- Nick Congleton
IntroductionWordlists are a key part of brute force password attacks. For those readers that aren't familiar, a brute force password attack is an attack in which an attacker uses a script to repeatedly attempt to log into an account until they receive a positive result. Brute force attacks are fairly overt and can cause a properly configured server to lock out an attacker or their IP.
This is the point of testing the security of log in systems this way. Your server should ban attackers that attempt these attacks, and should report the increased traffic. On the user end, passwords should be more secure. It's important to understand how the attack is carried out to create and enforce a strong password policy.
Kali Linux comes with a powerful tool for creating wordlists of any length. It's a simple command line utility called Crunch. It has simple syntax and can easily be adjusted to suit your needs. Beware, though, these lists can be very large and can easily fill an entire hard drive.