
-[ wyd.pl ]-

[ About ]

  In current IT security environments, files and services are often
  password protected. In certain situation it is required to get
  access to files and/or data even when they are protected and
  the password is unknown.

  wyd.pl was born out of those two of situations:

     1. A penetration test should be performed and the default
        wordlist does not contain a valid password
     2. During a forensic crime investigation a password protected
        file must be opened without knowing the the password.

  The general idea is to personalize or profile the available
  data about a "target" person or system and generate a wordlist
  of possible passwords/passphrases out of available informations.
  Instead of just using the command 'strings' to extract all the
  printable characters out of all type of files, we wanted to
  eliminate as much false-positives as possible. The goal was to
  exlude as much "unusable" data as possible to get an effective
  list of possible passwords/passphrases.


[ Options ]

  Usage: wyd.pl [OPTIONS] <file(s)|directory>

  Possible OPTIONS are:

  -o <file>    = The file where all extracted words will be written
                 to. If omitted, all words gets printed to STDOUT.

  -t           = Create separate files for each type. This option
                 required the -o <file> and creates single files
                 for each type. E.g. when <file> = 'list.txt'
                 and there are words found in MP3, plain-text and
                 HTML files, 'list.txt.mp3', 'list.txt.plain' and
                 'list.txt.html' will be created.

  -s <min-len> = When you have a lot of unsupported file formats, 
                 which are not ascii based, you can use this option 
                 to parse all unknown filetypes using the UNIX command 
                 'strings'. The parameter <min-len> is a number which
                 defines the minimum length of a printable sequence
                 of characters. All shorter sequences will be ignored.
                 The problem with 'strings' is, that it will detect a 
                 lot of useless "false-positives".

  -b           = Disable the removal of non-alpha chars at start of word
                 By default all non-alpha numeric characters at the 
                 beginning of a word are removed.

  -e           = Disable the removal of non-alpha chars at end of word
                 By default all non-alpha numeric characters at the
                 end of a word are removed.

  -f           = Disable inclusion of filenames (without extensions) in wordlist
                 By default, the filenames itself are also included in the
                 wordlist as they may contain product/project names, names
                 of songs (which do not have an IDv1/IDv3 tag), e.g.

  -v           = Enable debugging/verbose mode

  -n           = Do not wait for user input on missing modules/programs, just
                 continue


  <file(s)|directory> can be either a single file or directory or a list
  of files/directories.


[ Supported file types ]

  At the moment the following file types are supported:

   * plain
   * html
   * php (partially, no source scripts)
   * doc
   * ppt
   * mp3
   * pdf
   * jpeg
   * odt/ods/odp

  Additionally all unknown files with MIME type text/plain are 
  processed using the plain module.


[ Examples usages ]

  See 'docs/example-usage.txt'.


[ Writing modules ]

  Seee 'docs/writing_modules.txt'


[ Licence ]

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

  See 'docs/gpl.txt' for more information.


[ Authors ]

Max Moser <mmo@remote-exploit.org>
Martin J. Muench <mjm@remote-exploit.org>

http://www.remote-exploit.org


[ Contributors ] 

Harl <harl@marsmenschen.com>
Joshua D. Abraham <jabra@ccs.neu.edu>
