Creating a user name list for brute force attacks

Written on July 17, 2011

If you need to do a brute force attack against a particular service, you’ll need a couple of things. A good wordlist containing possible passwords, and a list of user names to try. It’s easy to get a password list on the Internet, but user lists often have to be customized for the target. You’ll need to do some research to find email addresses and employee names. Once you do have a list of names however, you’ll need to guess what the format of the login ID is for that user. John Doe could be johndoe, or john.doe, or jdoe, and so on.

Since having a proper user name list is just as important as having a good password list for a brute force attack, I’ve created a short script that will create a list of possible login IDs based on a person’s first and last name.

First gather the names of people you’ve found who might have a login account for the service you’re targetting. Each name should be on a line of it’s own:

Cloud Strife
Brian O'Connor
Sonic The Hedgehog

Now here’s the script that will create the possible login IDs: https://gist.github.com/superkojiman/11076951

Run the script by passing the file containing the first name and last name and you’ll get an output that looks like this:

cloudstrife
strifecloud
cloud.strife
strife.cloud
cstrife
scloud
c.strife
s.cloud
brianoconnor
oconnorbrian
brian.oconnor
oconnor.brian
boconnor
obrian
b.oconnor
o.brian
sonichedgehog
hedgehogsonic
sonic.hedgehog
hedgehog.sonic
shedgehog
hsonic
s.hedgehog
h.sonic

Now you have a user name list that can be passed as input to cracking tools like hydra, medusa, ncrack, and Metasploit. Using a good user name list is just as important as having a good password list. If a user’s password is in your password list but your user name list doesn’t contain the proper format of the user name, then you’re not going anywhere fast. The script is easily customizable, so if you think up of any other possible formats, feel free to add it in.