mentalist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
Top Related Projects
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
Password cracking rules for Hashcat based on statistics and industry patterns
World's fastest and most advanced password recovery utility
CeWL is a Custom Word List Generator
Hashtopolis - distributed password cracking with Hashcat
Quick Overview
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can be used for creating dictionaries, fuzzing wordlists, or compressed wordlists for password cracking.
Pros
- User-friendly graphical interface for easy wordlist creation
- Supports various password construction techniques and patterns
- Integrates with popular password cracking tools like Hashcat
- Customizable and extensible for different use cases
Cons
- Limited to Python 2, which is no longer actively supported
- May require additional dependencies for full functionality
- Could potentially be used for malicious purposes if misused
- Limited documentation and community support
Getting Started
-
Clone the repository:
git clone https://github.com/sc0tfree/mentalist.git
-
Install dependencies:
pip install -r requirements.txt
-
Run Mentalist:
python mentalist.py
-
Use the graphical interface to create custom wordlists based on your specific needs and password patterns.
Competitor Comparisons
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Pros of SecLists
- Comprehensive collection of multiple types of lists for security testing
- Regularly updated with community contributions
- Well-organized directory structure for easy navigation
Cons of SecLists
- Large repository size may be overwhelming for some users
- Requires manual parsing and integration into tools
- Some lists may contain outdated or irrelevant entries
Code Comparison
SecLists (example from passwords/common-credentials/10-million-password-list-top-1000000.txt):
123456
password
12345678
qwerty
123456789
Mentalist (example generated output):
password123
password1234
password12345
password123456
password1234567
Summary
SecLists is a comprehensive collection of security-related lists, while Mentalist is a graphical tool for creating custom wordlists. SecLists offers a wide range of pre-made lists, but requires manual integration. Mentalist provides a user-friendly interface for generating tailored wordlists, but may not offer the same breadth of pre-existing lists as SecLists.
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
Pros of Probable-Wordlists
- Extensive collection of pre-generated wordlists
- Regularly updated with new lists and improvements
- Includes statistical analysis of password trends
Cons of Probable-Wordlists
- Limited customization options for generating specific wordlists
- Requires more storage space due to large pre-generated lists
- May include outdated or irrelevant entries in some lists
Code Comparison
Mentalist allows for custom wordlist generation:
from mentalist import Mentalist
m = Mentalist()
m.add_base_words(['password', 'admin'])
m.add_numbers(1, 100)
m.generate_wordlist('output.txt')
Probable-Wordlists doesn't have a code-based interface, but usage typically involves selecting and combining existing lists:
cat Top95Thousand-probable.txt Top304Thousand-probable.txt > combined_wordlist.txt
Summary
Probable-Wordlists offers a vast collection of ready-to-use wordlists with statistical insights, making it ideal for quick access to common password patterns. However, it lacks the flexibility of Mentalist, which allows for more tailored wordlist generation through code. Mentalist is better suited for creating specific, targeted lists, while Probable-Wordlists excels in providing comprehensive, pre-generated options for various scenarios.
Password cracking rules for Hashcat based on statistics and industry patterns
Pros of Hob0Rules
- Extensive collection of pre-built password rules and wordlists
- Regularly updated with new rules and patterns
- Designed for use with popular password cracking tools like Hashcat
Cons of Hob0Rules
- Less customizable for specific target profiles
- Requires more manual intervention to select appropriate rules
- May generate larger wordlists, potentially increasing cracking time
Code Comparison
Mentalist (Python):
def generate_wordlist(self):
wordlist = []
for word in self.base_words:
for rule in self.rules:
wordlist.append(rule.apply(word))
return wordlist
Hob0Rules (Rule file example):
$1 $3 $7
^1 ^3 ^7
$! $@ $#
Summary
Mentalist offers a more interactive and customizable approach to wordlist generation, allowing users to create targeted lists based on specific profiles. Hob0Rules, on the other hand, provides a comprehensive set of pre-built rules and wordlists, making it more suitable for broader password cracking attempts. While Mentalist focuses on Python-based wordlist generation, Hob0Rules primarily consists of rule files compatible with existing cracking tools.
World's fastest and most advanced password recovery utility
Pros of hashcat
- Highly optimized for GPU-based password cracking, offering superior performance
- Supports a wide range of hash types and attack modes
- Actively maintained with frequent updates and improvements
Cons of hashcat
- Steeper learning curve, especially for beginners
- Requires more computational resources, particularly GPU power
- Less focused on wordlist generation compared to Mentalist
Code comparison
Mentalist (Python):
def generate_wordlist(base_words, rules):
wordlist = set()
for word in base_words:
for rule in rules:
wordlist.add(apply_rule(word, rule))
return wordlist
hashcat (C):
static void generate_hash(u32 *digest, const u32 *w, const int len)
{
md5_ctx_t ctx;
md5_init (&ctx);
md5_update (&ctx, w, len);
md5_final (&ctx);
digest[0] = ctx.h[0];
digest[1] = ctx.h[1];
digest[2] = ctx.h[2];
digest[3] = ctx.h[3];
}
Summary
Hashcat is a powerful, GPU-optimized password cracking tool with broad hash support, while Mentalist focuses on wordlist generation and manipulation. Hashcat offers superior performance but requires more resources and expertise. Mentalist provides a more user-friendly approach to creating custom wordlists for password attacks.
CeWL is a Custom Word List Generator
Pros of CeWL
- Written in Ruby, which may be preferred by some developers
- Includes features for custom header manipulation and authentication
- Can generate lists based on metadata like email addresses
Cons of CeWL
- Less user-friendly interface compared to Mentalist
- Fewer customization options for word list generation
- Limited support for advanced password patterns and mutations
Code Comparison
Mentalist (Python):
def generate_wordlist(self, base_words, rules):
wordlist = set()
for word in base_words:
for rule in rules:
wordlist.add(rule(word))
return list(wordlist)
CeWL (Ruby):
def parse_page(page, url)
page.body.downcase.scan(/[a-z0-9]+/i).each do |word|
if word.length >= @min_word_length && word.length <= @max_word_length
@words[word] = @words.fetch(word, 0) + 1
end
end
end
Both tools aim to generate custom wordlists, but Mentalist offers a more comprehensive approach with its graphical interface and advanced customization options. CeWL, while powerful for web-based word extraction, has a more focused use case and may require more technical expertise to utilize effectively.
Hashtopolis - distributed password cracking with Hashcat
Pros of Hashtopolis
- More active development with frequent updates and contributions
- Broader functionality as a distributed hash cracking system
- Supports multiple hash types and cracking tools
Cons of Hashtopolis
- More complex setup and configuration
- Steeper learning curve for new users
- Requires more resources to run effectively
Code Comparison
Mentalist (Python):
def generate_wordlist(self):
wordlist = []
for word in self.base_words:
for mutation in self.mutations:
wordlist.append(mutation(word))
return wordlist
Hashtopolis (PHP):
public function getHashlist($hashlistId) {
$qF = new QueryFilter(Hashlist::HASHLIST_ID, $hashlistId, "=");
$hashlist = $this->hashlistFactory->filter([Factory::FILTER => $qF]);
return $hashlist;
}
Mentalist focuses on wordlist generation and password analysis, while Hashtopolis is a distributed hash cracking system. Mentalist's code is more straightforward, dealing with word mutations, whereas Hashtopolis involves database queries and more complex data handling for managing hash cracking tasks across multiple agents.
Mentalist is better suited for smaller-scale password analysis and wordlist creation, while Hashtopolis is designed for large-scale, distributed hash cracking operations. The choice between them depends on the specific use case and required functionality.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Mentalist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
For more information on installing and using Mentalist, please visit the wiki.
To get up and running quickly, download a prebuilt executable on the releases page.
Disclaimer
Mentalist should be used only for informational purposes or on authorized system audits. Do not use this tool to aid in illicit access to a system.
License and Contributions
Mentalist is under the MIT License.
Contributions are always welcomed! Please let me know if there's a specific piece of functionality that you'd like to see built-in to the next version of Mentalist.
Thanks
A special thanks to Craig Baker, who was instrumental in helping to develop the backend logic of Mentalist. Additionally, thank you to Shane Carlyon, whose Tkinter-fu was invaluable, and to Gregory Brewer, who contributed the artwork to this project.
Note on âSlang and Expletivesâ List
I apologize to anyone offended by the built-in list of Slang & Expletives
, compiled from a variety of sources. The reality is that some people use truly heinous words for their credentials and this list is meant to help crack them.
Future Work
- Ability to scrape sites as an attribute in the Base Words node.
- Add dictionaries and lists for more languages
- Add UK post codes to Append/Prepend Nodes
- Option to perform de-duplication of Base Words
- Mentalist Chain file differencing
Top Related Projects
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
Password cracking rules for Hashcat based on statistics and industry patterns
World's fastest and most advanced password recovery utility
CeWL is a Custom Word List Generator
Hashtopolis - distributed password cracking with Hashcat
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot