A modular tool for generating and managing wordlists used in dictionary attacks and security audits.
The tool supports two transformation modes: rule-based (similar to hashcat) and AI-powered generation.
- Google AI API key (for AI mode)
- uv package manager
- Rust toolchain (for building the transformation engine)
Rule-based wordlist generation:
# Basic usage with default settings
uv run cbwg.py -p passwords.txt -r resources/rules
# With custom configuration
uv run cbwg.py -p data.txt -r resources/rules --parser-config resources/config_files/parser_config.yml -o custom_wordlistAI-powered generation:
# Using API key directly
uv run cbwg.py -ai -p context.txt --api-key your_api_keyExample context file (context.txt):
CompanyName
password
login
2024
secure
database
server
Example output:
CompanyName2024
admin123
password!
adminpassword
CompanyNameAdmin
login2024
securepassword
databaseadmin
serverlogin
CompanyName123
admin2024
The tool supports YAML configuration files for fine-tuning behavior:
Parser Configuration (parser_config.yml):
min_length: 3
max_length: 20
pattern: "[a-zA-Z0-9]+"
include_numbers: true
preserve_case: false
exclude_words: ["the", "and", "or"]Source Configuration (source_config.yml):
binary_mode: false
encoding: "utf-8"
chunk_size: 4096Rule Engine Configuration (rule_config.yml):
rules_path: "resources/rules"
batch_size: 10000
verbose_logging: falseYou can set the Google API key as an environment variable:
export GOOGLE_API_KEY="your_api_key_here"
uv run cbwg.py -ai -p input.txtFor hashcat rules path:
export HASHCAT_RULES_PATH="/path/to/rules"
uv run cbwg.py -p input.txtTo set up the development environment, sync dependencies using:
uv syncThis project uses Ruff for linting and formatting.
To check for linting issues:
uvx ruff checkTo automatically format the code:
uvx ruff formatPackage management is handled using uv. Refer to the official documentation for additional commands and usage details.
To run tests:
uv run pytest