KEROX ARSENAL · L1 · WARM-UP UTILITIES

Wordsmith.

A smart, modular CLI for generating targeted password wordlists. Hand it a few base words — a name, a date, a pet — and it builds hundreds of plausible permutations through case transforms, a leet-speak engine, and length filtering. Pure Python standard library, no dependencies, runs anywhere there's a prompt.

LEVEL L1 · WARM-UP LANG PYTHON 3 · STDLIB ONLY INTERFACE TTY / CLI STATUS SHIPPING

GET IT SOURCE ↗

SEE IT RUN

One line in, a wordlist out.

wordsmith · tty1 DEMO

$ python wordsmith.py -w acme,falcon,2024 -l -m 4 -M 16
[*] base words loaded: ['acme', 'falcon', '2024']
acme
ACME
Acme
4cm7
falcon
FALCON
Falcon
f4lc9n
2024
# case transforms + leet (a→4 e→7 i→2 o→9 u→3), length-bounded

WHAT IT DOES

Built like a real pipeline.

Transformers

Case & leet engine

Generates lower / UPPER / Capitalised variants of every base word, then optionally swaps letters for look-alike digits (a→4, e→7, i→2, o→9, u→3).

Combinators

Word mixing · WIP

Intelligently combines base words and numbers with common separators (- _ .) to mirror how people actually build passwords.

Filters

Length & dedup

Drops duplicates and enforces --min / --max length bounds, so the list stays focused and fast to crack against.

I/O engine

Stdlib only

No requirements.txt, no virtualenv gymnastics. Clone, run, pipe the output straight into your cracker.

INSTALL & RUN

Clone it. Run it.

SHELL

# Python 3, standard library only — nothing to install
$ git clone https://github.com/keroxlabs/wordsmith.git
$ cd wordsmith

# basic — a few base words
$ python wordsmith.py -w yuvraj,biswal,2005

# advanced — leet on, bound length 8–16
$ python wordsmith.py -w yuvraj,biswal,2005 -l -m 8 -M 16

Options

Flag	Long	Description	Default
`-w`	`--words`	Comma-separated base words	required
`-m`	`--min`	Minimum password length	4
`-M`	`--max`	Maximum password length	12
`-l`	`--leet`	Enable leet-speak transforms	false
`-h`	`--help`	Show help and exit	—

UNDER THE HOOD

A modular data pipeline.

Wordsmith is built the way professional offensive tooling is: small stages, each doing one thing. Strings flow through transformers (case, leet), into combinators (mixing words and separators), through filters (dedup + length), and out the I/O engine to disk.

Wordsmith architecture — transformers, combinators, filters, I/O engine

USE Wordsmith is for authorized security testing and research — your own accounts, lab targets, and engagements you have written permission to run. Offense in the service of defense, same as the rest of the Kerox arsenal.