Dark Mode On/Off

# How to create password brute force wordlist generator tool in Golang?

While trying to penetrate a web application, we often see passwords are a barrier to the sensitive information of a user or an organization. Now we need to bypass passwords somehow. So, there are mainly two approaches for us: either find a vulnerability in webapp authrising or guess (Brute Force) the right password.

Make sure you have installed Golang and properly set up the environment variable. Check out the Golang installation tutorial here.

### How to start make a Golang program?

Let's use some mathematics that we learnt in high school. Recall permutation and combination (P&C), here we have a list of characters and we have to choose some of them (=passwordLength) with every possible method (combination). Also for every method (combination) we can arrange those characters in many unique ways.

If we use this approach and use google we can find itertools module to make our work easy.

### 1. Start by creating a file `main.go` and import the required Golang packages:

• `fmt` - To print passwords.
• `strconv` - strings manipulation functions
• `strings` - To manipulate UTF-8 encoded strings.
• `github.com/ernestosuarez/itertools` - .permutation and combination of characters list
``````package main

import	(
"fmt"

// strings manipulation functions
"strings"

// convert string types to int types
"strconv"

// permutation and combination of charactersList
"github.com/ernestosuarez/itertools"
)``````

### 2. Declare variables in Golang

Now, we can declare required variables in the `main()` function.

• `passwordLenth` - length of generated password.
• `characters` - character to compose the password.
``````func main()  {

// character to compose the password
characters := "abcdefghijklmnopqrstuvwxyz0123456789!@#\$%^&*()+-./"

}``````

### 3. String manipulation in Golang

Here, both variables are supposed to be an array.

• `passwordLengthList` - split it into an array from every '`,`' character.
• `charactersList` - Use `characters` string to create an array of all characters.
``````func main()  {

// character to compose the password
characters := "abcdefghijklmnopqrstuvwxyz0123456789!@#\$%^&*()+-./"

// Split comma separated password length into slice.

// Splits a string into a list of strings.
charactersList := strings.Split(characters, "")

}``````

### 4. Create `for` loop in Golang

To generate passwords for all lengths in the array `passwordLengthList`, we need to use a `for` loop.

``````func main()  {

// character to compose the password
characters := "abcdefghijklmnopqrstuvwxyz0123456789!@#\$%^&*()+-./"

// Split comma separated password length into slice.

// Splits a string into a list of strings.
charactersList := strings.Split(characters, "")

// run permations for every password length.
for _, passLen := range passwordLengthList {

// convert integer strings to int.
passLenInt, err := strconv.Atoi(passLen)

// If an error is nil panic.
if err != nil {
panic(err)
}

}
}``````

### 5. Permutation and Combination in Golang

itertools provides a function that takes an array and length integer to calculate all different password strings that could be generated by these character arrays.

Take a look at this example use of itertools for reference.

``````func main()  {

iterable := []string{"1", "2", "3", "4"}

for v := range PermutationsStr(iterable, 3) {
fmt.Println(v)
}

}``````

### 7. Create brute force list generator in Golang

Let's use every piece to solve this puzzle to get a working program.

``````package main

import	(
"fmt"

// strings manipulation functions
"strings"

// convert string types to int types
"strconv"

// permutation and combination of charactersList
"github.com/ernestosuarez/itertools"
)

func main()  {

// character to compose the password
characters := "abcdefghijklmnopqrstuvwxyz0123456789!@#\$%^&*()+-./"

// Split comma separated password length into slice.

// Splits a string into a list of strings.
charactersList := strings.Split(characters, "")

// run permations for every password length.
for _, passLen := range passwordLengthList {

// convert integer strings to int.
passLenInt, err := strconv.Atoi(passLen)

// If an error is nil panic.
if err != nil {
panic(err)
}

// Prints a list of permutations of the characters.
for v := range itertools.PermutationsStr(charactersList, passLenInt) {

// Prints a string by joining all elements of the list.
fmt.Println(strings.Join(v, ""))

}

}
}``````

### Conclusion

In this tutorial we made a Golang program to generate a brute force wordlist with specific characters and length used.

Want to learn coding?
Try our new interactive courses.
Over 20,000+ students enrolled.