Generation and modification of dictionaries according to the specified rules
How to generate and modify dictionaries according to the given rules
To generate dictionaries, there are maskprocessor and Crunch programs that are very flexible in customization. They allow you to create any dictionaries that can be described with rather complex rules or a certain pattern, for example, dictionaries with:
- phone numbers
- dates of birth
- eight-character passwords, in which letters and numbers occur
- passwords starting with a certain word followed by a certain number of digits
- passwords in which the first two characters are uppercase letters, then 4 uppercase letters, then eight numbers, then two hexadecimal numbers
- etc.
You can come up with a huge number of options, but one way or another they boil down to a description in which position which symbol should be located.
If we take more abstract constructions, for example:
- password from names, which ends with several numbers,
- a dictionary of popular words in which the characters “a” are replaced by “@”
- a dictionary in which the case of some letters is changed
- swear words in which a certain line is placed before the word
- etc.
To perform such tasks, the Mentalist program was created. It knows how to build “chains” of actions – you can set any logic for processing ready-made dictionaries or modifying a given string. The program has a graphical user interface and runs on both Linux and Windows.
How to install Mentalist
Installation is quite simple, regardless of whether you decide to use a ready-made binary file or install from source codes. For details on installation, see the program page: https://en.kali.tools/?p=1310.
How to use Mentalist
To understand how the Mentalist works, you need to consider the basic concepts of the program.
The Chain
Mentalist generates wordlists by linking together nodes, which form a chain. The first node in a chain is always the Base Words node. When the chain is processed, each Base Word passes to the next node in the chain, which might modify the word, leave it the same or create more variations of it. Finally, the results are written to an output file as either the full wordlist or rules to generate the equivalent list.
Nodes
There are 5 types of nodes. Each type has its own set of attributes, which can be added in any combination. A node's attributes determine its function. Furthermore, attributes within the same node are mutually exclusive from each other.
Some nodes may produce more than one output word for each input word. In such cases, only the set of unique output words for a Base Word is passed on to the next node. In other words, each node performs de-duplication on each base word.
Type | Description |
---|---|
Base Words | Always the first node within the Mentalist chain. It provides the root words, which are to be processed by each node as they pass down the chain. |
Case | Changes the case of letters within the word. Each attribute added to a Case node produces a different variation of the input word, except for the No Case Change attribute which passes through the original word. |
Substitution | Replaces characters within the word. Like Case, each attribute added to a Substitution node produces another output word, subject to de-duplication. The No Substitution attribute gives the unmodified input word. |
Append |
Append nodes add strings to the end of the input word. Most Append attributes produce many variations of the input word. For example, the Numbers: Small (0-100) attribute adds 101 output words for each input word.
|
Prepend | Prepend nodes add strings to the beginning of the input word. Its attributes and functionality is otherwise identical to Append. |
Attributes
Each node has the ability to perform one or more actions on the input words. These actions are specified in each node's attributes. Attributes within the same node are mutually exclusive of each other and, as a consequence, a node can have no duplicate attributes.
Node Attributes
Base Words
Attribute | Description |
---|---|
No Words | Provides an empty string |
Custom File… | User-specified custom wordlist file |
Custom String… | User-specified custom string |
English Dictionary |
English dictionary taken from the Unix words file
|
Common Names | |
Men | 1,000 most common mens' names in the US |
Women | 1,000 most common womens' names in the US |
Pets | 1,200 most common pets' names in the US |
Other | |
Slang & Expletives | Wordlist of US slang and expletives |
Months & Seasons | Wordlist of months and seasons |
Case
Attribute | Description | Input | Result |
---|---|---|---|
No Case Change | Perform no action | TeSt | TeSt |
Lowercase | |||
Lowercase All | Make word all lowercase | TeSt | test |
Lowercase First, Upper Rest | Make first character lowercase and the rest of the word uppercase | TeSt | tEST |
Uppercase | |||
Uppercase All | Make word all uppercase | TeSt | TEST |
Uppercase First, Lower Rest | Make first character uppercase and the rest of the word lowercase | TeSt | Test |
Toggle Nth… | Change the case of the Nth character | TeSt (N=2) | TESt |
Substitution
Attribute | Description | Input | Result |
---|---|---|---|
No Substitution… | Perform no action | test | test |
Replace All Instances… | Replaces all instances of specified characters |
test ('t'→'+') |
+es+ |
Replace First Instance… | Replace the first instance of specified characters |
test ('t'→'+') |
+est |
Replace Last Instance… | Replace the last instance of specified characters |
test ('t'→'+') |
tes+ |
If a word does not match criteria for substitution, it will be output unchanged.
Note: Replace First Instance
and Replace Last Instance
are not compatible with Hashcat & John rules. If attempting to output rules using one of these attributes in your chain, Mentalist will ask if you would like to replace these attributes with the Replace All Instances
, which is a supported rule.
Additional Substitution Options
One at a Time substitution will only substitute one specified character at a time.
All at Once substitution will substitute all characters at once.
Option | Input | Substitutions | Output |
---|---|---|---|
One at a Time | apple |
'a'→'@' 'e'→'3' |
@pple appl3 |
All at Once | apple |
'a'→'@' 'e'→'3' |
@ppl3 |
Append / Prepend
Attribute | Description |
---|---|
No Append / Prepend | Perform no action |
Words | |
Custom File… | User-specified custom wordlist file |
Custom String… | User-specified custom string |
English Dictionary |
English dictionary taken from the Unix words file
|
Common Names | |
Men | 1,000 most common mens' names in the US |
Women | 1,000 most common womens' names in the US |
Pets | 1,200 most common pets' names in the US |
Other | |
Slang & Expletives | Wordlist of US slang and expletives |
Months & Seasons | Wordlist of months and seasons |
Numbers | |
User Defined… | User-specified numbers (From, To, 0-padding) |
Small: 0-100 | Numbers ranging from 0 to 100 |
Basic: 0-1000 | Numbers ranging from 0 to 1000 |
Full: 0-10000 | Numbers ranging from 0 to 10000 |
Years: 1950-2025 | Numbers ranging from 1950 to 2025 |
Dates… | Dates: From Year, To Year, Format (e.g. mmddyy), Leading 0 |
Special Characters… | Special characters (one at a time only) |
Area Codes (US) | |
By State | Area codes by state |
By City | Area codes by city (largest 50 available) |
Zip Codes (US) | |
By State | Zip codes by state |
By City | Zip codes by city (largest 50 available) |
Output
Full Wordlist
This option outputs the entire wordlist, as specified by the chain. The estimated number of words and filesize can be found in the top menu of Mentalist.
Hashcat/John Rules
For offline cracking, there are times where the full wordlist is too large to output as a whole. In this case, it makes sense to output to rules so that Hashcat or John can programmatically generate the full wordlist.
Note that the First and Last Substitution attributes are not compatible with Hashcat/John. When a chain contains these attributes, saving to Hashcat/John will warn that First or Last will be changed to All in the rules output.
Base Words Only
This output option allows you to output the base words into a single file to be used with your rules. This is useful if you have multiple sources of base words (multiple Base Word attributes).
Persistence
Saving Chains
Mentalist is able to save chain files for future use. To save a chain file, go to Load/Save
→Save Chain
, which will then prompt you where you'd like to save the file. For organization, saved Mentalist chains should have the extension .mentalist
, which is enforced in the application on most OSes.
Loading Chains
Mentalist is able to load chain files by clicking on Load/Save
→Load Chain
. If the chain file refers to a user-specified file that is not present on the current system, Mentalist will put a red box around that file attribute and will prevent processing. To fix this, click on the Fix...
button next to the file and specify a local file in its place.
Mentalist usage examples
1.
Suppose we want to create a dictionary based on an existing list of words, adding 2 to 4 digits to each word, and in which all the letters “a” are replaced with “@” and the letters “s” are replaced with “$”.
Run the program:
mentalist
Note that the English Dictionary is already selected by default. We delete it, for this we click on the “-” sign.
Then press the “+” sign next to “Base Word”, select “Custom File…” and specify the dictionary you want to change.
Then click on the “+” sign in the upper right corner and select “Append”.
Then click on the “+” sign next to “Append”, then select “Numbers” and then “User Defined…”. We set the parameters of the added numbers we need.
Then click on the “+” sign in the upper right corner and select “Substitution”.
Then click on the “+” sign next to “Substitution”, then select “Replace All Instances…”, put the necessary checkboxes and switch to “All together”.
Please note that if instead of “All together” you choose “One at a time”, then the first character will be replaced first and then this word will be sent further along the pipeline, then the replacement in the second character will be made and the word will be sent down the pipeline again. That is, the “One at a Time” option increases the number of new words by a multiple – in accordance with the number of replacements.
To save a new dictionary, press “Process”, then select “Full Wordlist”.
2.
Let's say now we need to create a dictionary based on female names, in which the letters “a” are replaced with the symbol “@”. Moreover, it is necessary that both the original names and the replacement of characters be preserved. Then there is a dash after the name. The date is then inserted in the format DDMMYYYY.
Run the program:
mentalist
Note that a list of English words is already selected by default. We delete it for this, click on the “-” sign.
Then click the “+” sign next to Base Word, select Common Names, then Women.
Then click on the “+” sign in the upper right corner and select “Substitution…”.
Press the “+” sign next to “Substitution” again, then select “Replace All Instances…”, put the necessary checkboxes and switch to “All together”.
Then click on the “+” sign in the upper right corner and select “Append”.
Then click on the “+” sign next to “Append”, then select “Special Characters…” and put a check mark in front of the “-” symbol:
Now click the “+” sign next to “Append” again, then select “Numbers” and then “Dates…”. Set the desired range and format:
We get the following result, pay attention to the approximate number of words in the new dictionary and the size of the dictionary in megabytes:
To save a new dictionary, press “Process”, then select “Full Wordlist”.
Conclusion
So, Mentalist is a handy and easy-to-use program for creating dictionaries according to more abstract rules than maskprocessor and Crunch. First of all, it is convenient for modifying existing dictionaries for specific conditions. At the same time, it will not be able to replace maskprocessor and Crunch, since they are more flexible in creating dictionaries based on the rules for the arrangement of characters in certain positions.
Related articles:
- Advanced wordlist generating techniques (99.2%)
- Programs for generating wordlists (75.9%)
- Hacking WPA/WPA2 passwords with Aircrack-ng: dictionary attack, cooperation with Hashcat, maskprocessor, statsprocessor, John the Ripper, Crunch, hacking in Windows (68.1%)
- How to generate candidate passwords that match password strength policies (filtering words with grep) (63.8%)
- Generation and modification of word lists according to the given rules (57.8%)
- Hacking Wi-Fi without users in Aircrack-ng (RANDOM - 0.9%)