RSMangler
Overview
섹션 제목: “Overview”RSMangler (Really Simple Mangler) is a powerful wordlist generation tool that creates targeted password lists by applying linguistic mutations and transformations to input keywords. It’s invaluable for password auditing, penetration testing, and dictionary-based attacks by generating millions of plausible passwords from seed words with minimal computational overhead.
Installation
섹션 제목: “Installation”# Install via apt (Debian/Ubuntu - included in Kali)
sudo apt-get install rsmangler
# From source (GitHub)
git clone https://github.com/digininja/RSMangler
cd RSMangler
chmod +x rsmangler.pl
# Using perl directly
perl rsmangler.pl --help
# Verify installation
rsmangler --version
which rsmanglerCore Concepts
섹션 제목: “Core Concepts”Mutation Techniques:
- Capitalization - Toggle case patterns (lowercase, UPPERCASE, Capitalized)
- Appending/Prepending - Add numbers, symbols, common suffixes
- Substitution - Replace letters with similar characters (a→@, i→1, o→0)
- Reversal - Reverse words and combinations
- Combinations - Mix multiple keywords
- Special Characters - Inject common symbols and patterns
Why RSMangler Matters:
- Reduces manual wordlist creation time
- Creates contextually relevant password attempts
- Generates massive lists efficiently
- Targets specific organizational naming conventions
- Speeds up password audit workflows
Basic Usage
섹션 제목: “Basic Usage”| Command | Purpose |
|---|---|
rsmangler --help | Display help and options |
rsmangler --version | Show version |
rsmangler word1 | Generate mutations of single word |
rsmangler word1 word2 word3 | Generate combinations |
Simple Word Mangling
섹션 제목: “Simple Word Mangling”# Single word mutations
rsmangler example
# Multiple words
rsmangler company password test
# Read from file
rsmangler $(cat keywords.txt)Output Structure
섹션 제목: “Output Structure”# Example input: "password"
# Output includes:
# password
# Password
# PASSWORD
# password1
# password123
# password!
# drowssap (reversed)
# p4ssw0rd (substitution)
# passwordpassword (doubled)
# etc.Common Options
섹션 제목: “Common Options”| Option | Purpose |
|---|---|
-f, --file | Read keywords from file |
-o, --output | Write to output file |
-d, --delimiter | Set output delimiter |
-m, --max | Maximum output size |
-n, --no-numbers | Skip number mutations |
-a, --no-caps | Skip capitalization |
-s, --no-special | Skip special characters |
-t, --type | Select mutation type |
Input Methods
섹션 제목: “Input Methods”Single Keywords
섹션 제목: “Single Keywords”# Individual word
rsmangler admin
# Multiple words (separate)
rsmangler admin root userFrom File
섹션 제목: “From File”# Create keywords file
cat > keywords.txt << EOF
Company
Product
Founder
Employee
EOF
# Generate from file
rsmangler -f keywords.txt > wordlist.txt
# Count results
wc -l wordlist.txtFrom Command Output
섹션 제목: “From Command Output”# Extract from domain
whois example.com | grep -i company | rsmangler
# From DNS records
nslookup example.com | grep -oE '^[a-z]+' | rsmangler
# From target website
curl -s https://example.com | grep -oE '\b[A-Za-z]{5,15}\b' | sort -u | rsmanglerOutput Options
섹션 제목: “Output Options”To File
섹션 제목: “To File”# Write to file
rsmangler word1 word2 -o wordlist.txt
# Append to existing file
rsmangler word3 >> wordlist.txt
# With large files
rsmangler word1 -m 10000000 -o large_wordlist.txt # 10 million maxTo Stdout
섹션 제목: “To Stdout”# Pipe to other tools
rsmangler word1 | sort -u
# Count unique results
rsmangler word1 | wc -l
# Filter results
rsmangler word1 | grep -E "^[a-z]{8,}" # 8+ lowercase letters onlyMutation Customization
섹션 제목: “Mutation Customization”Disable Specific Mutations
섹션 제목: “Disable Specific Mutations”# Skip number mutations
rsmangler --no-numbers word1
# Skip capitalization
rsmangler --no-caps word1
# Skip special characters
rsmangler --no-special word1
# Combine restrictions
rsmangler --no-numbers --no-special word1Select Mutation Types
섹션 제목: “Select Mutation Types”# Show available types
rsmangler --help | grep -A 10 "type"
# Capitalize mutations only
rsmangler --type caps word1
# Number mutations only
rsmangler --type number word1Advanced Techniques
섹션 제목: “Advanced Techniques”Company-Specific Wordlists
섹션 제목: “Company-Specific Wordlists”# Extract company information
COMPANY="ACME"
PRODUCTS="widget gadget tool"
# Generate corporate wordlist
rsmangler $COMPANY $PRODUCTS > corporate_wordlist.txt
# Add common corporate patterns
{
rsmangler $COMPANY
rsmangler ${COMPANY}2024
rsmangler ${COMPANY}_{year}
for product in $PRODUCTS; do
rsmangler $COMPANY $product
done
} > full_corporate_wordlist.txtDate-Based Mutations
섹션 제목: “Date-Based Mutations”#!/bin/bash
# Add dates to keywords
KEYWORDS="company password"
YEARS="2020 2021 2022 2023 2024"
for year in $YEARS; do
echo "${KEYWORDS}${year}" | rsmangler
done > wordlist_with_years.txtSeason and Holiday Patterns
섹션 제목: “Season and Holiday Patterns”#!/bin/bash
# Generate seasonal passwords
COMPANY="Company"
SEASONS="Spring Summer Fall Winter"
HOLIDAYS="Christmas Halloween Thanksgiving"
{
for season in $SEASONS; do
rsmangler $COMPANY $season
done
for holiday in $HOLIDAYS; do
rsmangler $COMPANY $holiday
done
} | sort -u > seasonal_wordlist.txtLocation-Based Wordlists
섹션 제목: “Location-Based Wordlists”#!/bin/bash
# Generate location-specific passwords
COMPANY="ACME"
LOCATIONS="NYC SF Austin Denver Boston"
for location in $LOCATIONS; do
rsmangler $COMPANY $location
done > location_wordlist.txtIntegration with Cracking Tools
섹션 제목: “Integration with Cracking Tools”Hashcat
섹션 제목: “Hashcat”# Generate wordlist
rsmangler company password > wordlist.txt
# Use with hashcat
hashcat -m 0 -a 0 hashes.txt wordlist.txt
# With rules
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r /usr/share/hashcat/rules/best64.ruleJohn the Ripper
섹션 제목: “John the Ripper”# Generate wordlist
rsmangler company password > wordlist.txt
# Use with John
john --wordlist=wordlist.txt --format=shadow hashes.txt
# With rules
john --wordlist=wordlist.txt --rules=Jumbo hashes.txtHydra (SSH/HTTP)
섹션 제목: “Hydra (SSH/HTTP)”# SSH password attack
rsmangler admin root user > ssh_wordlist.txt
hydra -l root -P ssh_wordlist.txt ssh://target.com
# HTTP form attack
rsmangler company password > http_wordlist.txt
hydra -L users.txt -P http_wordlist.txt http-post-form://target.comWordlist Optimization
섹션 제목: “Wordlist Optimization”Remove Duplicates
섹션 제목: “Remove Duplicates”# Sort and deduplicate
rsmangler word1 word2 | sort -u > unique_wordlist.txt
# Count unique passwords
sort -u wordlist.txt | wc -lLength Filtering
섹션 제목: “Length Filtering”# Passwords between 8-16 characters
rsmangler word1 | awk 'length >= 8 && length <= 16' > filtered.txt
# Minimum 10 characters
rsmangler word1 | awk 'length >= 10' > min_length.txt
# Maximum 20 characters
rsmangler word1 | awk 'length <= 20' > max_length.txtComplexity Filtering
섹션 제목: “Complexity Filtering”# Only passwords with numbers
rsmangler word1 | grep -E '[0-9]' > with_numbers.txt
# Only passwords with special characters
rsmangler word1 | grep -E '[!@#$%^&*]' > with_special.txt
# Passwords with both uppercase and lowercase
rsmangler word1 | grep -E '[A-Z].*[a-z]|[a-z].*[A-Z]' > mixed_case.txtPerformance and Scaling
섹션 제목: “Performance and Scaling”Large Wordlist Generation
섹션 제목: “Large Wordlist Generation”# Generate very large wordlist
rsmangler -m 50000000 keyword1 keyword2 keyword3 -o huge_wordlist.txt
# Monitor progress
tail -f huge_wordlist.txt | wc -l
# Compress for storage
gzip -v wordlist.txt # Creates wordlist.txt.gzParallel Generation
섹션 제목: “Parallel Generation”#!/bin/bash
# Generate wordlists in parallel
KEYWORDS="admin root user test demo staff"
for keyword in $KEYWORDS; do
rsmangler "$keyword" > "${keyword}_wordlist.txt" &
done
wait
# Combine results
cat *_wordlist.txt | sort -u > combined_wordlist.txtDistributed Generation
섹션 제목: “Distributed Generation”#!/bin/bash
# Split keyword processing across multiple hosts
KEYWORDS="word1 word2 word3 ... word100"
HOSTS="server1 server2 server3"
counter=0
for keyword in $KEYWORDS; do
host=${HOSTS[$((counter % ${#HOSTS[@]}))]}
ssh "$host" "rsmangler '$keyword'" > "${keyword}_results.txt" &
((counter++))
done
wait
cat *_results.txt | sort -u > final_wordlist.txtReal-World Scenarios
섹션 제목: “Real-World Scenarios”Penetration Test Preparation
섹션 제목: “Penetration Test Preparation”#!/bin/bash
# Create targeted wordlist for PT
TARGET="Acme Corporation"
COMPANY_NAME="ACME"
DOMAIN="acme.com"
PRODUCT_NAMES="Widget Gadget Tool Service"
# Gather information
echo "[*] Generating company-specific wordlist"
{
# Company name variations
rsmangler "$COMPANY_NAME"
# Product names
rsmangler $PRODUCT_NAMES
# Domain parts
rsmangler acme
# Common roles
rsmangler admin admin1 administrator root service
# Department names
rsmangler sales marketing engineering finance hr
# Common appends
for item in $COMPANY_NAME $PRODUCT_NAMES; do
rsmangler ${item}2024
rsmangler ${item}123
rsmangler ${item}!
done
} | sort -u > ${DOMAIN}_wordlist.txt
echo "[+] Generated $(wc -l < ${DOMAIN}_wordlist.txt) unique passwords"Social Engineering Wordlist
섹션 제목: “Social Engineering Wordlist”#!/bin/bash
# Create wordlist from social engineering info
FIRSTNAME="John"
LASTNAME="Smith"
SPOUSE="Jane"
KIDS="Alex Sam"
PETS="Fluffy Rex"
SPORTS="football baseball"
BIRTHDAY="1985"
{
rsmangler $FIRSTNAME $LASTNAME
rsmangler $SPOUSE
rsmangler $KIDS
rsmangler $PETS
rsmangler $SPORTS
rsmangler $BIRTHDAY
} | sort -u > personal_wordlist.txtCompliance Testing Wordlist
섹션 제목: “Compliance Testing Wordlist”#!/bin/bash
# Weak password testing for compliance audits
WEAK_PATTERNS="password admin welcome letmein test default"
rsmangler $WEAK_PATTERNS | sort -u > compliance_wordlist.txt
# Expected hits
echo "[*] Testing for weak passwords..."
wc -l compliance_wordlist.txtCombination Techniques
섹션 제목: “Combination Techniques”Multi-Keyword Combinations
섹션 제목: “Multi-Keyword Combinations”# Two words combined
rsmangler word1 word2
# Three words
rsmangler word1 word2 word3
# Generate all combinations
rsmangler $(cat keywords.txt | tr '\n' ' ')Character Substitution Mapping
섹션 제목: “Character Substitution Mapping”# Common substitutions applied:
# a -> @, 4
# e -> 3
# i -> 1, !
# o -> 0
# s -> $, 5
# t -> 7
# g -> 9
# l -> 1
# Examples:
# password -> p@ssword, p4ssword, p@55word, p455w0rdTroubleshooting
섹션 제목: “Troubleshooting”# Command not found
which rsmangler
perl /path/to/rsmangler.pl --help
# Permission issues
chmod +x rsmangler.pl
./rsmangler.pl --help
# Large file handling
# For files > 1GB, use streaming approach
# Memory issues
rsmangler --help | grep max # Limit output sizeOutput Analysis
섹션 제목: “Output Analysis”Statistics
섹션 제목: “Statistics”# Total passwords generated
rsmangler word1 | wc -l
# Average length
rsmangler word1 | awk '{sum+=length} END {print sum/NR}'
# Length distribution
rsmangler word1 | awk '{print length}' | sort | uniq -c
# Character analysis
rsmangler word1 | grep -o . | sort | uniq -c | sort -rnBest Practices
섹션 제목: “Best Practices”- Start with verified keywords from reconnaissance
- Include company-specific naming conventions
- Account for organizational requirements (length, complexity)
- Test on known weak accounts first
- Document all wordlists created
- Securely delete wordlists after assessment
- Use with proper authorization only
- Combine with other reconnaissance data
Legal and Ethical Considerations
섹션 제목: “Legal and Ethical Considerations”- Use only on systems you own or have explicit authorization to test
- Wordlist generation for legitimate penetration testing is legal with authorization
- Unauthorized access attempts are illegal
- Document authorization before testing
- Follow responsible disclosure practices
- Maintain confidentiality of credentials discovered
Related Tools
섹션 제목: “Related Tools”- Hashcat - Password hash cracking
- John the Ripper - Password cracking tool
- Hydra - Network login cracking
- Crunch - Wordlist generation by pattern
- Cewl - Website spider for wordlist creation
- Cupp - Interactive personality password profiler
- SecLists - Pre-built wordlist collections