This Python script generates a custom username wordlist by combining base usernames with numbers and special characters in various patterns. The wordlist grows until it reaches a specified file size (default: 50MB).
-
"6" Different Username Patterns:
- Keyword + Number (e.g., "admin5")
- Number + Keyword (e.g., "3admin")
- Keyword + Special Character (e.g., "admin!")
- Special Character + Keyword (e.g., "@admin")
- Keyword + Number + Special Character (e.g., "admin5!")
- Special Character + Number + Keyword (e.g., "@5admin")
-
Customizable Base Usernames - Pre-loaded with common usernames
-
Size-Based Generation - Creates wordlist until target file size is reached
-
Special Characters - Includes common special characters for password complexity
Required Software:
- Python 3.x
- Required modules:
random,os(both come with standard Python)
Check Python Installation:
python3 --version
or
python --version
-
Save the Script:
-
nano username_generator.pyCopy and paste the script code, then save (Ctrl+X, Y, Enter)
-
Make Executable (Optional):
-
chmod +x username_generator.py
Basic Usage:
python3 username_generator.py
This will generate a 50MB wordlist at /home/kali/Desktop/username_wordlist.txt
Modify the last line in the script: generate_usernames(target_size_mb=100) # For 100MB wordlist
Change the wordlist_file variable in the script: wordlist_file = "/path/to/your/custom/location/wordlist.txt"
Modify Base Usernames:
Edit the base_usernames list to add your own:
base_usernames = [
"admin",
"root",
"your_custom_username",
"companyname",
# Add more as needed
]
Edit the special_characters list:
special_characters = ["!", "@", "#", "$", "%", "&", "*"]
Change the max_numbers value:
max_numbers = 100 # Will use numbers 0-99
admin5 3root user! @webmaster test9$ #5university
1. Security Testing:
hydra -L username_wordlist.txt -P password_list.txt ssh://target.com
medusa -h target.com -U username_wordlist.txt -P passwords.txt -M ssh
3. Custom Authentication Testing:
- Test username enumeration
- Brute force login pages
- Directory enumeration with common usernames
Hydra SSH Attack:
hydra -L username_wordlist.txt -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100
Medusa FTP Attack:
medusa -h 192.168.1.100 -U username_wordlist.txt -P common_passwords.txt -M ftp
Burp Suite Intruder:
- Load the wordlist into Burp Suite
- Use for username enumeration attacks
- Test for weak username/password combinations
Monitoring Generation: The script provides real-time feedback: Wordlist generated with size: 50.02 MB
1. Legal Usage:
- Only use on systems you own or have explicit permission to test
- Comply with all applicable laws and regulations
- Use for authorized security assessments only
2. Optimization Tips:
- Start with smaller sizes (10-20MB) for testing
- Tailor base usernames to your target environment
- Combine with other wordlists for comprehensive coverage
3. Storage Considerations:
- Large wordlists consume significant disk space
- Consider compression for long-term storage
- Clean up unused wordlists regularly
Common Issues:
-
Permission Denied:
sudo python3 username_generator.py -
Python Not Found
apt install python3 # On Debian/Ubuntu -
Insufficient Disk Space:
- Check available space:
df -h - Reduce target size or change output location
- Check available space:
- Generation time increases with target size
- 50MB typically takes 1-5 minutes depending on system
- Monitor system resources during generation
Add More Patterns:
Extend the pattern_type range and add new conditions:
elif pattern_type == 7:
# Keyword + Special Character + Number
number = random.randint(0, 9)
char = random.choice(special_characters)
username_combination = f"{username}{char}{number}\n"
Implement Multi-threading: For faster generation on multi-core systems (advanced users only).
Disclaimer: This tool is for educational and authorized security testing purposes only. Always ensure you have proper authorization before using wordlists against any system.