Skip to content

Custom Wordlists Username anarchy, CUPP

Username Anarchy

  • If you know the target company has a user named "Thomas Edison"
  • looking for usernames in xato-net is useless
  • We'll need PnC of Thomas Edison
  • For this, either use Username-anarchy or usernamer

Usernamer:

  • python2 usernamer.py -f names.txt > maybe-unames.txt
    • names.txt contains the possible users youve id'ed
    • -f will give all pnc

Username-Anarchy

Requirements

  • sudo apt install ruby -y
  • git clone https://github.com/urbanadventurer/username-anarchy.git
  • cd username-anarchy

Usage:

  • ./username-anarchy Jane Smith > jane_smith_usernames.txt

CUPP (Common User Passwords Profiler):

  • create highly personalized password wordlists that leverage the gathered intelligence about your target.
  • Once you know the target user, use OSINT skills to find details and fill it in the CUPP questionnaire.
  • sudo apt install cupp -y

Usage:

  • cupp -i

  • this will generate a passwords.txt list

  • On this, if we know the password policy, we can use the previous grep commands

  • grep -E '^.{6,}$' jane.txt | grep -E '[A-Z]' | grep -E '[a-z]' | grep -E '[0-9]' | grep -E '([!@#$%^&*].*){2,}' > jane-filtered.txt

    • minimum 6 letters
    • capital letter
    • lowercase letter
    • numbers
    • 2 special characters from the given

  • hydra -L usernames.txt -P jane-filtered.txt IP -s PORT -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"