SlideShare ist ein Scribd-Unternehmen logo

The world is y0ur$: Geolocation-based wordlist generation with wordsmith

Als PPTX, PDF herunterladen
Sanjiv Kawa
Sanjiv Kawa

Wild West Hackin' Fest 2017 Presentation - Sanjiv Kawa and Tom Porter

Software
1 von 42
THE WORLD IS Y0UR$: GEOLOCATION-BASED WORDLIST GENERATION WITH WORDSMITH SANJI V KAWA | TO M PO RTER @ h a c k e r j i v | @ p o r t e r h a u 5
❯ whoami 2 Sanjiv Kawa @hackerjiv S R . P E N E T R A T I O N T E S T E R P S C / N C C G R O U P • Roots in dev and IT • Penetration testing • Binary analysis and exploit dev • Canadian
❯ su porterhau5 3 Tom Porter @porterhau5 S R . S E C U R I T Y C O N S U L T A N T F U S I O N X R E D T E A M • Flow data analytics • Penetration testing • Red teaming • BloodHound extensions
What is Wordsmith? 4 Custom wordlist generation Crack hashes / password attacks Tailored for your target Geo-location data Modular and extensible Username generation
Wordsmith v1 5
Wordsmith v1: Geo-location Data Collected 6 Major league sports teams Colleges and universities Common names Area codesZip codes Streets and roads Landmarks Cities, towns, etc
Wordsmith v1: Additional Features 7 CeWL Integration Basic mangling (whitespace, specials, split on space) Specify minimum character length To lowercase[a-z]
Wordsmith v1: Things we learned 8 Feedback from the community was incredible. Thank you! Top three requests: 1. More countries need to be available (v1 was US only) 2. Needs to be a way to introduce more/your own data 3. Limited to the English language
Wordsmith v2 9 New CLI design Multi-language (13 so far! – UTF-8) Introduced religions Generate usernames Modular framework allows for user contribution and extensibility Geo-location data sets for over 230 countries!
Data Sources Coverage: World Data types: Population, Religion, Languages, etc 10 www.cia.gov/library/publications/the-world- factbook/geos/print_[aa-zz].html Coverage: 13 languages (hunspell)
Data Sources 11 Coverage: US Data Types: Sports teams, colleges Coverage: World Data Types: Landmarks and archeological sites Coverage: World Data Types: Religious texts
Data Sources 12 Coverage: World Data Types: Roads, Cities, Counties Coverage: US Data Types: Popular first names. Last names Coverage: US Data Types: Area Codes, Zip Codes
How to get Wordsmith 13 ❯ git clone https://github.com/skahwah/wordsmith.git ❯ cd wordsmith ❯ bundle install # (optional for CeWL integration) ❯ ruby wordsmith.rb wordsmith v2.0.7 Written by: Sanjiv "Trashcan Head" Kawa & Tom "Pain Train" Porter Twitter: @hackerjiv & @porterhau5 [*] Hello new wordsmither! [*] This script will remove the data/ directory in the current working directory. Enter 'y' to continue: y [*] Just need to unpack some files (Running: tar -xf data.tar.xz) [*] Unpack completed! [*] CeWL found: /usr/bin/cewl
Files 14 ❯ ls -l -rw-r--r-- 1 user staff 3159 Oct 1 22:57 CHANGELOG.md drwxr-xr-x 2 user staff 4096 Oct 1 22:57 data -rw-r--r-- 1 user staff 50602888 Oct 1 22:57 data.tar.xz -rw-r--r-- 1 user staff 116 Oct 1 22:57 Gemfile -rw-r--r-- 1 user staff 1393 Oct 1 22:57 LICENSE -rw-r--r-- 1 user staff 7514 Oct 1 22:57 README.md -rwxr-xr-x 1 user staff 31081 Oct 1 22:57 wordsmith.rb • View README first, or check out –E option (examples) • wordsmith.rb: primary ruby script • data.tar.xz (~50 MB): compressed archive of data • data/ (~250 MB): data arranged in hierarchy
Boundaries & Attributes 15 Boundaries (-I <input>) • Areas of the world to get words for • 249 countries and territories • States/Provinces • Cities • Custom regions Attributes (ex: -r -l) • Types of words to grab: • Cities • Colleges • Landmarks • Languages • Names • Roads • Religions • and more… ❯ ruby wordsmith.rb –I usa –r –l
Structure 16 ❯ ls data/ abw afg ago aia ala alb and are arg arm ... wlf wsm yem zaf zmb zwe ISO ALPHA-3 Country Codes ❯ ls data/usa ak al ar az ca cia.txt co ct dc ... tx usa.yaml ut va vt wa wi wv wy States, Provinces, Counties, Municipalities ❯ ls data/usa/nc areacodes.txt charlotte cities.txt colleges.txt counties.txt ... Cities, Counties ❯ ls data/usa/nc/charlotte sports.txt Attributes (sports, colleges, roads, etc.) are .txt files
Boundaries and Input 17 ❯ ruby wordsmith.rb –I usa [options] ❯ ruby wordsmith.rb –I usa-nc [options] ❯ ruby wordsmith.rb –I usa-nc-charlotte [options] ❯ ruby wordsmith.rb –I usa,can [options] ❯ ruby wordsmith.rb –I usa-sd,usa-nd,usa-co [options] -I for specifying input boundaries Can supply one or many boundaries ❯ ruby wordsmith.rb –I 10 [options] Providing a number (ex: 10) will select N most populous countries
Regions 18 ❯ ruby wordsmith.rb –I europe [options] ❯ grep europe data/regions.csv europe,"Continent of Europe",ala alb and arm aut aze bel bgr bih blr che cyp cze deu dnk esp est fin fra fro gbr geo ggy gib grc hrv hun imn irl isl ita jey kaz lie ltu lux lva mco mda mkd mlt mne nld nor pol prt rou rus sjm smr srb svk svn swe tur ukr vat regions.csv contains custom grouping of boundaries Can see regions with -R option: ❯ ruby wordsmith.rb –R Alias: newengland Description: US - New England Members: usa-ct usa-me usa-ma usa-nh usa-ri usa-vt Alias: plains Description: US - Plains Members: usa-ia usa-ks usa-mn usa-mo usa-ne usa-nd usa-sd Alias: greatlakes Description: US - Great Lakes Members: usa-il usa-in usa-mi usa-oh usa-wi
Attributes 19 ❯ ruby wordsmith.rb –I europe [options] ❯ ruby wordsmith.rb –h Main Arguments: -I, --input <input> Comma-delimited list of inputs Input Options: -a, --all Grab all options -b, --other Grab other miscellaneous attributes -e, --cia Grab demographics compiled by the CIA -c, --cities Grab all city names -f, --colleges Grab all college sports -l, --landmarks Grab all landmarks -v, --language Grab the most popular language(s) -N, --all-names Grab all first names and last names -G, --first-names Grab all first names -L, --last-names Grab all last names -F, --female-fnames Grab all female first names -M, --male-fnames Grab all male first names -p, --phone Grab all area codes -r, --roads Grab all road names -g, --religion Grab the most popular relgious text(s) -t, --teams Grab all major sports teams -u, --counties Grab all counties -z, --zip Grab all zip codes
Attribute Examples 20 ❯ ruby wordsmith.rb –I usa-sd -z 57001 57002 57003 57004 ... Grab all zip codes for South Dakota ❯ ruby wordsmith.rb –I gbr-eng –r –c -l Ab Kettleby Abberley Abberton Abbess Roding ... Grab all roads, cities, and landmarks for England, GBR ❯ ruby wordsmith.rb –I asia -a Abas Abatan Abbeg Abejao ... Grab all attributes for Asia
Child Nodes 21 ❯ ruby wordsmith.rb –I gbr –C Format: boundary-name : attribute1 attribute2 attribute3 etc. gbr : cities counties landmarks roads cia |-- gbr-sco : cities counties roads |-- gbr-wal : cities counties roads |-- gbr-eng : cities counties roads | |-- gbr-eng-su : cities counties roads | |-- gbr-eng-ch : cities counties roads | |-- gbr-eng-ex : cities roads | |-- gbr-eng-nt : cities counties roads | |-- gbr-eng-sk : cities roads | |-- gbr-eng-ca : cities counties roads | |-- gbr-eng-bu : cities counties roads | |-- gbr-eng-sx | | |-- gbr-eng-sx-east_sussex : cities counties roads | | |-- gbr-eng-sx-west_sussex : cities counties roads ... See the child nodes (-C) and their attributes of a given boundary
Country Metadata 22 ❯ ls -l data/jpn/ -rw-r--r-- 1 user staff 32002 Aug 30 19:16 cia.txt -rw-r--r-- 1 user staff 13184 Sep 9 2016 cities.txt -rw-r--r-- 1 user staff 5608 Sep 9 2016 counties.txt -rw-r--r-- 1 user staff 107 Aug 30 19:36 jpn.yaml -rw-r--r-- 1 user staff 113672 Oct 1 21:10 landmarks.txt -rw-r--r-- 1 user staff 871994 Sep 9 2016 roads.txt ❯ cat data/jpn/jpn.yaml config: population: 126,702,133 language_1: Japanese religion_1: Shintoism religion_2: Buddhism The World Factbook: Population Official languages Most popular religions Most populous countries (ex: -I 25) Official languages (-v, --language) Most popular religions (-g, --religion)
Religions 23 ❯ wc -l data/religion/* 28168 douay-rheims-parsed.txt 97682 king-james-bible-book-verse.txt 20190 king-james-bible-parsed.txt 42876 niv-bible-parsed-spanish.txt 34202 niv-bible-parsed.txt 7872 quran-parsed-eng.txt ❯ cat king-james-bible-book-verse.txt The First Book of Moses: Called Genesis Genesis1:1 1:1Genesis John3:16 3:16John ... ❯ cat king-james-bible-parsed.txt ... Jesuite Jesus Jether Jetheth Jethro ... (-g, --religion) Identified the most common religions • KJV Bible • NIV Bible • Douay Rheims • Quran ~ 200 countries are covered
Languages 24 ❯ head –n 5 language-frequency.txt 83:English 38:French 29:Spanish 26:Arabic 11:Russian ❯ wc -l data/languages/*.txt 457097 arabic.txt 47866 bahasa.txt 110750 bengali.txt 115485 cedict.txt 466544 english.txt 72038 french.txt 585844 german.txt 338534 hebrew.txt 15990 hindi.txt 95152 italian.txt 47866 malay.txt 340235 portuguese.txt 379324 russian.txt 798915 spanish.txt 371169 turkish.txt (-v, --language) Identified the most common languages ~ 195 countries are covered
Modular Design 25 ❯ ls data/usa/mn/ areacodes.txt colleges.txt fnames.txt landmarks.txt sports.txt cities.txt counties.txt lakes.txt roads.txt zipcodes.txt ❯ cat data/usa/mn/lakes.txt Aaron Abbey Acorn Adelman's Pond ... ❯ ruby wordsmith.rb –I usa-mn –b Aaron Abbey Acorn Adelman's Pond ... Modular design: - Easily extensible - Introduce your own .txt files (grab with –b option) - Contribute and help build the project
Output Options 26 ❯ ruby wordsmith.rb –h <Input options snipped> Output Options: -o, --output FILE The filename for writing output -q, --quiet Don't show words, use with -o option -k, --min-length LEN Minimum length of word to include -n, --max-length LEN Maximum length of word to include -D, --complexity Words meet Windows default complexity -j, --lowercase Convert all words to lowercase -w, --specials Add words with special chars removed -x, --spaces Add words with spaces removed -y, --split Split words by space and add -m, --mangle Add all permutations (-w, -x, -y) -P, --prepend-phones Prepend state area codes to each word -A, --append-phones Append state area codes to each word -X, --prepend-zips Prepend zip codes to each word -Z, --append-zips Append zip codes to each word -W, --prepend-wordlist FILE Prepend words in FILE to each word -Y, --append-wordlist FILE Append words in FILE to each word
Tweaking Output 27 ❯ ruby wordsmith.rb –I usa-dc –r Pennsylvania Ave. Name of a road generated for D.C. Mangle (-m): split words, remove specials, remove spaces ❯ ruby wordsmith.rb –I usa-dc –r -m Pennsylvania Ave. Pennsylvania Ave Pennsylvania Ave. Ave PennsylvaniaAve. PennsylvaniaAve ❯ ruby wordsmith.rb –I usa-dc –r –m –k 8 Pennsylvania Ave. Pennsylvania Ave Pennsylvania PennsylvaniaAve. PennsylvaniaAve Min Length (-k): specify minimum char length
Tweaking Output 28 ❯ ruby wordsmith.rb –I usa-dc –r –m –D Pennsylvania Ave. Pennsylvania Ave PennsylvaniaAve. Windows Default complexity (-D): 8 char min, 3/4 cases ❯ ruby wordsmith.rb –I usa-sd –a –q –o SD.txt cities in ./data/usa/sd: 390 colleges in ./data/usa/sd: 37 counties in ./data/usa/sd: 66 landmarks in ./data/usa/sd: 16 fnames in ./data/usa/sd: 2319 areacodes in ./data/usa/sd: 1 roads in ./data/usa/sd: 15569 zipcodes in ./data/usa/sd: 394 religions: 145786 languages: 1107300 [*] 1252939 words written to: /opt/wordsmith/SD.txt Quiet output (-q), write results to file (-o sd.txt)
Prepending & Appending 29 • Prepend or Append: • Zip codes (-X,-Z) • Area codes (-P,-A) • User-supplied wordlist (-W,-Y) https://arstechnica.com/tech-policy/2016/08/if-youre-an-alleged-drug-dealer-dont-use-asshole209-as-a-password/
Prepending & Appending 30 ❯ cat years.txt 17 17! 2017 2017! years.txt: file I created with words I want to append ❯ ruby wordsmith.rb –I usa-sd –f -m –Y years.txt ... Augustana Augustana17 Augustana17! Augustana2017 Augustana2017! BlackHills BlackHills17 BlackHills17! BlackHills2017 BlackHills2017! ... Grab colleges (-f), mangle (-m), then append custom wordlist (-Y)
Names 31 ❯ cat data/usa/fnames.txt James John Robert Michael Mary ... ❯ cat data/usa/lnames.txt Smith Johnson Williams Brown Jones ... • Most common baby names in each state since 1910 • -G: most common first names • -L: most common last names • -N: all names
Username Generation 32 ❯ ruby wordsmith.rb –h <other options snipped> Username Generation Options: --filn FirstInitialLastName (bsmith) --fnln FirstNameLastName (bobsmith) --fnli FirstNameLastInitial (bobs) --lnfi LastNameFirstInitial (smithb) --lnfn LastNameFirstName (smithbob) --fidln FirstInitial.LastName (b.smith) --fndln FirstName.LastName (bob.smith) --truncate LEN Truncate username at LEN number of chars (bobsmi) --max-users LEN Max number of usernames to generate --name-depth LEN Num of first/last names to iterate over (default:100, 0 will get all) • Generate different username formats • Use --max-users and --name-depth to handle speed & volume
Username Generation 33 ❯ ruby wordsmith.rb –I usa --fnln JamesSmith JamesJohnson JamesWilliams JamesBrown JamesJones JamesGarcia JamesMiller ... First name Last Name ❯ ruby wordsmith.rb –I usa --fndln James.Smith James.Johnson James.Williams James.Brown James.Jones James.Garcia James.Miller ... First name (dot) Last Name
Username Generation 34 ❯ ruby wordsmith.rb –I usa –filn –-truncate 8 ... aDavis aRodrigu aMartine aHernand aGonzale aWilson aAnderso ... Truncate down to 8 characters ❯ ruby wordsmith.rb –I usa –lnfn –q usernames in ./data/usa: 10000 ❯ ruby wordsmith.rb –I usa –lnfn –q --name-depth 250 usernames in ./data/usa: 62500 ❯ ruby wordsmith.rb –I usa –lnfn –q --name-depth 1000 usernames in ./data/usa: 1000000 Adjust --name-depth to generate more usernames
Ireland – Interesting Password Recoveries 36 • Cork1234 • Carlow123 • Dublin1234 • Seapoint1916 • Artane2016 • Templeroan2009 • Donegal56 • ParkLodge30! • Portishead01 • Tipperary2 • Larkfield18 • Wolseley2014 • Farriers40 • 5RotheAbbey
Multinational Organization Results 37 • Organization has offices in USA, Australia and Canada • Unable to disclose total number of hashes Wordlist Hashcat run time Number of passwords recovered Top 10k (10k words) 4 sec Rockyou (14.4m words) 30 mins AUS, CAN, USA Wordlist (7.3m words) 13 mins 256 476 241 ruby wordsmith.rb -I aus,can,usa -a -j -q -m -o aus-can-usa-all-lowercase-q-m.txt
Multinational – Interesting Password Recoveries 38 Australia: • Bayswater2017 • Primavera001 • Padstow123! • Queenslander2015 • Razorback1965 • Parramatta16 • Sydney201% Canada • !Matthew2222 • Canada1984 • Vancouver186 USA • Bernie424! • ColoradoSprings3! • ChicagoCubs2016 • BostonCeltics29 • Anakin2005s • Denean1973 • Cubbie221! • Metrocenter11
KrbGuess using USA Usernames 39 ❯ ruby wordsmith.rb -I usa --filn --name-depth 10000 -q -o filn-usa- 260k.txt usernames in ./data/usa: 260000 ❯ java -jar krbguess.jar --realm corp.trevorforget.com --dict filn-usa- 260k.txt --server 10.10.10.10 --output corp-krbguess-1.log KrbGuess v0.21 by Patrik Karlsson <patrik@cqure.net> ==================================================== [INF] Found user: aAbraham@corp.trevorforget.com [INF] Found user: aAhmad@corp.trevorforget.com [INF] Found user: aAlam@corp.trevorforget.com [INF] Found user: aAli@corp.trevorforget.com [INF] Found user: aArcher@corp.trevorforget.com [INF] Found user: aBaker@corp.trevorforget.com [INF] Found user: aBeck@corp.trevorforget.com [INF] Found (locked/disabled) user: aBrown@corp.trevorforget.com ... <snipped> ... [INF] Finished guessing 260000 usernames in 469 seconds ❯ cat corp-krbguess-1.log | grep -i found | grep -v disabled | wc -l 505
• Collecting and collating this data required the development of some parsers Parsers 40 ❯ git clone https://github.com/skahwah/wordsmith_parsers.git ❯ ls LICENSE cia-parsers landmark-parser osm-parsers README.md census-parsers names-parsers religion-parsers https://github.com/skahwah/wordsmith_parsers
Future Work 41 • Data! – Diving deeper into OpenStreetMap – Popular song lyrics (h/t @pfizzell) – Got ideas? We’d love to hear them! • Skills – GIS – Multiple language speakers – Obscure website hunting & scraping • Design – Lookups based on coordinates – API? (h/t @pfizzell)
Thank you! 42 Sanjiv Kawa @hackerjiv S R . P E N E T R A T I O N T E S T E R P S C / N C C G R O U P Tom Porter @porterhau5 S R . S E C U R I T Y C O N S U L T A N T F U S I O N X R E D T E A M https://github.com/skahwah/wordsmith

Empfohlen

The world is y0ur$: Geolocation-based wordlist generation with wordsmith
The world is y0ur$: Geolocation-based wordlist generation with wordsmithThe world is y0ur$: Geolocation-based wordlist generation with wordsmith
The world is y0ur$: Geolocation-based wordlist generation with wordsmith
Sanjiv Kawa
 
Crafting tailored wordlists with Wordsmith
Crafting tailored wordlists with WordsmithCrafting tailored wordlists with Wordsmith
Crafting tailored wordlists with Wordsmith
Sanjiv Kawa
 
เทคนิคการค้นหาด้วย Google
เทคนิคการค้นหาด้วย Googleเทคนิคการค้นหาด้วย Google
เทคนิคการค้นหาด้วย Google
zerostart77777
 
when the link makes sense
when the link makes sensewhen the link makes sense
when the link makes sense
Fabien Gandon
 
Digital Twin: jSON-LD, RDF
Digital Twin: jSON-LD, RDFDigital Twin: jSON-LD, RDF
Digital Twin: jSON-LD, RDF
Md Mazedul Islam Khan
 
Name That Graph !
Name That Graph !Name That Graph !
Name That Graph !
Fabien Gandon
 
Annotating the Hebrew Bible
Annotating the Hebrew BibleAnnotating the Hebrew Bible
Annotating the Hebrew Bible
Dirk Roorda
 
Web 3.0 w teorii i praktyce
Web 3.0 w teorii i praktyceWeb 3.0 w teorii i praktyce
Web 3.0 w teorii i praktyce
Sebastian Ryszard Kruk
 

Empfohlen

The world is y0ur$: Geolocation-based wordlist generation with wordsmith
The world is y0ur$: Geolocation-based wordlist generation with wordsmithThe world is y0ur$: Geolocation-based wordlist generation with wordsmith
The world is y0ur$: Geolocation-based wordlist generation with wordsmith
Sanjiv Kawa
 
Crafting tailored wordlists with Wordsmith
Crafting tailored wordlists with WordsmithCrafting tailored wordlists with Wordsmith
Crafting tailored wordlists with Wordsmith
Sanjiv Kawa
 
เทคนิคการค้นหาด้วย Google
เทคนิคการค้นหาด้วย Googleเทคนิคการค้นหาด้วย Google
เทคนิคการค้นหาด้วย Google
zerostart77777
 
when the link makes sense
when the link makes sensewhen the link makes sense
when the link makes sense
Fabien Gandon
 
Digital Twin: jSON-LD, RDF
Digital Twin: jSON-LD, RDFDigital Twin: jSON-LD, RDF
Digital Twin: jSON-LD, RDF
Md Mazedul Islam Khan
 
Name That Graph !
Name That Graph !Name That Graph !
Name That Graph !
Fabien Gandon
 
Annotating the Hebrew Bible
Annotating the Hebrew BibleAnnotating the Hebrew Bible
Annotating the Hebrew Bible
Dirk Roorda
 
Web 3.0 w teorii i praktyce
Web 3.0 w teorii i praktyceWeb 3.0 w teorii i praktyce
Web 3.0 w teorii i praktyce
Sebastian Ryszard Kruk
 
Rdf In A Nutshell V1
Rdf In A Nutshell V1Rdf In A Nutshell V1
Rdf In A Nutshell V1
Fabien Gandon
 
"Whatever I can get..."
"Whatever I can get...""Whatever I can get..."
"Whatever I can get..."
Dan Brickley
 
Two graph data models : RDF and Property Graphs
Two graph data models : RDF and Property GraphsTwo graph data models : RDF and Property Graphs
Two graph data models : RDF and Property Graphs
andyseaborne
 
Poster - Completeness Statements about RDF Data Sources and Their Use for Qu...
Poster - Completeness Statements about RDF Data Sources and Their Use for Qu...Poster - Completeness Statements about RDF Data Sources and Their Use for Qu...
Poster - Completeness Statements about RDF Data Sources and Their Use for Qu...
Fariz Darari
 
Linking the Open Data? by Petko Valtchev
Linking the Open Data? by Petko ValtchevLinking the Open Data? by Petko Valtchev
Linking the Open Data? by Petko Valtchev
Trudat
 
Web of data
Web of dataWeb of data
Web of data
Yves Raimond
 
Deepweb Tools
Deepweb ToolsDeepweb Tools
Deepweb Tools
manigandan_ramkumar
 
Linked Data on Rails
Linked Data on RailsLinked Data on Rails
Linked Data on Rails
Patrick Sinclair
 
RDFS In A Nutshell V1
RDFS In A Nutshell V1RDFS In A Nutshell V1
RDFS In A Nutshell V1
Fabien Gandon
 
(Re-) Discovering Lost Web Pages
(Re-) Discovering Lost Web Pages(Re-) Discovering Lost Web Pages
(Re-) Discovering Lost Web Pages
Michael Nelson
 
Creating web applications with LODSPeaKr
Creating web applications with LODSPeaKrCreating web applications with LODSPeaKr
Creating web applications with LODSPeaKr
Alvaro Graves
 
FedX - Optimization Techniques for Federated Query Processing on Linked Data
FedX - Optimization Techniques for Federated Query Processing on Linked DataFedX - Optimization Techniques for Federated Query Processing on Linked Data
FedX - Optimization Techniques for Federated Query Processing on Linked Data
aschwarte
 
DHWI Linked Open Data - Show and Tell
DHWI Linked Open Data - Show and TellDHWI Linked Open Data - Show and Tell
DHWI Linked Open Data - Show and Tell
Georgina Goodlander
 
2014.12 - Let's Disco (EDDI 2014)
2014.12 - Let's Disco (EDDI 2014)2014.12 - Let's Disco (EDDI 2014)
2014.12 - Let's Disco (EDDI 2014)
Dr.-Ing. Thomas Hartmann
 
Programming with LOD
Programming with LODProgramming with LOD
Programming with LOD
Fumihiro Kato
 
Introduction to RDF
Introduction to RDFIntroduction to RDF
Introduction to RDF
Narni Rajesh
 
Intro to Linked, Dutch Ships and Sailors and SPARQL handson
Intro to Linked, Dutch Ships and Sailors and SPARQL handson Intro to Linked, Dutch Ships and Sailors and SPARQL handson
Intro to Linked, Dutch Ships and Sailors and SPARQL handson
Victor de Boer
 
The RDA Experience at the National Library of New Zealand
The RDA Experience at the National Library of New ZealandThe RDA Experience at the National Library of New Zealand
The RDA Experience at the National Library of New Zealand
Peter Sime
 
Consuming Linked Data by Machines - WWW2010
Consuming Linked Data by Machines - WWW2010Consuming Linked Data by Machines - WWW2010
Consuming Linked Data by Machines - WWW2010
Juan Sequeda
 
Real-time Semantic Web with Twitter Annotations
Real-time Semantic Web with Twitter AnnotationsReal-time Semantic Web with Twitter Annotations
Real-time Semantic Web with Twitter Annotations
Joshua Shinavier
 
Tapping the Data Deluge with R
Tapping the Data Deluge with RTapping the Data Deluge with R
Tapping the Data Deluge with R
Jeffrey Breen
 
Ancient corpora analysis
Ancient corpora analysisAncient corpora analysis
Ancient corpora analysis
Dirk Roorda
 

Weitere ähnliche Inhalte

Was ist angesagt?

Creating web applications with LODSPeaKr
Creating web applications with LODSPeaKrCreating web applications with LODSPeaKr
Creating web applications with LODSPeaKr
Alvaro Graves
 

Was ist angesagt? (20)

Rdf In A Nutshell V1
Rdf In A Nutshell V1Rdf In A Nutshell V1
Rdf In A Nutshell V1
 
"Whatever I can get..."
"Whatever I can get...""Whatever I can get..."
"Whatever I can get..."
 
Two graph data models : RDF and Property Graphs
Two graph data models : RDF and Property GraphsTwo graph data models : RDF and Property Graphs
Two graph data models : RDF and Property Graphs
 
Poster - Completeness Statements about RDF Data Sources and Their Use for Qu...
Poster - Completeness Statements about RDF Data Sources and Their Use for Qu...Poster - Completeness Statements about RDF Data Sources and Their Use for Qu...
Poster - Completeness Statements about RDF Data Sources and Their Use for Qu...
 
Linking the Open Data? by Petko Valtchev
Linking the Open Data? by Petko ValtchevLinking the Open Data? by Petko Valtchev
Linking the Open Data? by Petko Valtchev
 
Web of data
Web of dataWeb of data
Web of data
 
Deepweb Tools
Deepweb ToolsDeepweb Tools
Deepweb Tools
 
Linked Data on Rails
Linked Data on RailsLinked Data on Rails
Linked Data on Rails
 
RDFS In A Nutshell V1
RDFS In A Nutshell V1RDFS In A Nutshell V1
RDFS In A Nutshell V1
 
(Re-) Discovering Lost Web Pages
(Re-) Discovering Lost Web Pages(Re-) Discovering Lost Web Pages
(Re-) Discovering Lost Web Pages
 
Creating web applications with LODSPeaKr
Creating web applications with LODSPeaKrCreating web applications with LODSPeaKr
Creating web applications with LODSPeaKr
 
FedX - Optimization Techniques for Federated Query Processing on Linked Data
FedX - Optimization Techniques for Federated Query Processing on Linked DataFedX - Optimization Techniques for Federated Query Processing on Linked Data
FedX - Optimization Techniques for Federated Query Processing on Linked Data
 
DHWI Linked Open Data - Show and Tell
DHWI Linked Open Data - Show and TellDHWI Linked Open Data - Show and Tell
DHWI Linked Open Data - Show and Tell
 
2014.12 - Let's Disco (EDDI 2014)
2014.12 - Let's Disco (EDDI 2014)2014.12 - Let's Disco (EDDI 2014)
2014.12 - Let's Disco (EDDI 2014)
 
Programming with LOD
Programming with LODProgramming with LOD
Programming with LOD
 
Introduction to RDF
Introduction to RDFIntroduction to RDF
Introduction to RDF
 
Intro to Linked, Dutch Ships and Sailors and SPARQL handson
Intro to Linked, Dutch Ships and Sailors and SPARQL handson Intro to Linked, Dutch Ships and Sailors and SPARQL handson
Intro to Linked, Dutch Ships and Sailors and SPARQL handson
 
The RDA Experience at the National Library of New Zealand
The RDA Experience at the National Library of New ZealandThe RDA Experience at the National Library of New Zealand
The RDA Experience at the National Library of New Zealand
 
Consuming Linked Data by Machines - WWW2010
Consuming Linked Data by Machines - WWW2010Consuming Linked Data by Machines - WWW2010
Consuming Linked Data by Machines - WWW2010
 
Real-time Semantic Web with Twitter Annotations
Real-time Semantic Web with Twitter AnnotationsReal-time Semantic Web with Twitter Annotations
Real-time Semantic Web with Twitter Annotations
 

Ähnlich wie The world is y0ur$: Geolocation-based wordlist generation with wordsmith

Keeping it personal
Keeping it personalKeeping it personal
Keeping it personal
adactio
 
inteSearch: An Intelligent Linked Data Information Access Framework
inteSearch: An Intelligent Linked Data Information Access FrameworkinteSearch: An Intelligent Linked Data Information Access Framework
inteSearch: An Intelligent Linked Data Information Access Framework
National Inistitute of Informatics (NII), Tokyo, Japann
 
RDA: Are We There Yet? Carterette Webinar S
RDA: Are We There Yet? Carterette Webinar SRDA: Are We There Yet? Carterette Webinar S
RDA: Are We There Yet? Carterette Webinar S
Emily Nimsakont
 

Ähnlich wie The world is y0ur$: Geolocation-based wordlist generation with wordsmith (20)

Tapping the Data Deluge with R
Tapping the Data Deluge with RTapping the Data Deluge with R
Tapping the Data Deluge with R
 
Ancient corpora analysis
Ancient corpora analysisAncient corpora analysis
Ancient corpora analysis
 
Quran and Text-Fabric
Quran and Text-FabricQuran and Text-Fabric
Quran and Text-Fabric
 
useR! 2012 Talk
useR! 2012 TalkuseR! 2012 Talk
useR! 2012 Talk
 
Data Natives Amsterdam v 9.0 | "Point in Time Labeling at Scale" - Timothy Th...
Data Natives Amsterdam v 9.0 | "Point in Time Labeling at Scale" - Timothy Th...Data Natives Amsterdam v 9.0 | "Point in Time Labeling at Scale" - Timothy Th...
Data Natives Amsterdam v 9.0 | "Point in Time Labeling at Scale" - Timothy Th...
 
John Fagan - The Black Art of Geocoding
John Fagan - The Black Art of GeocodingJohn Fagan - The Black Art of Geocoding
John Fagan - The Black Art of Geocoding
 
John Fagan: The Black Art of Geocoding
John Fagan: The Black Art of GeocodingJohn Fagan: The Black Art of Geocoding
John Fagan: The Black Art of Geocoding
 
Semantic Pipes (London Perl Workshop 2009)
Semantic Pipes (London Perl Workshop 2009)Semantic Pipes (London Perl Workshop 2009)
Semantic Pipes (London Perl Workshop 2009)
 
Build Your Own World Class Directory Search From Alpha to Omega
Build Your Own World Class Directory Search From Alpha to OmegaBuild Your Own World Class Directory Search From Alpha to Omega
Build Your Own World Class Directory Search From Alpha to Omega
 
What You Need To Know About The Top Database Trends
What You Need To Know About The Top Database TrendsWhat You Need To Know About The Top Database Trends
What You Need To Know About The Top Database Trends
 
Understanding Graph Databases with Neo4j and Cypher
Understanding Graph Databases with Neo4j and CypherUnderstanding Graph Databases with Neo4j and Cypher
Understanding Graph Databases with Neo4j and Cypher
 
EPA DROE Email 4.28.03
EPA DROE Email 4.28.03EPA DROE Email 4.28.03
EPA DROE Email 4.28.03
 
Keeping it personal
Keeping it personalKeeping it personal
Keeping it personal
 
Embrace The Chaos
Embrace The ChaosEmbrace The Chaos
Embrace The Chaos
 
inteSearch: An Intelligent Linked Data Information Access Framework
inteSearch: An Intelligent Linked Data Information Access FrameworkinteSearch: An Intelligent Linked Data Information Access Framework
inteSearch: An Intelligent Linked Data Information Access Framework
 
Advanced MongoDB Aggregation Pipelines
Advanced MongoDB Aggregation PipelinesAdvanced MongoDB Aggregation Pipelines
Advanced MongoDB Aggregation Pipelines
 
MongoDB Europe 2016 - Advanced MongoDB Aggregation Pipelines
MongoDB Europe 2016 - Advanced MongoDB Aggregation PipelinesMongoDB Europe 2016 - Advanced MongoDB Aggregation Pipelines
MongoDB Europe 2016 - Advanced MongoDB Aggregation Pipelines
 
NCompass Live: RDA: Are We There Yet?
NCompass Live: RDA: Are We There Yet?NCompass Live: RDA: Are We There Yet?
NCompass Live: RDA: Are We There Yet?
 
Apache drill self service data exploration (113)
Apache drill self service data exploration (113)Apache drill self service data exploration (113)
Apache drill self service data exploration (113)
 
RDA: Are We There Yet? Carterette Webinar S
RDA: Are We There Yet? Carterette Webinar SRDA: Are We There Yet? Carterette Webinar S
RDA: Are We There Yet? Carterette Webinar S
 

Kürzlich hochgeladen

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 

Kürzlich hochgeladen (20)

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 

The world is y0ur$: Geolocation-based wordlist generation with wordsmith

  • 1. THE WORLD IS Y0UR$: GEOLOCATION-BASED WORDLIST GENERATION WITH WORDSMITH SANJI V KAWA | TO M PO RTER @ h a c k e r j i v | @ p o r t e r h a u 5
  • 2. ❯ whoami 2 Sanjiv Kawa @hackerjiv S R . P E N E T R A T I O N T E S T E R P S C / N C C G R O U P • Roots in dev and IT • Penetration testing • Binary analysis and exploit dev • Canadian
  • 3. ❯ su porterhau5 3 Tom Porter @porterhau5 S R . S E C U R I T Y C O N S U L T A N T F U S I O N X R E D T E A M • Flow data analytics • Penetration testing • Red teaming • BloodHound extensions
  • 4. What is Wordsmith? 4 Custom wordlist generation Crack hashes / password attacks Tailored for your target Geo-location data Modular and extensible Username generation
  • 6. Wordsmith v1: Geo-location Data Collected 6 Major league sports teams Colleges and universities Common names Area codesZip codes Streets and roads Landmarks Cities, towns, etc
  • 7. Wordsmith v1: Additional Features 7 CeWL Integration Basic mangling (whitespace, specials, split on space) Specify minimum character length To lowercase[a-z]
  • 8. Wordsmith v1: Things we learned 8 Feedback from the community was incredible. Thank you! Top three requests: 1. More countries need to be available (v1 was US only) 2. Needs to be a way to introduce more/your own data 3. Limited to the English language
  • 9. Wordsmith v2 9 New CLI design Multi-language (13 so far! – UTF-8) Introduced religions Generate usernames Modular framework allows for user contribution and extensibility Geo-location data sets for over 230 countries!
  • 10. Data Sources Coverage: World Data types: Population, Religion, Languages, etc 10 www.cia.gov/library/publications/the-world- factbook/geos/print_[aa-zz].html Coverage: 13 languages (hunspell)
  • 11. Data Sources 11 Coverage: US Data Types: Sports teams, colleges Coverage: World Data Types: Landmarks and archeological sites Coverage: World Data Types: Religious texts
  • 12. Data Sources 12 Coverage: World Data Types: Roads, Cities, Counties Coverage: US Data Types: Popular first names. Last names Coverage: US Data Types: Area Codes, Zip Codes
  • 13. How to get Wordsmith 13 ❯ git clone https://github.com/skahwah/wordsmith.git ❯ cd wordsmith ❯ bundle install # (optional for CeWL integration) ❯ ruby wordsmith.rb wordsmith v2.0.7 Written by: Sanjiv "Trashcan Head" Kawa & Tom "Pain Train" Porter Twitter: @hackerjiv & @porterhau5 [*] Hello new wordsmither! [*] This script will remove the data/ directory in the current working directory. Enter 'y' to continue: y [*] Just need to unpack some files (Running: tar -xf data.tar.xz) [*] Unpack completed! [*] CeWL found: /usr/bin/cewl
  • 14. Files 14 ❯ ls -l -rw-r--r-- 1 user staff 3159 Oct 1 22:57 CHANGELOG.md drwxr-xr-x 2 user staff 4096 Oct 1 22:57 data -rw-r--r-- 1 user staff 50602888 Oct 1 22:57 data.tar.xz -rw-r--r-- 1 user staff 116 Oct 1 22:57 Gemfile -rw-r--r-- 1 user staff 1393 Oct 1 22:57 LICENSE -rw-r--r-- 1 user staff 7514 Oct 1 22:57 README.md -rwxr-xr-x 1 user staff 31081 Oct 1 22:57 wordsmith.rb • View README first, or check out –E option (examples) • wordsmith.rb: primary ruby script • data.tar.xz (~50 MB): compressed archive of data • data/ (~250 MB): data arranged in hierarchy
  • 15. Boundaries & Attributes 15 Boundaries (-I <input>) • Areas of the world to get words for • 249 countries and territories • States/Provinces • Cities • Custom regions Attributes (ex: -r -l) • Types of words to grab: • Cities • Colleges • Landmarks • Languages • Names • Roads • Religions • and more… ❯ ruby wordsmith.rb –I usa –r –l
  • 16. Structure 16 ❯ ls data/ abw afg ago aia ala alb and are arg arm ... wlf wsm yem zaf zmb zwe ISO ALPHA-3 Country Codes ❯ ls data/usa ak al ar az ca cia.txt co ct dc ... tx usa.yaml ut va vt wa wi wv wy States, Provinces, Counties, Municipalities ❯ ls data/usa/nc areacodes.txt charlotte cities.txt colleges.txt counties.txt ... Cities, Counties ❯ ls data/usa/nc/charlotte sports.txt Attributes (sports, colleges, roads, etc.) are .txt files
  • 17. Boundaries and Input 17 ❯ ruby wordsmith.rb –I usa [options] ❯ ruby wordsmith.rb –I usa-nc [options] ❯ ruby wordsmith.rb –I usa-nc-charlotte [options] ❯ ruby wordsmith.rb –I usa,can [options] ❯ ruby wordsmith.rb –I usa-sd,usa-nd,usa-co [options] -I for specifying input boundaries Can supply one or many boundaries ❯ ruby wordsmith.rb –I 10 [options] Providing a number (ex: 10) will select N most populous countries
  • 18. Regions 18 ❯ ruby wordsmith.rb –I europe [options] ❯ grep europe data/regions.csv europe,"Continent of Europe",ala alb and arm aut aze bel bgr bih blr che cyp cze deu dnk esp est fin fra fro gbr geo ggy gib grc hrv hun imn irl isl ita jey kaz lie ltu lux lva mco mda mkd mlt mne nld nor pol prt rou rus sjm smr srb svk svn swe tur ukr vat regions.csv contains custom grouping of boundaries Can see regions with -R option: ❯ ruby wordsmith.rb –R Alias: newengland Description: US - New England Members: usa-ct usa-me usa-ma usa-nh usa-ri usa-vt Alias: plains Description: US - Plains Members: usa-ia usa-ks usa-mn usa-mo usa-ne usa-nd usa-sd Alias: greatlakes Description: US - Great Lakes Members: usa-il usa-in usa-mi usa-oh usa-wi
  • 19. Attributes 19 ❯ ruby wordsmith.rb –I europe [options] ❯ ruby wordsmith.rb –h Main Arguments: -I, --input <input> Comma-delimited list of inputs Input Options: -a, --all Grab all options -b, --other Grab other miscellaneous attributes -e, --cia Grab demographics compiled by the CIA -c, --cities Grab all city names -f, --colleges Grab all college sports -l, --landmarks Grab all landmarks -v, --language Grab the most popular language(s) -N, --all-names Grab all first names and last names -G, --first-names Grab all first names -L, --last-names Grab all last names -F, --female-fnames Grab all female first names -M, --male-fnames Grab all male first names -p, --phone Grab all area codes -r, --roads Grab all road names -g, --religion Grab the most popular relgious text(s) -t, --teams Grab all major sports teams -u, --counties Grab all counties -z, --zip Grab all zip codes
  • 20. Attribute Examples 20 ❯ ruby wordsmith.rb –I usa-sd -z 57001 57002 57003 57004 ... Grab all zip codes for South Dakota ❯ ruby wordsmith.rb –I gbr-eng –r –c -l Ab Kettleby Abberley Abberton Abbess Roding ... Grab all roads, cities, and landmarks for England, GBR ❯ ruby wordsmith.rb –I asia -a Abas Abatan Abbeg Abejao ... Grab all attributes for Asia
  • 21. Child Nodes 21 ❯ ruby wordsmith.rb –I gbr –C Format: boundary-name : attribute1 attribute2 attribute3 etc. gbr : cities counties landmarks roads cia |-- gbr-sco : cities counties roads |-- gbr-wal : cities counties roads |-- gbr-eng : cities counties roads | |-- gbr-eng-su : cities counties roads | |-- gbr-eng-ch : cities counties roads | |-- gbr-eng-ex : cities roads | |-- gbr-eng-nt : cities counties roads | |-- gbr-eng-sk : cities roads | |-- gbr-eng-ca : cities counties roads | |-- gbr-eng-bu : cities counties roads | |-- gbr-eng-sx | | |-- gbr-eng-sx-east_sussex : cities counties roads | | |-- gbr-eng-sx-west_sussex : cities counties roads ... See the child nodes (-C) and their attributes of a given boundary
  • 22. Country Metadata 22 ❯ ls -l data/jpn/ -rw-r--r-- 1 user staff 32002 Aug 30 19:16 cia.txt -rw-r--r-- 1 user staff 13184 Sep 9 2016 cities.txt -rw-r--r-- 1 user staff 5608 Sep 9 2016 counties.txt -rw-r--r-- 1 user staff 107 Aug 30 19:36 jpn.yaml -rw-r--r-- 1 user staff 113672 Oct 1 21:10 landmarks.txt -rw-r--r-- 1 user staff 871994 Sep 9 2016 roads.txt ❯ cat data/jpn/jpn.yaml config: population: 126,702,133 language_1: Japanese religion_1: Shintoism religion_2: Buddhism The World Factbook: Population Official languages Most popular religions Most populous countries (ex: -I 25) Official languages (-v, --language) Most popular religions (-g, --religion)
  • 23. Religions 23 ❯ wc -l data/religion/* 28168 douay-rheims-parsed.txt 97682 king-james-bible-book-verse.txt 20190 king-james-bible-parsed.txt 42876 niv-bible-parsed-spanish.txt 34202 niv-bible-parsed.txt 7872 quran-parsed-eng.txt ❯ cat king-james-bible-book-verse.txt The First Book of Moses: Called Genesis Genesis1:1 1:1Genesis John3:16 3:16John ... ❯ cat king-james-bible-parsed.txt ... Jesuite Jesus Jether Jetheth Jethro ... (-g, --religion) Identified the most common religions • KJV Bible • NIV Bible • Douay Rheims • Quran ~ 200 countries are covered
  • 24. Languages 24 ❯ head –n 5 language-frequency.txt 83:English 38:French 29:Spanish 26:Arabic 11:Russian ❯ wc -l data/languages/*.txt 457097 arabic.txt 47866 bahasa.txt 110750 bengali.txt 115485 cedict.txt 466544 english.txt 72038 french.txt 585844 german.txt 338534 hebrew.txt 15990 hindi.txt 95152 italian.txt 47866 malay.txt 340235 portuguese.txt 379324 russian.txt 798915 spanish.txt 371169 turkish.txt (-v, --language) Identified the most common languages ~ 195 countries are covered
  • 25. Modular Design 25 ❯ ls data/usa/mn/ areacodes.txt colleges.txt fnames.txt landmarks.txt sports.txt cities.txt counties.txt lakes.txt roads.txt zipcodes.txt ❯ cat data/usa/mn/lakes.txt Aaron Abbey Acorn Adelman's Pond ... ❯ ruby wordsmith.rb –I usa-mn –b Aaron Abbey Acorn Adelman's Pond ... Modular design: - Easily extensible - Introduce your own .txt files (grab with –b option) - Contribute and help build the project
  • 26. Output Options 26 ❯ ruby wordsmith.rb –h <Input options snipped> Output Options: -o, --output FILE The filename for writing output -q, --quiet Don't show words, use with -o option -k, --min-length LEN Minimum length of word to include -n, --max-length LEN Maximum length of word to include -D, --complexity Words meet Windows default complexity -j, --lowercase Convert all words to lowercase -w, --specials Add words with special chars removed -x, --spaces Add words with spaces removed -y, --split Split words by space and add -m, --mangle Add all permutations (-w, -x, -y) -P, --prepend-phones Prepend state area codes to each word -A, --append-phones Append state area codes to each word -X, --prepend-zips Prepend zip codes to each word -Z, --append-zips Append zip codes to each word -W, --prepend-wordlist FILE Prepend words in FILE to each word -Y, --append-wordlist FILE Append words in FILE to each word
  • 27. Tweaking Output 27 ❯ ruby wordsmith.rb –I usa-dc –r Pennsylvania Ave. Name of a road generated for D.C. Mangle (-m): split words, remove specials, remove spaces ❯ ruby wordsmith.rb –I usa-dc –r -m Pennsylvania Ave. Pennsylvania Ave Pennsylvania Ave. Ave PennsylvaniaAve. PennsylvaniaAve ❯ ruby wordsmith.rb –I usa-dc –r –m –k 8 Pennsylvania Ave. Pennsylvania Ave Pennsylvania PennsylvaniaAve. PennsylvaniaAve Min Length (-k): specify minimum char length
  • 28. Tweaking Output 28 ❯ ruby wordsmith.rb –I usa-dc –r –m –D Pennsylvania Ave. Pennsylvania Ave PennsylvaniaAve. Windows Default complexity (-D): 8 char min, 3/4 cases ❯ ruby wordsmith.rb –I usa-sd –a –q –o SD.txt cities in ./data/usa/sd: 390 colleges in ./data/usa/sd: 37 counties in ./data/usa/sd: 66 landmarks in ./data/usa/sd: 16 fnames in ./data/usa/sd: 2319 areacodes in ./data/usa/sd: 1 roads in ./data/usa/sd: 15569 zipcodes in ./data/usa/sd: 394 religions: 145786 languages: 1107300 [*] 1252939 words written to: /opt/wordsmith/SD.txt Quiet output (-q), write results to file (-o sd.txt)
  • 29. Prepending & Appending 29 • Prepend or Append: • Zip codes (-X,-Z) • Area codes (-P,-A) • User-supplied wordlist (-W,-Y) https://arstechnica.com/tech-policy/2016/08/if-youre-an-alleged-drug-dealer-dont-use-asshole209-as-a-password/
  • 30. Prepending & Appending 30 ❯ cat years.txt 17 17! 2017 2017! years.txt: file I created with words I want to append ❯ ruby wordsmith.rb –I usa-sd –f -m –Y years.txt ... Augustana Augustana17 Augustana17! Augustana2017 Augustana2017! BlackHills BlackHills17 BlackHills17! BlackHills2017 BlackHills2017! ... Grab colleges (-f), mangle (-m), then append custom wordlist (-Y)
  • 31. Names 31 ❯ cat data/usa/fnames.txt James John Robert Michael Mary ... ❯ cat data/usa/lnames.txt Smith Johnson Williams Brown Jones ... • Most common baby names in each state since 1910 • -G: most common first names • -L: most common last names • -N: all names
  • 32. Username Generation 32 ❯ ruby wordsmith.rb –h <other options snipped> Username Generation Options: --filn FirstInitialLastName (bsmith) --fnln FirstNameLastName (bobsmith) --fnli FirstNameLastInitial (bobs) --lnfi LastNameFirstInitial (smithb) --lnfn LastNameFirstName (smithbob) --fidln FirstInitial.LastName (b.smith) --fndln FirstName.LastName (bob.smith) --truncate LEN Truncate username at LEN number of chars (bobsmi) --max-users LEN Max number of usernames to generate --name-depth LEN Num of first/last names to iterate over (default:100, 0 will get all) • Generate different username formats • Use --max-users and --name-depth to handle speed & volume
  • 33. Username Generation 33 ❯ ruby wordsmith.rb –I usa --fnln JamesSmith JamesJohnson JamesWilliams JamesBrown JamesJones JamesGarcia JamesMiller ... First name Last Name ❯ ruby wordsmith.rb –I usa --fndln James.Smith James.Johnson James.Williams James.Brown James.Jones James.Garcia James.Miller ... First name (dot) Last Name
  • 34. Username Generation 34 ❯ ruby wordsmith.rb –I usa –filn –-truncate 8 ... aDavis aRodrigu aMartine aHernand aGonzale aWilson aAnderso ... Truncate down to 8 characters ❯ ruby wordsmith.rb –I usa –lnfn –q usernames in ./data/usa: 10000 ❯ ruby wordsmith.rb –I usa –lnfn –q --name-depth 250 usernames in ./data/usa: 62500 ❯ ruby wordsmith.rb –I usa –lnfn –q --name-depth 1000 usernames in ./data/usa: 1000000 Adjust --name-depth to generate more usernames
  • 35.
  • 36. Ireland – Interesting Password Recoveries 36 • Cork1234 • Carlow123 • Dublin1234 • Seapoint1916 • Artane2016 • Templeroan2009 • Donegal56 • ParkLodge30! • Portishead01 • Tipperary2 • Larkfield18 • Wolseley2014 • Farriers40 • 5RotheAbbey
  • 37. Multinational Organization Results 37 • Organization has offices in USA, Australia and Canada • Unable to disclose total number of hashes Wordlist Hashcat run time Number of passwords recovered Top 10k (10k words) 4 sec Rockyou (14.4m words) 30 mins AUS, CAN, USA Wordlist (7.3m words) 13 mins 256 476 241 ruby wordsmith.rb -I aus,can,usa -a -j -q -m -o aus-can-usa-all-lowercase-q-m.txt
  • 38. Multinational – Interesting Password Recoveries 38 Australia: • Bayswater2017 • Primavera001 • Padstow123! • Queenslander2015 • Razorback1965 • Parramatta16 • Sydney201% Canada • !Matthew2222 • Canada1984 • Vancouver186 USA • Bernie424! • ColoradoSprings3! • ChicagoCubs2016 • BostonCeltics29 • Anakin2005s • Denean1973 • Cubbie221! • Metrocenter11
  • 39. KrbGuess using USA Usernames 39 ❯ ruby wordsmith.rb -I usa --filn --name-depth 10000 -q -o filn-usa- 260k.txt usernames in ./data/usa: 260000 ❯ java -jar krbguess.jar --realm corp.trevorforget.com --dict filn-usa- 260k.txt --server 10.10.10.10 --output corp-krbguess-1.log KrbGuess v0.21 by Patrik Karlsson <patrik@cqure.net> ==================================================== [INF] Found user: aAbraham@corp.trevorforget.com [INF] Found user: aAhmad@corp.trevorforget.com [INF] Found user: aAlam@corp.trevorforget.com [INF] Found user: aAli@corp.trevorforget.com [INF] Found user: aArcher@corp.trevorforget.com [INF] Found user: aBaker@corp.trevorforget.com [INF] Found user: aBeck@corp.trevorforget.com [INF] Found (locked/disabled) user: aBrown@corp.trevorforget.com ... <snipped> ... [INF] Finished guessing 260000 usernames in 469 seconds ❯ cat corp-krbguess-1.log | grep -i found | grep -v disabled | wc -l 505
  • 40. • Collecting and collating this data required the development of some parsers Parsers 40 ❯ git clone https://github.com/skahwah/wordsmith_parsers.git ❯ ls LICENSE cia-parsers landmark-parser osm-parsers README.md census-parsers names-parsers religion-parsers https://github.com/skahwah/wordsmith_parsers
  • 41. Future Work 41 • Data! – Diving deeper into OpenStreetMap – Popular song lyrics (h/t @pfizzell) – Got ideas? We’d love to hear them! • Skills – GIS – Multiple language speakers – Obscure website hunting & scraping • Design – Lookups based on coordinates – API? (h/t @pfizzell)
  • 42. Thank you! 42 Sanjiv Kawa @hackerjiv S R . P E N E T R A T I O N T E S T E R P S C / N C C G R O U P Tom Porter @porterhau5 S R . S E C U R I T Y C O N S U L T A N T F U S I O N X R E D T E A M https://github.com/skahwah/wordsmith