when i started with hashcracking i thought exact the same way. i thought: with a rule engine, it not neccesary any longer to have all these mutated words in my dictionary. what i need is a clean dictionary and then just add more rules. this will result in exactly the same and make my attacks much more efficient.
today i think different. sure, you can optimize out a lot of words, leading to quicker runs because less words. but you also loose a lot of potential password candidates. it is really hard to explain this experience. i try it with a single example and hope you get the whole picture out of it.
- this is from your view a "bad" word inside dictionary because its an email: honey@gmail.com
- here is a rule from rules/generated.rule: '5o0m
now run this in hashcat with --stdout and dont tell me you did expact that result
if you really want some more clean dictionary, i can recommand this one: wikipedia-wordlist-sraveau-20090325.txt
just google it. you will find it. its an dump from the wikimedia files and you can be sure, there is nearly no garbage in there.
today i think different. sure, you can optimize out a lot of words, leading to quicker runs because less words. but you also loose a lot of potential password candidates. it is really hard to explain this experience. i try it with a single example and hope you get the whole picture out of it.
- this is from your view a "bad" word inside dictionary because its an email: honey@gmail.com
- here is a rule from rules/generated.rule: '5o0m
now run this in hashcat with --stdout and dont tell me you did expact that result
if you really want some more clean dictionary, i can recommand this one: wikipedia-wordlist-sraveau-20090325.txt
just google it. you will find it. its an dump from the wikimedia files and you can be sure, there is nearly no garbage in there.