Skip to content

Instantly share code, notes, and snippets.

@roycewilliams
Last active October 25, 2023 19:27
Show Gist options
  • Save roycewilliams/9d8e98587cff105b2e05a9f0e8de8371 to your computer and use it in GitHub Desktop.
Save roycewilliams/9d8e98587cff105b2e05a9f0e8de8371 to your computer and use it in GitHub Desktop.
hashcat-kwprocessor-typo-rules.txt
--------------------------------------------------------------------------------
# Crude generation of typo rules
# (Using kwprocessor (https://github.com/hashcat/kwprocessor) and hashcat)
#
# Useful for passwords that don't require confirmation (like some cryptocurrency
# wallets, password-protected archive files, etc.)
#
# May also be useful for stacking with other rules.
#
# This approach assumes that you are making the same typo every time
# (all "a" become "s" in the string; hashcat -> hsshcst), and that the typo is
# no more than one character away on the keyboard.
$ cat basechar.txt
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
# Keyboard distance = 1
$ cat route.txt
1
$ ./kwp -0 -s 1 basechar.txt keymaps/en.keymap route.txt | sort -u | egrep -v '(.)\1+$' | sed 's/^/s/g' >typos1.rule
$ head typos1.rule
s`~
s`!
s`\
s^&
s^%
s~`
s~!
s~\
s<>
s<,
# There's a lot of redundancy in the generated strings, so you may be better off
# just using this method to generate a wordlist.
$ echo hashcat | hashcat -r typos1.rule --stdout | wc -l
1305
$ echo hashcat | hashcat -r typos1.rule --stdout | sort -u | wc -l
75
# Stacking this rule list multiple times with hashcat (-r typos1.rule -r typos1.rule)
# increases your coverage, but magnifies the effect:
$ echo hashcat | hashcat -r typos1.rule -r typos1.rule --stdout | wc -l
1703025
$ echo hashcat | hashcat -r typos1.rule -r typos1.rule --stdout | sort -u | wc -l
2378
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment