# Wordlists y diccionarios

## Wordlists

* [SecLists](https://github.com/danielmiessler/SecLists)
* [Statistically likely usernames](https://github.com/insidetrust/statistically-likely-usernames)

## Diccionarios

### Generación

#### CUPP

* <https://github.com/Mebus/cupp>

```shell
cupp -i
```

* -i = modo interactivo.

#### RSMangler

* <https://github.com/digininja/RSMangler>

```shell
rsmangler --file <words.txt> --output wordlists.txt
rsmangler --file <words.txt> --output wordlists.txt --min <min-word-length> --max <max-word-length>
```

* \<words.txt> = archivo con palabras para generar `wordlists.txt`.
* \<min-word-lenght> = longitud mínima de palabra, por ejemplo: `3`.
* \<max-word-lenght> = longitud máxima de palabra, por ejemplo: `5`.

#### crunch

```shell
crunch 4 4 -f /usr/share/crunch/charset.lst numeric -o wordlists.txt
crunch <min-word-length> <max-word-length> -t <word>%%%
crunch 1 1 -p <word-1> <word-2> <word-3>
crunch 6 6 -t ddd%%% -p <word-1> <word-2> <word-3>
crunch 7 7 -t ddd%%%% -p <word-1> <word-2> <word-3>
```

#### CeWL

```shell
cewl http://<target> -d <depth> -m <min-word-length> -w wordlists.txt
```

* \<target> = objetivo.
* -d = depth to spider.
  * \<depth> = profundidad, por ejemplo: `3`.
* -m = longitud mínima de palabra.
  * \<min-word-length> = longitud mínima de palabra, por ejemplo: `3`.
* -w = guarda resultado en archivo `wordlist.txt`.

### Nombres de usuarios

#### Username Anarchy

* <https://github.com/urbanadventurer/username-anarchy>

```shell
./username-anarchy <name> <last-name>
```

#### List of people names to users dictionary

* <https://github.com/MrW0l05zyn/list-of-people-names-to-users-dictionary>

```shell
listPeopleNamesToUsersDictionary.py -n '<name> <last-name>'
```

## Credenciales por defecto

* [SecLists](https://github.com/danielmiessler/SecLists)
  * /SecLists/Passwords/Default-Credentials/default-passwords.txt
  * /SecLists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt
* [CIRT](https://www.cirt.net/passwords)
* [SCADA pass](https://github.com/scadastrangelove/SCADAPASS/blob/master/scadapass.csv)

| Aplicación               | Usuario       | Contraseña    |
| ------------------------ | ------------- | ------------- |
| Tomcat                   | tomcat        | s3cret        |
| pfSense                  | admin         | pfsense       |
| ManageEngine ServiceDesk | administrator | administrator |

## Política de contraseñas

```shell
# sed
## eliminar contraseñas de menos de 8 caracteres
sed -ri '/^.{,7}$/d' passwords.txt
## eliminar contraseñas sin caracteres especiales
sed -ri '/[!-/:-@\[-`\{-~]+/!d' passwords.txt
## eliminar contraseñas sin números
sed -ri '/[0-9]+/!d' passwords.txt

# grep
## contraseñas que comienzan con una letra mayúscula
grep '^[[:upper:]]'
## contraseñas que contengan letras minúsculas
grep '[[:lower:]]'
## contraseñas que terminen con un número
grep '[[:digit:]]$'
## contraseñas con caracteres especiales $#@
grep -E ['$#@']
## contraseñas con una longitud mínima de 10 caracteres
grep -E '^.{10,}$'
## contraseñas con una longitud de 8 a 15 caracteres
grep -E '^.{8,15}$'
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://pentesting.mrw0l05zyn.cl/explotacion/ataques-de-contrasenas/wordlists-y-diccionarios.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.