RSMangler

Overview

RSMangler (Really Simple Mangler) is a powerful wordlist generation tool that creates targeted password lists by applying linguistic mutations and transformations to input keywords. It’s invaluable for password auditing, penetration testing, and dictionary-based attacks by generating millions of plausible passwords from seed words with minimal computational overhead.

Installation

# Install via apt (Debian/Ubuntu - included in Kali)
sudo apt-get install rsmangler

# From source (GitHub)
git clone https://github.com/digininja/RSMangler
cd RSMangler
chmod +x rsmangler.pl

# Using perl directly
perl rsmangler.pl --help

# Verify installation
rsmangler --version
which rsmangler

Core Concepts

Mutation Techniques:

• Capitalization - Toggle case patterns (lowercase, UPPERCASE, Capitalized)
• Appending/Prepending - Add numbers, symbols, common suffixes
• Substitution - Replace letters with similar characters (a→@, i→1, o→0)
• Reversal - Reverse words and combinations
• Combinations - Mix multiple keywords
• Special Characters - Inject common symbols and patterns

Why RSMangler Matters:

• Reduces manual wordlist creation time
• Creates contextually relevant password attempts
• Generates massive lists efficiently
• Targets specific organizational naming conventions
• Speeds up password audit workflows

Basic Usage

Command	Purpose
rsmangler --help	Display help and options
rsmangler --version	Show version
rsmangler word1	Generate mutations of single word
rsmangler word1 word2 word3	Generate combinations

Simple Word Mangling

# Single word mutations
rsmangler example

# Multiple words
rsmangler company password test

# Read from file
rsmangler $(cat keywords.txt)

Output Structure

# Example input: "password"
# Output includes:
# password
# Password
# PASSWORD
# password1
# password123
# password!
# drowssap (reversed)
# p4ssw0rd (substitution)
# passwordpassword (doubled)
# etc.

Common Options

Option	Purpose
-f, --file	Read keywords from file
-o, --output	Write to output file
-d, --delimiter	Set output delimiter
-m, --max	Maximum output size
-n, --no-numbers	Skip number mutations
-a, --no-caps	Skip capitalization
-s, --no-special	Skip special characters
-t, --type	Select mutation type

Input Methods

Single Keywords

# Individual word
rsmangler admin

# Multiple words (separate)
rsmangler admin root user

From File

# Create keywords file
cat > keywords.txt << EOF
Company
Product
Founder
Employee
EOF

# Generate from file
rsmangler -f keywords.txt > wordlist.txt

# Count results
wc -l wordlist.txt

From Command Output

# Extract from domain
whois example.com | grep -i company | rsmangler

# From DNS records
nslookup example.com | grep -oE '^[a-z]+' | rsmangler

# From target website
curl -s https://example.com | grep -oE '\b[A-Za-z]{5,15}\b' | sort -u | rsmangler

Output Options

To File

# Write to file
rsmangler word1 word2 -o wordlist.txt

# Append to existing file
rsmangler word3 >> wordlist.txt

# With large files
rsmangler word1 -m 10000000 -o large_wordlist.txt  # 10 million max

To Stdout

# Pipe to other tools
rsmangler word1 | sort -u

# Count unique results
rsmangler word1 | wc -l

# Filter results
rsmangler word1 | grep -E "^[a-z]{8,}"  # 8+ lowercase letters only

Mutation Customization

Disable Specific Mutations

# Skip number mutations
rsmangler --no-numbers word1

# Skip capitalization
rsmangler --no-caps word1

# Skip special characters
rsmangler --no-special word1

# Combine restrictions
rsmangler --no-numbers --no-special word1

Select Mutation Types

# Show available types
rsmangler --help | grep -A 10 "type"

# Capitalize mutations only
rsmangler --type caps word1

# Number mutations only
rsmangler --type number word1

Advanced Techniques

Company-Specific Wordlists

# Extract company information
COMPANY="ACME"
PRODUCTS="widget gadget tool"

# Generate corporate wordlist
rsmangler $COMPANY $PRODUCTS > corporate_wordlist.txt

# Add common corporate patterns
{
  rsmangler $COMPANY
  rsmangler ${COMPANY}2024
  rsmangler ${COMPANY}_{year}
  for product in $PRODUCTS; do
    rsmangler $COMPANY $product
  done
} > full_corporate_wordlist.txt

Date-Based Mutations

#!/bin/bash
# Add dates to keywords

KEYWORDS="company password"
YEARS="2020 2021 2022 2023 2024"

for year in $YEARS; do
  echo "${KEYWORDS}${year}" | rsmangler
done > wordlist_with_years.txt

Season and Holiday Patterns

#!/bin/bash
# Generate seasonal passwords

COMPANY="Company"
SEASONS="Spring Summer Fall Winter"
HOLIDAYS="Christmas Halloween Thanksgiving"

{
  for season in $SEASONS; do
    rsmangler $COMPANY $season
  done
  
  for holiday in $HOLIDAYS; do
    rsmangler $COMPANY $holiday
  done
} | sort -u > seasonal_wordlist.txt

Location-Based Wordlists

#!/bin/bash
# Generate location-specific passwords

COMPANY="ACME"
LOCATIONS="NYC SF Austin Denver Boston"

for location in $LOCATIONS; do
  rsmangler $COMPANY $location
done > location_wordlist.txt

Integration with Cracking Tools

Hashcat

# Generate wordlist
rsmangler company password > wordlist.txt

# Use with hashcat
hashcat -m 0 -a 0 hashes.txt wordlist.txt

# With rules
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r /usr/share/hashcat/rules/best64.rule

John the Ripper

# Generate wordlist
rsmangler company password > wordlist.txt

# Use with John
john --wordlist=wordlist.txt --format=shadow hashes.txt

# With rules
john --wordlist=wordlist.txt --rules=Jumbo hashes.txt

Hydra (SSH/HTTP)

# SSH password attack
rsmangler admin root user > ssh_wordlist.txt
hydra -l root -P ssh_wordlist.txt ssh://target.com

# HTTP form attack
rsmangler company password > http_wordlist.txt
hydra -L users.txt -P http_wordlist.txt http-post-form://target.com

Wordlist Optimization

Remove Duplicates

# Sort and deduplicate
rsmangler word1 word2 | sort -u > unique_wordlist.txt

# Count unique passwords
sort -u wordlist.txt | wc -l

Length Filtering

# Passwords between 8-16 characters
rsmangler word1 | awk 'length >= 8 && length <= 16' > filtered.txt

# Minimum 10 characters
rsmangler word1 | awk 'length >= 10' > min_length.txt

# Maximum 20 characters
rsmangler word1 | awk 'length <= 20' > max_length.txt

Complexity Filtering

# Only passwords with numbers
rsmangler word1 | grep -E '[0-9]' > with_numbers.txt

# Only passwords with special characters
rsmangler word1 | grep -E '[!@#$%^&*]' > with_special.txt

# Passwords with both uppercase and lowercase
rsmangler word1 | grep -E '[A-Z].*[a-z]|[a-z].*[A-Z]' > mixed_case.txt

Performance and Scaling

Large Wordlist Generation

# Generate very large wordlist
rsmangler -m 50000000 keyword1 keyword2 keyword3 -o huge_wordlist.txt

# Monitor progress
tail -f huge_wordlist.txt | wc -l

# Compress for storage
gzip -v wordlist.txt  # Creates wordlist.txt.gz

Parallel Generation

#!/bin/bash
# Generate wordlists in parallel

KEYWORDS="admin root user test demo staff"

for keyword in $KEYWORDS; do
  rsmangler "$keyword" > "${keyword}_wordlist.txt" &
done

wait

# Combine results
cat *_wordlist.txt | sort -u > combined_wordlist.txt

Distributed Generation

#!/bin/bash
# Split keyword processing across multiple hosts

KEYWORDS="word1 word2 word3 ... word100"
HOSTS="server1 server2 server3"

counter=0
for keyword in $KEYWORDS; do
  host=${HOSTS[$((counter % ${#HOSTS[@]}))]}
  ssh "$host" "rsmangler '$keyword'" > "${keyword}_results.txt" &
  ((counter++))
done

wait
cat *_results.txt | sort -u > final_wordlist.txt

Real-World Scenarios

Penetration Test Preparation

#!/bin/bash
# Create targeted wordlist for PT

TARGET="Acme Corporation"
COMPANY_NAME="ACME"
DOMAIN="acme.com"
PRODUCT_NAMES="Widget Gadget Tool Service"

# Gather information
echo "[*] Generating company-specific wordlist"

{
  # Company name variations
  rsmangler "$COMPANY_NAME"
  
  # Product names
  rsmangler $PRODUCT_NAMES
  
  # Domain parts
  rsmangler acme
  
  # Common roles
  rsmangler admin admin1 administrator root service
  
  # Department names
  rsmangler sales marketing engineering finance hr
  
  # Common appends
  for item in $COMPANY_NAME $PRODUCT_NAMES; do
    rsmangler ${item}2024
    rsmangler ${item}123
    rsmangler ${item}!
  done
} | sort -u > ${DOMAIN}_wordlist.txt

echo "[+] Generated $(wc -l < ${DOMAIN}_wordlist.txt) unique passwords"

Social Engineering Wordlist

#!/bin/bash
# Create wordlist from social engineering info

FIRSTNAME="John"
LASTNAME="Smith"
SPOUSE="Jane"
KIDS="Alex Sam"
PETS="Fluffy Rex"
SPORTS="football baseball"
BIRTHDAY="1985"

{
  rsmangler $FIRSTNAME $LASTNAME
  rsmangler $SPOUSE
  rsmangler $KIDS
  rsmangler $PETS
  rsmangler $SPORTS
  rsmangler $BIRTHDAY
} | sort -u > personal_wordlist.txt

Compliance Testing Wordlist

#!/bin/bash
# Weak password testing for compliance audits

WEAK_PATTERNS="password admin welcome letmein test default"

rsmangler $WEAK_PATTERNS | sort -u > compliance_wordlist.txt

# Expected hits
echo "[*] Testing for weak passwords..."
wc -l compliance_wordlist.txt

Combination Techniques

Multi-Keyword Combinations

# Two words combined
rsmangler word1 word2

# Three words
rsmangler word1 word2 word3

# Generate all combinations
rsmangler $(cat keywords.txt | tr '\n' ' ')

Character Substitution Mapping

# Common substitutions applied:
# a -> @, 4
# e -> 3
# i -> 1, !
# o -> 0
# s -> $, 5
# t -> 7
# g -> 9
# l -> 1

# Examples:
# password -> p@ssword, p4ssword, p@55word, p455w0rd

Troubleshooting

# Command not found
which rsmangler
perl /path/to/rsmangler.pl --help

# Permission issues
chmod +x rsmangler.pl
./rsmangler.pl --help

# Large file handling
# For files > 1GB, use streaming approach

# Memory issues
rsmangler --help | grep max  # Limit output size

Output Analysis

Statistics

# Total passwords generated
rsmangler word1 | wc -l

# Average length
rsmangler word1 | awk '{sum+=length} END {print sum/NR}'

# Length distribution
rsmangler word1 | awk '{print length}' | sort | uniq -c

# Character analysis
rsmangler word1 | grep -o . | sort | uniq -c | sort -rn

Best Practices

• Start with verified keywords from reconnaissance
• Include company-specific naming conventions
• Account for organizational requirements (length, complexity)
• Test on known weak accounts first
• Document all wordlists created
• Securely delete wordlists after assessment
• Use with proper authorization only
• Combine with other reconnaissance data

Legal and Ethical Considerations

• Use only on systems you own or have explicit authorization to test
• Wordlist generation for legitimate penetration testing is legal with authorization
• Unauthorized access attempts are illegal
• Document authorization before testing
• Follow responsible disclosure practices
• Maintain confidentiality of credentials discovered

Related Tools

• Hashcat - Password hash cracking
• John the Ripper - Password cracking tool
• Hydra - Network login cracking
• Crunch - Wordlist generation by pattern
• Cewl - Website spider for wordlist creation
• Cupp - Interactive personality password profiler
• SecLists - Pre-built wordlist collections