NAME

genpw-wordlist - Generate password with words from WordList::*

VERSION

This document describes version 0.010 of genpw-wordlist (from Perl distribution App-genpw-wordlist), released on 2024-01-23.

SYNOPSIS

genpw-wordlist --help (or -h, -?)

genpw-wordlist --version (or -v)

genpw-wordlist [--action=str|--list-patterns] [--case=str|-L|-U] [--config-path=path|-c|--no-config|-C] [--config-profile=profile|-P] [--format=name|--json] [--(no)naked-res] [--no-env] [--page-result[=program]|--view-result[=program]] [(--pattern=str)+|--patterns-json=json|(-p=str)+] [(--wordlist=perl::wordlist::modname_with_optional_args)+|--wordlists-json=json|(-w=perl::wordlist::modname_with_optional_args)+] -- [num]

See examples in the "EXAMPLES" section.

DESCRIPTION

Using password from dictionary words (in this case, from WordList::*) can be useful for humans when remembering the password. Note that using a string of random characters is generally better because of the larger space (combination). Using a password of two random words from a 5000-word wordlist has a space of only ~25 million while an 8-character of random uppercase letters/lowercase letters/numbers has a space of 62^8 = ~218 trillion. To increase the space you'll need to use more words (e.g. 3 to 5 instead of just 2). This is important if you are using the password for something that can be bruteforced quickly e.g. for protecting on-disk ZIP/GnuPG file and the attacker has access to your file. It is then recommended to use a high number of rounds for hashing to slow down password cracking (e.g. --s2k-count 65011712 in GnuPG).

OPTIONS

* marks required options.

Main options

--action=s

Default value:

"gen"

Valid values:

["gen","list-patterns"]
--case=s

Force casing.

Default value:

"default"

Valid values:

["default","random","lower","upper","title"]

default means to not change case. random changes casing some letters randomly to lower-/uppercase. lower forces lower case. upper forces UPPER CASE. title forces Title case.

--list-patterns

Shortcut for --action=list-patterns.

See --action.

--num=s, -n

Default value:

1

Can also be specified as the 1st command-line argument.

--pattern=s@, -p

Pattern(s) to use.

CONVERSION (%P). A pattern is string that is roughly similar to a printf pattern:

%P

where P is certain letter signifying a conversion. This will be replaced with some other string according to the conversion. An example is the %h conversion which will be replaced with hexdigit.

LENGTH (%NP). A non-negative integer (N) can be specified before the conversion to signify desired length, for example, %4w will return a random word of length 4.

MINIMUM AND MAXIMUM LENGTH (%M$NP). If two non-negative integers separated by $ is specified before the conversion, this specify desired minimum and maximum length. For example, %4$10h will be replaced with between 4 and 10 hexdigits.

ARGUMENT AND FILTERS (%(arg)P, %(arg)(filter1)(...)P). Finally, an argument followed by zero or more filters can be specified (before the lengths) and before the conversion. For example, %(wordlist:ID::KBBI)w will be replaced by a random word from the wordlist WordList::ID::KBBI. Another example, %()(Str::uc)4$10h will be replaced by between 4-10 uppercase hexdigits, and %(arraydata:Sample::DeNiro)(Str::underscore_non_latin_alphanums)(Str::lc)(Str::ucfirst)w will be replaced with a random movie title of Robert De Niro, where symbols are replaced with underscore then the string will be converted into lowercase and the first character uppercased, e.g. Dear_america_letters_home_from_vietnam.

Anything else will be left as-is.

Available conversions:

%l   Random Latin letter (A-Z, a-z)
%d   Random digit (0-9)
%h   Random hexdigit (0-9a-f in lowercase [default] or 0-9A-F in uppercase).
     Known arguments:
     - "u" (to use the uppercase instead of the default lowercase digits)
%a   Random letter/digit (Alphanum) (A-Z, a-z, 0-9; combination of %l and %d)
%s   Random ASCII symbol, e.g. "-" (dash), "_" (underscore), etc.
%x   Random letter/digit/ASCII symbol (combination of %a and %s)
%m   Base64 character (A-Z, a-z, 0-9, +, /)
%b   Base58 character (A-Z, a-z, 0-9 minus IOl0)
%B   Base56 character (A-Z, a-z, 0-9 minus IOol01)
%%   A literal percent sign
%w   Random word. Known arguments:
     - "stdin:" (for getting the words from stdin, the default)
     - "wordlist:NAME" (for getting the words from a L<WordList> module)
     - "arraydata:NAME" (for getting the words from an L<ArrayData> module, the
       Role::TinyCommons::Collection::PickItems::RandomPos will be applied).

Filters are modules in the Data::Sah::Filter::perl:: namespace.

Can be specified multiple times.

--patterns-json=s

Pattern(s) to use (JSON-encoded).

See --pattern.

--wordlist=s@, -w

(No description)

Can be specified multiple times.

--wordlists-json=s

See --wordlist.

-L

Shortcut for --case=lower.

See --case.

-U

Shortcut for --case=upper.

See --case.

Configuration options

--config-path=s, -c

Set path to configuration file.

Can actually be specified multiple times to instruct application to read from multiple configuration files (and merge them).

--config-profile=s, -P

Set configuration profile to use.

A single configuration file can contain profiles, i.e. alternative sets of values that can be selected. For example:

[profile=dev]
username=foo
pass=beaver

[profile=production]
username=bar
pass=honey

When you specify --config-profile=dev, username will be set to foo and password to beaver. When you specify --config-profile=production, username will be set to bar and password to honey.

--no-config, -C

Do not use any configuration file.

If you specify --no-config, the application will not read any configuration file.

Environment options

--no-env

Do not read environment for default options.

If you specify --no-env, the application wil not read any environment variable.

Output options

--format=s

Choose output format, e.g. json, text.

Default value:

undef

Output can be displayed in multiple formats, and a suitable default format is chosen depending on the application and/or whether output destination is interactive terminal (i.e. whether output is piped). This option specifically chooses an output format.

--json

Set output format to json.

--naked-res

When outputing as JSON, strip result envelope.

Default value:

0

By default, when outputing as JSON, the full enveloped result is returned, e.g.:

[200,"OK",[1,2,3],{"func.extra"=>4}]

The reason is so you can get the status (1st element), status message (2nd element) as well as result metadata/extra result (4th element) instead of just the result (3rd element). However, sometimes you want just the result, e.g. when you want to pipe the result for more post-processing. In this case you can use --naked-res so you just get:

[1,2,3]
--page-result

Filter output through a pager.

This option will pipe the output to a specified pager program. If pager program is not specified, a suitable default e.g. less is chosen.

--view-result

View output using a viewer.

This option will first save the output to a temporary file, then open a viewer program to view the temporary file. If a viewer program is not chosen, a suitable default, e.g. the browser, is chosen.

Other options

--help, -h, -?

Display help message and exit.

--version, -v

Display program's version and exit.

COMPLETION

This script has shell tab completion capability with support for several shells.

bash

To activate bash completion for this script, put:

complete -C genpw-wordlist genpw-wordlist

in your bash startup (e.g. ~/.bashrc). Your next shell session will then recognize tab completion for the command. Or, you can also directly execute the line above in your shell to activate immediately.

It is recommended, however, that you install modules using cpanm-shcompgen which can activate shell completion for scripts immediately.

tcsh

To activate tcsh completion for this script, put:

complete genpw-wordlist 'p/*/`genpw-wordlist`/'

in your tcsh startup (e.g. ~/.tcshrc). Your next shell session will then recognize tab completion for the command. Or, you can also directly execute the line above in your shell to activate immediately.

It is also recommended to install shcompgen (see above).

other shells

For fish and zsh, install shcompgen as described above.

CONFIGURATION FILE

This script can read configuration files. Configuration files are in the format of IOD, which is basically INI with some extra features.

By default, these names are searched for configuration filenames (can be changed using --config-path): /home/u1/.config/genpw-wordlist.conf, /home/u1/genpw-wordlist.conf, or /etc/genpw-wordlist.conf.

All found files will be read and merged.

To disable searching for configuration files, pass --no-config.

You can put multiple profiles in a single file by using section names like [profile=SOMENAME] or [SOMESECTION profile=SOMENAME]. Those sections will only be read if you specify the matching --config-profile SOMENAME.

You can also put configuration for multiple programs inside a single file, and use filter program=NAME in section names, e.g. [program=NAME ...] or [SOMESECTION program=NAME]. The section will then only be used when the reading program matches.

You can also filter a section by environment variable using the filter env=CONDITION in section names. For example if you only want a section to be read if a certain environment variable is true: [env=SOMEVAR ...] or [SOMESECTION env=SOMEVAR ...]. If you only want a section to be read when the value of an environment variable equals some string: [env=HOSTNAME=blink ...] or [SOMESECTION env=HOSTNAME=blink ...]. If you only want a section to be read when the value of an environment variable does not equal some string: [env=HOSTNAME!=blink ...] or [SOMESECTION env=HOSTNAME!=blink ...]. If you only want a section to be read when the value of an environment variable includes some string: [env=HOSTNAME*=server ...] or [SOMESECTION env=HOSTNAME*=server ...]. If you only want a section to be read when the value of an environment variable does not include some string: [env=HOSTNAME!*=server ...] or [SOMESECTION env=HOSTNAME!*=server ...]. Note that currently due to simplistic parsing, there must not be any whitespace in the value being compared because it marks the beginning of a new section filter or section name.

To load and configure plugins, you can use either the -plugins parameter (e.g. -plugins=DumpArgs or -plugins=DumpArgs@before_validate_args), or use the [plugin=NAME ...] sections, for example:

[plugin=DumpArgs]
-event=before_validate_args
-prio=99

[plugin=Foo]
-event=after_validate_args
arg1=val1
arg2=val2

which is equivalent to setting -plugins=-DumpArgs@before_validate_args@99,-Foo@after_validate_args,arg1,val1,arg2,val2.

List of available configuration parameters:

action (see --action)
case (see --case)
format (see --format)
naked_res (see --naked-res)
num (see --num)
patterns (see --pattern)
wordlists (see --wordlist)

ENVIRONMENT

GENPW_WORDLIST_OPT

String. Specify additional command-line options.

FILES

/home/u1/.config/genpw-wordlist.conf

/home/u1/genpw-wordlist.conf

/etc/genpw-wordlist.conf

EXAMPLES

Generate some passwords from the default English (EN::Enable) wordlist

% genpw-wordlist -w ID::KBBI -n8

Generate some passwords from Indonesian words

% genpw-wordlist -w ID::KBBI -n8

Generate some passwords with specified pattern (see genpw documentation for details of pattern)

% genpw-wordlist -w ID::KBBI -n5 -p '%w%8$10d-%w%8$10d-%8$10d%w'

HOMEPAGE

Please visit the project's homepage at https://metacpan.org/release/App-genpw-wordlist.

SOURCE

Source repository is at https://github.com/perlancar/perl-App-genpw-wordlist.

AUTHOR

perlancar <perlancar@cpan.org>

CONTRIBUTING

To contribute, you can send patches by email/via RT, or send pull requests on GitHub.

Most of the time, you don't need to build the distribution yourself. You can simply modify the code, then test via:

% prove -l

If you want to build the distribution (e.g. to try to install it locally on your system), you can install Dist::Zilla, Dist::Zilla::PluginBundle::Author::PERLANCAR, Pod::Weaver::PluginBundle::Author::PERLANCAR, and sometimes one or two other Dist::Zilla- and/or Pod::Weaver plugins. Any additional steps required beyond that are considered a bug and can be reported to me.

COPYRIGHT AND LICENSE

This software is copyright (c) 2024, 2020, 2018 by perlancar <perlancar@cpan.org>.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

BUGS

Please report any bugs or feature requests on the bugtracker website https://rt.cpan.org/Public/Dist/Display.html?Name=App-genpw-wordlist

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.