OSINT-based password dictionary generator for authorized security testing
Project description
keygen-dictionary
OSINT-based password dictionary generator for authorized security testing.
Takes personal data (name, date of birth, address, domain, etc.) and produces a targeted wordlist sorted by Shannon entropy — human-like combinations first.
Warning For authorized use only. Only use against systems you own or have explicit written permission to test. The author is not responsible for misuse.
Features
- Interactive mode with guided prompts (
questionary) - One-liner CLI mode via flags — scriptable, no prompts
- YAML config file support for repeatable target profiles
--config-saveto dump session inputs to YAML for reuse- Entropy sort — low-entropy (human-like) candidates first
- Leet speak variants — default
a→4 e→3 i→1 o→0 s→5, fully overridable via--leetor config - Case variants —
.title(),.upper(),.capitalize()generated per token - Common suffixes seeded automatically (
!,123,1234,#1, …) - Min/max length filter to match real password policies
- Streamed output — RAM-safe even at combination level 3+
--dry-runto preview token count before committing-q / --quietfor clean output when piping or scripting
Installation
From source (recommended):
git clone https://github.com/ivanhuay/keygen-dictionary.git
cd keygen-dictionary
python3 -m venv .venv && source .venv/bin/activate
pip install -e .
Requirements: Python 3.10+
Usage
Interactive mode
Run with no flags to enter guided prompts:
keygen-dictionary
keygen-dictionary v1.0.0 — leave any field empty to skip
Combination level: 2
Min password length (0 = no limit): 8
Max password length (0 = no limit): 16
Full name: John Doe
Domain URL: example.com
Birth/important date (dd-mm-yyyy): 01-01-1990
...
Tokens collected : 169
Est. candidates : ~28,730
Sample : !, !!, #1, ...
Proceed with generation? (Y/n)
CLI mode
Pass any data flag to skip interactive prompts entirely:
keygen-dictionary \
--name "John Doe" \
--domain example.com \
--date 01-01-1990 \
--level 2 \
--min-length 8 \
--max-length 16 \
--output wordlist.txt \
--entropy-sort
Multiple values per field:
keygen-dictionary --name "John Doe" --name "Johnny" --additional "fido" --additional "chelsea"
Preview without generating:
keygen-dictionary --name "John Doe" --date 01-01-1990 --dry-run
Custom leet substitutions and quiet output for piping:
keygen-dictionary --name "John Doe" --leet "a:@,s:$" -q --output - | head -20
Config file mode
Create a YAML profile (see config.example.yaml):
name:
- "John Doe"
domain:
- "example.com"
date:
- "01-01-1990"
additional:
- "fido"
level: 2
min_length: 8
max_length: 20
leet_map: # optional — overrides default substitutions
a: "@"
s: "$"
Run against it:
keygen-dictionary --config target.yaml
Save current session inputs to YAML for later reuse:
keygen-dictionary --name "John Doe" --date 01-01-1990 --config-save target.yaml
CLI flags override config values when both are provided.
Output
Candidates are written one per line to pass.txt (or --output FILE).
With --entropy-sort / interactive sort prompt accepted, candidates are reordered
ascending by Shannon entropy — predictable, human-chosen patterns appear first.
This improves hit rate when using the list in a sequential attack.
All flags
usage: keygen-dictionary [-h] [--version] [--config FILE]
[--config-save FILE] [-q]
[--name NAME] [--domain DOMAIN] [--address ADDR]
[--date DATE] [--id ID] [--additional DATA]
[--level N] [--min-length N] [--max-length N]
[--output FILE] [--entropy-sort] [--dry-run]
[--leet MAP]
options:
--config FILE Load target data from YAML config file
--config-save FILE Save collected inputs to YAML after loading
-q, --quiet Suppress all output except final line count
target data (overrides --config):
--name NAME Full name (repeatable)
--domain DOMAIN Domain URL (repeatable)
--address ADDR Address (repeatable)
--date DATE Date dd-mm-yyyy (repeatable)
--id ID ID number (repeatable)
--additional DATA Additional keyword (repeatable)
generation options:
--level N Combination level (default: 2)
--min-length N Min password length
--max-length N Max password length
--output FILE Output file (default: pass.txt)
--entropy-sort Sort output by entropy (RAM-heavy)
--dry-run Show token/candidate count without generating
--leet MAP Custom leet substitutions e.g. "a:@,e:3,s:$"
Contributing
Issues and PRs welcome. See roadmap.md for planned work.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file keygen_dictionary-1.0.0.tar.gz.
File metadata
- Download URL: keygen_dictionary-1.0.0.tar.gz
- Upload date:
- Size: 13.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4cb66d81b06426f1427d67d68c112e456e7f27afa4a9c153c60081f47d71b811
|
|
| MD5 |
ac6ae320c741a9fde4b9c143b74e62a5
|
|
| BLAKE2b-256 |
034f06e9f2d2ed8215d0e5b36e38c180d92897c8491d136cc161e13faf30d5bf
|
File details
Details for the file keygen_dictionary-1.0.0-py3-none-any.whl.
File metadata
- Download URL: keygen_dictionary-1.0.0-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f48a76a25673991dd842a671781a50f0b2412b676b8adcdc7e60c0a3913bf2c3
|
|
| MD5 |
61e0ef4fbd9dc994fe71970548ab3791
|
|
| BLAKE2b-256 |
a6e0c380bb96d80caed85a28386c39ca8404ec7ca0e1c176358e998d23211991
|
