hashview / hashview

A web front-end for password cracking and analytics
https://www.hashview.io
GNU General Public License v3.0
359 stars 39 forks source link

Dynamic Wordlist Based on Existing User Names #7

Open i128 opened 2 years ago

i128 commented 2 years ago

Hashview currently has one dynamic wordlist that is a culmination of a unique set of clear text passwords found in the DB. It would be nice to create a second dynamic wordlist that is a culmination of a unique set of usernames found in the hashfile_hashes.users table.

It would need to be created upon app installation. hashview/utils/utils.py->update_dynamic_wordlist() will need to be updated. hashview/models.py will need updating migrations/ will need updating

but i think that should be it.

i128 commented 2 months ago

usernames in this column include domain names. We should create a split on domain. And add a second dynamic list for customer names.

i128 commented 2 months ago

The wordlist ID numbers will have to change too. Either we have a different table for dynamic wordlists vs static word lists, increment wordlist id by 1, for the dynamic word lists. or re-order existing wordlists id.

The latter will be a PITA for db migrations.