Passision – new wordlist creation tool

So awhile back Marcus Carey from ThreatAgent decided to ask for input on wordlist creation. The general idea was do you think geo data, City, State, zip codes, would be something good to include when trying to crack passwords. My instant response was yes as I’ve seen a decent amount of this type of thing. Remember the Linkedin hack, a ton of those passwords were some variation of the company’s name. So let’s start with how to get the tool.

 

Step 1: Go to threatagent.com and create a user account.

signup

 

Step 2: Once you receive your email, click on Drone on the main page.

drone

 

Step 3: Click on Deploy drone and figure out what company you want to create a wordlist from.

Org

 

Step 4: Click next, then input the organization’s site.

site

 

Step 5: Click next, then click Run.

Run

 

Step 6: Allow for the Drone program to complete the OSINT report.

mission

 

Step 7: Once complete, click on Apps then Passision. Click Create wordlist.

passision

 

Step 8: Allow the wordlist to be collected.  Once it’s completed, you’re able to download it.

wordlist

 

A fun little tidbit Marcus threw into his program is it informs you if your wordlist contains profanity.

 

The big thing you must keep in mind is that you only get 5 searches with a basic/limited account, so unless you’re willing to pay for more searches, make sure you’re using them wisely!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s