So awhile back Marcus Carey from ThreatAgent decided to ask for input on wordlist creation. The general idea was do you think geo data, City, State, zip codes, would be something good to include when trying to crack passwords. My instant response was yes as I’ve seen a decent amount of this type of thing. Remember the Linkedin hack, a ton of those passwords were some variation of the company’s name. So let’s start with how to get the tool.
Step 1: Go to threatagent.com and create a user account.
Step 2: Once you receive your email, click on Drone on the main page.
Step 3: Click on Deploy drone and figure out what company you want to create a wordlist from.
Step 4: Click next, then input the organization’s site.
Step 5: Click next, then click Run.
Step 6: Allow for the Drone program to complete the OSINT report.
Step 7: Once complete, click on Apps then Passision. Click Create wordlist.
Step 8: Allow the wordlist to be collected. Once it’s completed, you’re able to download it.
A fun little tidbit Marcus threw into his program is it informs you if your wordlist contains profanity.
The big thing you must keep in mind is that you only get 5 searches with a basic/limited account, so unless you’re willing to pay for more searches, make sure you’re using them wisely!