A simple python script that takes an input wordlist and password complexity policy and outputs a wordlist filtering out passwords that do not meet the specified complexity policy.
phunnel.py [-h] [-m M] [-max MAX] [-u] [-l] [-n] [-s] [-ns] infile outfile
positional arguments:
infile Input file
outfile Output file
optional arguments:
-h, --help show this help message and exit -m M Minimum password length -max MAX Maximum password length -u Require at least 1 uppercase -l Require at least 1 lowercase -n Require at least 1 number -s Require at least 1 special -ns Password can contain NO special
Obviously, this tool is useless without password lists. Check out some of the following resources:
- SecLists - massive wordlist collection that includes passwords
- Skull Security Passwords - assortment of PW lists
- Probable Wordlists - top passwords sorted by popularity
- password-lists - passwords broken up by TLD/language
- Bruteforce Database
As it turns out, there are other tools that can be used to filter password complexity as well.
- Integrate complexity filters such as zxcvbn
- More precise controls for other filters (consecutive chars, repeat chars, etc.)