BETTER WORD LISTS 
by slysnake 


We all know how bad proxies affect the progress of a security test but what about a dirty word list? A dirty word list can slow your test by running combos that have absolutely no chance of getting a hit. Enough of these in your word list and your test quality and the test length can be seriously affected. 

But the biggest problem with a dirty word list is the added burden put on your proxy list. Using good proxies to run un-usable combos exposes the proxies to the site more often and increases the likelihood that the proxy will be recognized and blocked. 

So, How to clean your word list? 

You will need Raptor III so download it from http://madmax.deny.de/products/raptor . There is also a great help file for the program so check it out. Open the program and load your word list by clicking on the folder icon and finding where your word list is stored. Then double click the word list you wish to clean. 

The first thing to do is to remove any spaces. Go to List Tools and scroll down to Remove Spaces. Just click it and it’s done. 

The second thing to do is to remove any duplicates. Use the same procedure. Go to List Tools and scroll down to Remove Duplicates. 

Next you will want to remove any mail list combos that may be in your word list. They will look something like this, Jon@mail.com:loser. These cannot be used in a normal word list but may be of value for a site that emails passes. So we will also discuss how to save those out as a separate word list. 

To remove mail list combos you will need to create a micro in the program. On the left side of the program click Filter. Now on the right side select the Custom Filters tab. Right click in the empty field and choose the Add option. A form will appear for you to fill in. This is the micro. 

First we will create a reference list. In Filter Name put in any name you wish to call this micro. Click Keep if. Under Filter Subject click [line]. Click has under the condition button. Under Amount click Any. Under Filter go to What and type in the @ symbol. If you read through it you will see it forms a sentence. “Keep if line has any @”. 

The @ sign is the key. 

Now press OK and you will see the new micro appear in the field under Custom Filters. Click the box to activate this micro. Then click Filter at the bottom. 

You will see a new list of combos showing in huge black filter box. Included in this list may be some perfectly good combos that contain the @ sign, like G@y:Boy. Scroll down through the list and delete these by highlighting, right clicking, and selecting delete. Then go to file on the top left and click "save as". Save this list as your mail list with whatever name you like, but be sure you know what it is so you can use it as your reference list. Then select Close all under the file menu. 

Reload your combo list, remove your last micro, and click Remove Duplicates on the left side of the program. On the right side there comes up Extended Remove Duplicates. Check Keep Original, Case Sensitive, Use Reference List, Use Active Wordlist, and Reload Clean List. 

There will be a new tab showing called Reference list. Open that tab and click add at the bottom. 

Find the file that has the mail list you saved and open it. It’s location should now appear in the reference list field. 

Go back to extended remove duplicates and click the remove duplicates button. This will take out all the mail list combos from your original list. 

On the top left of the program click File and Save. Then click Close all. 

Easy as that. Now you have a new mail list and a regular combo list free of mail list combos. You are ready to edit this list further. 

Further edit !! Yes, your word list may contain encrypted combos. Encrypted combos come from pass files and can not be used without decrypting them. If you want to try your hand at this you may save them out and give it a try later. 

The encrypted combo will look something like this. Joeblow:12hq375bGQ85J. Notice the pass part of the combo has 13 characters. That is the key. 

To do this cleaning once again press Filter on the left side of the program after you have loaded your new main combo list. On the right side of the program click the Custom Filters tab and uncheck everything there. Then click the Length Filter tab. In the User Name section set to min=1 and max=40. Under Password set to min=13 and max=13. 

Click Filter. 

You will see a new list of combos showing in black filter box. Delete the non-encryptions by highlighting, right clicking and selecting delete. Then go to file top left and click "save as". This is your encrypted combo list. You can use it to try your hand at john the ripper later. 

In Raptor select Close all. 

Then reload your combo list and click Remove Duplicates on the left side of the program. On the right side there comes up Extended Remove Duplicates. Check Keep Original, Case Sensitive, Use Reference List, Use Active Wordlist, and Reload Clean List. 

There will be a new tab showing called Reference list. Open that tab and click add at the bottom. 

Find the file that has the encryptions you saved and open it. It’s location should now appear in the reference list field. 

Go back to extended remove duplicates and click the remove duplicates button. This will take out all the encryptions. 

On the top left of the program click File and Save... VOILA!! You have a list with no encryptions, email, or duplicates. It’s clean!!!! 

You may want to use the same procedure listed above to remove other combos with unusual symbols such as @”*#.!, etc. It’s up to you. 

Now you can use your nice clean list for quality testing. Or you can further modify it to fit a specific billing company. Billing companies often put length restrictions on their passwords. For example; If a billing company restricts passwords to more than eight characters then it makes no sense to test the site with a password of six characters. 

First go to the join area of your target site. There it will tell you if there are any restrictions. To modify your word list to accommodate these restrictions you simply go to the Length Filter of Raptor and enter the relevant numbers. Be sure to save as a new word list or you will over write your original and lose it forever. You can always delete your new, temporary word list later. 

That’s it!!!! Hope this helps you get more hits, faster. The procedure can be done fairly quickly once you get the hang of it. And it does help quite a bit. 

Thanks goes to oly of securibox who taught me how to do this. 

Sly