / Hacking / Create a custom cracking Wordlist

Create a custom cracking Wordlist

To perform a good pentest, nothing better than a custom wordlist to crack passwords. We may be able to generate a custom wordlist that reflects our knowledge of the target or the organization’s password policy (For example : 10chars min, Special chars …)

Information Gathering

To build a good wordlist, you’ve to know the company you target (for your legal pentest :)). The first step is to collect usefull informations like :

  • Geographical area(s) of the company : Collect all Countries / Areas & Cities where the company is located
  • Industry classification : Depending of the industry classification, you will customize your wordlist. If your target produce fruits for example, dump a fruit name list, and adapt the language following the company geographical area :)
  • Name & Surname : Governments offer Names & Surnames lists in open-data, for example, for france : Liste de prénoms et patronymes
  • LinkedIn : The best Database. You can use a scraper as ScrapedIn to dump company profiles and extract keywords.
  • Company Website : You can dump some keywords from the company website, You can use CeWL to dump the keywords.

Customizing the wordlist


Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

Install Mentalist on Centos (GUI mandatory /!\)

# yum install python3 git python3-tkinter
# git clone https://github.com/sc0tfree/mentalist.git
# cd mentalist
# python3 setup.py install
# mentalist

Install Mentalist on Windows

I used Chocolately to install the last Python on my computer, it’s very simple : chocolately

Once it’s done, enter the following commands in a powershell console :

python -m pip install -U pip
python -m pip install -U tk

Download the latest version of Mentalist with git, install it & run it

git clone https://github.com/sc0tfree/mentalist.git
cd mentalist
python setup.py install

Using It

Once we’ve mentalist Installed & Running, we’ll load our custom wordlist, and continue to customize it

When you start Mentalist, you’ve the “Base Words”, click the + button, to add your custom wordlist

Now you’ve your wordlist added, lets play, Click the + button, in the upper right corner, then choose :

  • Case : If you want to change Uppercase to Lowercase etc .. My advice is to choose the option : Upper First, Lower rest
  • Substitution : You can substitute letter to special chars, like a to @ …
  • Prepend : Add Words / Numbers … before your words
  • Append : Add words / numbers … after your words

When you finished, click on “Process” in the menu, Select “Full wordlist” and choose a file to save your new wordlist.


Building a custom wordlist is very simple, and it will take you only a couple of hours, to have a better result than just using some wordlist dumped on internet, even if they still work fine :).

A last advice, and I’ll writte a blog post about that, you’ve to combine your wordlist with a bruteforce attack. It’s really powerfull & simple with Hashcast.

About Alexandre Nogard

Check Also

Forcepoint : Deploy the SMC on AWS | Part III

Learn how to deploy the Forcepoint SMC & Log Server on AWS behind a NGFW Firewall with a VPC, in a public & private subnet and an Elastic IP

Forcepoint : Deploy the SMC on AWS | Part II

In the first Howto Forcepoint : Deploy the SMC on AWS | Part I, we …

Forcepoint : Deploy the SMC on AWS | Part I

How to deploy Forcepoint SMC (Security Management Center) on AWS ? This is a good …

Leave a Reply

Your email address will not be published. Required fields are marked *