Tool and Usage
|Author||Sanjiv Kawa, Tom Porter|
|Latest release||2.1.1 |
Why this tool?
The primary aim of Wordsmith is to create custom wordlists for security assessments. Wordsmith will create lists with a specific focus on geolocation. The words are based on names of countries, cities, colleges, zip codes, and even sports teams. The generated list can then be used to guess usernames or passwords.
How it works
Wordsmith uses a compressed archive file data.tar.xz on the first run and extracts that into a 'data' directory. This dataset contains the input for the word generation process. This process itself is influenced by the given parameters. The parameters will define what types of data to include, like a city name, sports team, or zip code. Depending on your use-case, you might want to use different wordlists. This is especially when doing a security assessment where you expect users to use weak passwords in their native language.
Usage and audience
Wordsmith is commonly used for wordlist generation. Target users for this tool are auditors and pentesters.
- Command line interface
Example usage and output
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + Very low number of dependencies
- + The source code of this software is available
Supported operating systems
Wordsmith is known to work on Linux.
Similar tools to Wordsmith:
Hash Buster is a tool that may help to find the cleartext of a hash. This can be useful for hashed versions of common strings and passwords and find the original value. Hash Buster can automatically detect the provided hash type. It supports MD5, SHA1, and SHA2.
MalPipe is a modular malware and indicator collection and processing framework. It is designed to pull information about malware, domains, URLs, and IP addresses from multiple feeds. Finally, it will enrich the collected data and export the results.
This tool page was updated at . Found an improvement? Help the community by submitting an update.