Generation and modification of dictionaries according to the specified rules

How to generate and modify dictionaries according to the given rules

To generate dictionaries, there are maskprocessor and Crunch programs that are very flexible in customization. They allow you to create any dictionaries that can be described with rather complex rules or a certain pattern, for example, dictionaries with:

  • phone numbers
  • dates of birth
  • eight-character passwords, in which letters and numbers occur
  • passwords starting with a certain word followed by a certain number of digits
  • passwords in which the first two characters are uppercase letters, then 4 uppercase letters, then eight numbers, then two hexadecimal numbers
  • etc.

You can come up with a huge number of options, but one way or another they boil down to a description in which position which symbol should be located.

If we take more abstract constructions, for example:

  • password from names, which ends with several numbers,
  • a dictionary of popular words in which the characters “a” are replaced by “@”
  • a dictionary in which the case of some letters is changed
  • swear words in which a certain line is placed before the word
  • etc.

To perform such tasks, the Mentalist program was created. It knows how to build “chains” of actions – you can set any logic for processing ready-made dictionaries or modifying a given string. The program has a graphical user interface and runs on both Linux and Windows.

How to install Mentalist

Installation is quite simple, regardless of whether you decide to use a ready-made binary file or install from source codes. For details on installation, see the program page: https://en.kali.tools/?p=1310.

How to use Mentalist

To understand how the Mentalist works, you need to consider the basic concepts of the program.

The Chain

Mentalist generates wordlists by linking together nodes, which form a chain. The first node in a chain is always the Base Words node. When the chain is processed, each Base Word passes to the next node in the chain, which might modify the word, leave it the same or create more variations of it. Finally, the results are written to an output file as either the full wordlist or rules to generate the equivalent list.

Nodes

There are 5 types of nodes. Each type has its own set of attributes, which can be added in any combination. A node's attributes determine its function. Furthermore, attributes within the same node are mutually exclusive from each other.

Some nodes may produce more than one output word for each input word. In such cases, only the set of unique output words for a Base Word is passed on to the next node. In other words, each node performs de-duplication on each base word.

Type Description
Base Words Always the first node within the Mentalist chain. It provides the root words, which are to be processed by each node as they pass down the chain.
Case Changes the case of letters within the word. Each attribute added to a Case node produces a different variation of the input word, except for the No Case Change attribute which passes through the original word.
Substitution Replaces characters within the word. Like Case, each attribute added to a Substitution node produces another output word, subject to de-duplication. The No Substitution attribute gives the unmodified input word.
Append Append nodes add strings to the end of the input word. Most Append attributes produce many variations of the input word. For example, the Numbers: Small (0-100) attribute adds 101 output words for each input word.
Prepend Prepend nodes add strings to the beginning of the input word. Its attributes and functionality is otherwise identical to Append.

Attributes

Each node has the ability to perform one or more actions on the input words. These actions are specified in each node's attributes. Attributes within the same node are mutually exclusive of each other and, as a consequence, a node can have no duplicate attributes.

Node Attributes

Base Words

Attribute Description
No Words Provides an empty string
Custom File… User-specified custom wordlist file
Custom String… User-specified custom string
English Dictionary English dictionary taken from the Unix words file
Common Names  
 Men 1,000 most common mens' names in the US
 Women 1,000 most common womens' names in the US
 Pets 1,200 most common pets' names in the US
Other  
 Slang & Expletives Wordlist of US slang and expletives
 Months & Seasons Wordlist of months and seasons

Case

Attribute Description Input Result
No Case Change Perform no action TeSt TeSt
Lowercase      
 Lowercase All Make word all lowercase TeSt test
 Lowercase First,  Upper Rest Make first character lowercase and the rest of the word uppercase TeSt tEST
Uppercase      
 Uppercase All Make word all uppercase TeSt TEST
 Uppercase First,  Lower Rest Make first character uppercase and the rest of the word lowercase TeSt Test
Toggle Nth… Change the case of the Nth character TeSt (N=2) TESt

Substitution

Attribute Description Input Result
No Substitution… Perform no action test test
Replace All Instances… Replaces all instances of specified characters test
('t'→'+')
+es+
Replace First Instance… Replace the first instance of specified characters test
('t'→'+')
+est
Replace Last Instance… Replace the last instance of specified characters test
('t'→'+')
tes+

If a word does not match criteria for substitution, it will be output unchanged.

Note: Replace First Instance and Replace Last Instance are not compatible with Hashcat & John rules. If attempting to output rules using one of these attributes in your chain, Mentalist will ask if you would like to replace these attributes with the Replace All Instances, which is a supported rule.

Additional Substitution Options

One at a Time substitution will only substitute one specified character at a time.

All at Once substitution will substitute all characters at once.

Option Input Substitutions Output
One at a Time apple 'a'→'@'
'e'→'3'
@pple
appl3
All at Once apple 'a'→'@'
'e'→'3'
@ppl3

Append / Prepend

Attribute Description
No Append / Prepend Perform no action
Words  
 Custom File… User-specified custom wordlist file
 Custom String… User-specified custom string
 English Dictionary English dictionary taken from the Unix words file
Common Names  
  Men 1,000 most common mens' names in the US
  Women 1,000 most common womens' names in the US
  Pets 1,200 most common pets' names in the US
Other  
  Slang & Expletives Wordlist of US slang and expletives
  Months & Seasons Wordlist of months and seasons
Numbers  
 User Defined… User-specified numbers (From, To, 0-padding)
 Small: 0-100 Numbers ranging from 0 to 100
 Basic: 0-1000 Numbers ranging from 0 to 1000
 Full: 0-10000 Numbers ranging from 0 to 10000
 Years: 1950-2025 Numbers ranging from 1950 to 2025
 Dates… Dates: From Year, To Year, Format (e.g. mmddyy), Leading 0
Special Characters… Special characters (one at a time only)
Area Codes (US)  
 By State Area codes by state
 By City Area codes by city (largest 50 available)
Zip Codes (US)  
 By State Zip codes by state
 By City Zip codes by city (largest 50 available)

Output

Full Wordlist

This option outputs the entire wordlist, as specified by the chain. The estimated number of words and filesize can be found in the top menu of Mentalist.

Hashcat/John Rules

For offline cracking, there are times where the full wordlist is too large to output as a whole. In this case, it makes sense to output to rules so that Hashcat or John can programmatically generate the full wordlist.

Note that the First and Last Substitution attributes are not compatible with Hashcat/John. When a chain contains these attributes, saving to Hashcat/John will warn that First or Last will be changed to All in the rules output.

Base Words Only

This output option allows you to output the base words into a single file to be used with your rules. This is useful if you have multiple sources of base words (multiple Base Word attributes).

Persistence

Saving Chains

Mentalist is able to save chain files for future use. To save a chain file, go to Load/SaveSave Chain, which will then prompt you where you'd like to save the file. For organization, saved Mentalist chains should have the extension .mentalist, which is enforced in the application on most OSes.

Loading Chains

Mentalist is able to load chain files by clicking on Load/SaveLoad Chain. If the chain file refers to a user-specified file that is not present on the current system, Mentalist will put a red box around that file attribute and will prevent processing. To fix this, click on the Fix... button next to the file and specify a local file in its place.

Mentalist usage examples

1.

Suppose we want to create a dictionary based on an existing list of words, adding 2 to 4 digits to each word, and in which all the letters “a” are replaced with “@” and the letters “s” are replaced with “$”.

Run the program:

mentalist

Note that the English Dictionary is already selected by default. We delete it, for this we click on the “-” sign.

Then press the “+” sign next to “Base Word”, select “Custom File…” and specify the dictionary you want to change.

Then click on the “+” sign in the upper right corner and select “Append”.

Then click on the “+” sign next to “Append”, then select “Numbers” and then “User Defined…”. We set the parameters of the added numbers we need.

Then click on the “+” sign in the upper right corner and select “Substitution”.

Then click on the “+” sign next to “Substitution”, then select “Replace All Instances…”, put the necessary checkboxes and switch to “All together”.

Please note that if instead of “All together” you choose “One at a time”, then the first character will be replaced first and then this word will be sent further along the pipeline, then the replacement in the second character will be made and the word will be sent down the pipeline again. That is, the “One at a Time” option increases the number of new words by a multiple – in accordance with the number of replacements.

To save a new dictionary, press “Process”, then select “Full Wordlist”.

2.

Let's say now we need to create a dictionary based on female names, in which the letters “a” are replaced with the symbol “@”. Moreover, it is necessary that both the original names and the replacement of characters be preserved. Then there is a dash after the name. The date is then inserted in the format DDMMYYYY.

Run the program:

mentalist

Note that a list of English words is already selected by default. We delete it for this, click on the “-” sign.

Then click the “+” sign next to Base Word, select Common Names, then Women.

Then click on the “+” sign in the upper right corner and select “Substitution…”.

Press the “+” sign next to “Substitution” again, then select “Replace All Instances…”, put the necessary checkboxes and switch to “All together”.

Then click on the “+” sign in the upper right corner and select “Append”.

Then click on the “+” sign next to “Append”, then select “Special Characters…” and put a check mark in front of the “-” symbol:

Now click the “+” sign next to “Append” again, then select “Numbers” and then “Dates…”. Set the desired range and format:

We get the following result, pay attention to the approximate number of words in the new dictionary and the size of the dictionary in megabytes:

To save a new dictionary, press “Process”, then select “Full Wordlist”.

Conclusion

So, Mentalist is a handy and easy-to-use program for creating dictionaries according to more abstract rules than maskprocessor and Crunch. First of all, it is convenient for modifying existing dictionaries for specific conditions. At the same time, it will not be able to replace maskprocessor and Crunch, since they are more flexible in creating dictionaries based on the rules for the arrangement of characters in certain positions.

Recommended for you:

Leave a Reply

Your email address will not be published. Required fields are marked *