Home > Dictionary recovery
Recovering passwords using Dictionary attack
01.03.2024
New blog post
Dumping the history of users' IP addresses in Windows
20.02.2024
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more
02.01.2024
Wireless Password Recovery v6.9.0
A revision of the GPU health monitor along with some minor updates
23.12.2023
HAPPY NEW YEAR!
Happy New Year greetings and holidays discount

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Password Recovery - dictionary attack


In contrast with a brute-force recovery, a dictionary attack only tries passwords from a given wordlist (dictionary). Generally, dictionary recovery succeed because many people have a tendency to choose passwords which single words in a dictionary, or are simple variations that are easy to predict.

Dictionary attack

On the Dictionaries tab, you should set up a list of wordlists to be used in the attack. Supported wordlists of the following: ASCII, UNICODE, and UTF8, as well as compressed dictionaries in PCD format, developed by our company. ZIP and RAR packed wordlist are supported as well with some restrictions. To deactivate a dictionary, simply clear the checkbox by its name. The program comes with a 280000-word dictionary. For the complete list of dictionaries, check out our wordlist collection. Or you can use our online dictionaries as an alternative.

The Filters tab filters the words from a dictionary by the include/exclude principle. If the inclusive filter is enabled, the attack will accept only the words that contain at least one of the characters entered in the filter. If the exclusive filter is set, the program will skip the words that contain at least one of the entered characters.

The Mutation tab allows setting all kinds of possible combinations of the words to be searched. For example, if you set a strong mutation, the program will create several hundreds of analogs for each word from the dictionary. For example, secret - Secret - s3cr3t - secret123, and so on. You can set up to three mutation levels.

You can use Dictionary generator to create your own wordlists based on options of the first three tabs.
 
Customizing mutations

The program allows customizing the smart mutation of the Dictionary attack. All mutation rules are clustered into 16 primary groups. You can set one of three mutation levels or disable mutation separately for each of the group.
Password mutation in dictionary attack

A simple description of what all these mutation groups mean is given below:

 
Group name Description Examples (for word 'password') Comments
Character case Checks case combinations of the input word. Password, PassworD, PaSsWoRd Maximal (Strong) level of the mutation group DOES NOT generate all possible case combinations of input words. To check all possible case variants, consider using Hybrid dictionary recovery (aN rule).
Digits append/prepend Adds digits to the beginning or to the end of the word. password99, 2Password, PASSWORD3 Maximal level adds 2 digits.
Head and tail Almost the same as the previous one, but appends or prepends words, abbreviations, characters, keyboard combinations, etc. #Password#, password12345, 4everPASSWORD, Passwordqwerty
 
l33t Creates different combinations using leet language. p@ssword, P@$$w0rd, P@$$W0RD
 
Abbreviation Converts several character combinations (if the initial word contains any) into abbreviations. ihateyou -> ih8you, Ih8u
 
Dups and revers Revers, duplicates the word, etc. drowssap, passwordpassword, PasswordDrowssap
 
Vowels and consonants Mutates vowels and consonants (English characters only). Psswrd, PaSSWoRD, pAsswOrd
 
Character skip Skips a single character of the original word. assword, Passwrd, Pasword
 
Character swap Exchanges two adjacent characters. apssword, Passowrd
 
Character duplicate Duplicates characters. ppasword, ppaasswwoorrdd, Passworddddd
 
Delimiters Separates characters with delimiters. p.a.s.s.w.o.r.d, P-a-s-s-w-o-r-d Maximal level uses 10 delimiters.
Dates Adds dates to the end of the word. Password2010, password1980 Even though the mutation engine can generate more complicated variations (for example, password03171998 or Password19710830), this feature if turned off here even in maximal mutation level.
Oemconversionn Converts English word into another language and vice-versa using alternative keyboard layout the (second language of the OS). It is recommended to set it off always for WPA password recovery. If your OS has 2 languages installed (let it be English and Russian), the program will convert initial word password into Russian зфыыцщкв, and Russian пароль will be converted into gfhjkm. The program works correctly for 2 or even more languages. So if you have 5 languages installed locally (including English one), there will be 4 different combinations of the input word.
Word shift Shifts all characters of the word to the right or to the left. asswordp, dpasswor  
 
Character substitution Replaces a character of the initial word. oassword, passqord This is quite helpful rule assuming the fact that the characters for substitution are taken from a special table. For example, the character 's' will be replaced with the following ones: 'a', 'w', 'e', 'd', 'x', 'z'. You can notice that all of these characters are located near 's' on any qwerty keyboard.
Length truncate Truncates word length to probe all possible length combinations. passwor, passwo, passw