{"id":13531721,"url":"https://github.com/d4rckh/gorilla","last_synced_at":"2025-10-09T01:12:43.456Z","repository":{"id":54651927,"uuid":"522559944","full_name":"d4rckh/gorilla","owner":"d4rckh","description":"tool for generating wordlists or extending an existing one using mutations.","archived":false,"fork":false,"pushed_at":"2025-06-19T08:30:15.000Z","size":196,"stargazers_count":389,"open_issues_count":8,"forks_count":22,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-10-09T01:08:56.506Z","etag":null,"topics":["cracking","hash","hashcat","infosec","johntheripper","security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/d4rckh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"patreon":"d4rckh"}},"created_at":"2022-08-08T13:25:55.000Z","updated_at":"2025-09-30T08:27:15.000Z","dependencies_parsed_at":"2024-11-02T18:32:38.759Z","dependency_job_id":"01b4e276-1f1f-4477-8678-3180034177c1","html_url":"https://github.com/d4rckh/gorilla","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/d4rckh/gorilla","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d4rckh%2Fgorilla","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d4rckh%2Fgorilla/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d4rckh%2Fgorilla/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d4rckh%2Fgorilla/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/d4rckh","download_url":"https://codeload.github.com/d4rckh/gorilla/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d4rckh%2Fgorilla/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000726,"owners_count":26082894,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cracking","hash","hashcat","infosec","johntheripper","security"],"created_at":"2024-08-01T07:01:05.132Z","updated_at":"2025-10-09T01:12:43.436Z","avatar_url":"https://github.com/d4rckh.png","language":"Rust","funding_links":["https://patreon.com/d4rckh"],"categories":["Wordlist tools"],"sub_categories":["Generation/Manipulation"],"readme":"# gorilla\n\ngorilla is the ultimate wordlist tool packing a lot of amazing utilities like:\n- building wordlists based on patterns (like [crunch](https://github.com/jim3ma/crunch))\n- building wordlists based on common password/username formats (like [cupp](https://github.com/Mebus/cupp))\n- scrap a web page and build a wordlist from its words (like [cewl](https://github.com/digininja/CeWL))\n- extending existing wordlists using mutations (like [hashcat's rule based attack](https://hashcat.net/wiki/doku.php?id=rule_based_attack))\n\n\n## installing with cargo\n\nWith Rust's [Cargo](https://www.rust-lang.org/tools/install) installed, run `cargo install --git https://github.com/d4rckh/gorilla --branch main`\n\nYou should now be able to run `gorilla --help`\n\n## building with cargo\n\n```\ncargo build --release\n# the binary will be located in target/release folder\n```\n\n## computing passwords\n\nThe `--from-pattern`/`-p` argument is used to tell gorilla to compute passwords based on a pattern. \nFor example, the following command will print every single word containing 5 lowercase letters.\n\n```\ngorilla --from-pattern \"{a-z}{a-z}{a-z}{a-z}{a-z}\"\n```\n\nOther examples of patterns are `administrator{0-9}` (`administrator0` -\u003e `administrator9`); `hello_world{a-z}{0-9}` (`hello_worlda0` -\u003e `hello_worldz9`).\n\nIf you want to save the output to a file, you can use the `--output-file`/`-o` argument.\n\n![image](https://user-images.githubusercontent.com/35298550/183973643-3191f7a0-7dda-4e4f-8f10-eaaa4d748874.png)\n\nGorilla now also supports character sets. They are defined in `src/char_sets.rs`. Here are some examples of patterns that use them: `{l}` =\u003e a b c d ... z; `{u}` =\u003e A B C D ... Z; `{d}` =\u003e 1 2 3 4 ... 9; `{s}` =\u003e (space) ! \" # $ ... ~ \n\n## modifying existing wordlists using mutations/rules\n\nUsing the command line arguments you can do any mutation that is supported but you are only limited to only 1 set of mutations. A mutation set is a set of mutations applied to a word. Via the cli, mutations are supplied via the `--mutation`/`-m` argument.\n\n```\ngorilla --from-pattern \"administrator\" --mutation \"prepend:_\"\n```\n\n![image](https://user-images.githubusercontent.com/35298550/183973759-63dcc1c7-c32b-49b4-be68-838d99535f5a.png)\n\nUsually you will want to use the `--from-file`/`-i` argument instead of `--from-pattern` in this case to specify a wordlist instead of a single word, but to keep things simple, I will use that. \n\nThe above command takes in 1 word and outputs 1 word: `_administrator`. You can add multiple mutations using the same parameter.\n\n```\ngorilla --from-pattern \"administrator\" \\\n  -m \"prepend:_\" \\\n  -m \"append:{0-9}\"\n```\n\nThis once again takes 1 single word, but will output 10 different ones. Adding the `{0-9}` syntax to prepend \u0026 append will result in multiple words getting generated. The above command generates the following words.\n\n```\n_administrator0\n_administrator1\n_administrator2\n[.. snip ..]\n_administrator8\n_administrator9\n```\n\nIf we were to supply a wordlist via the `-i` file, we'd get back the amount of words we had in that wordlist times 10.\n\nSo far we only applied 1 single set of mutations. Usually you will want to combine multiple of these. This is done via the yaml files. You specify one using the `--mutations-file`/`-f` argument. An example one is located in `sets/simple.yml` file in this repo and it looks like this:\n\n```yaml\nname: simple\n\nmutation_sets:\n  - [ nothing ] # =\u003e word\n  - [ reverse ] # =\u003e drow\n  - [ remove_last_letter ] # =\u003e wor\n  - [ remove_first_letter ] # =\u003e ord\n  - [ uppercase_all ] # =\u003e WORD\n  - [ \"append:{0-9}\" ] # =\u003e word1, word2, word3\n  - [ \"2 append:{0-9}\" ] # =\u003e word11, word22, word33\n  - [ \"replace:o:0\", \"replace:a:4\", \"replace:e:3\" ] # =\u003e w0rd, h3ll0\n```\n\n![image](https://user-images.githubusercontent.com/35298550/183971400-d3bc2a5d-8620-4163-aa99-f34113dcbbf7.png)\n\nEach mutations file has to have a `name` and a `mutation_sets` value as shown in the example. The above mutation sets will generate, from a single word, 27 other words.\n\n```\nadministrator\nadministrator\nrotartsinimda\nadministrato\ndministrator\nADMINISTRATOR\nadministrator0\n[.. snip ..]\nadministrator9\nadministrator00\n[.. snip ..]\nadministrator99\n4dministr4t0r\n```\n\nIf you'd like to check your mutation file for errors before using it, you can use the following syntax to parse and print the summary.\n\n```\ngorilla --mutations-file muts.yml \n```\n\n## scraping web pages for words\n\n(For now) you can only scrap a specific page for words and styles and script tags won't be removed, this wil be implemented in a future release of gorilla. \n\nYou can specify a page using the `--from-website`/`-w` argument. For example\n\n```\ngorilla --from-website https://example.org/\n```\n\n![image](https://user-images.githubusercontent.com/35298550/183974047-68fb86d4-a8a7-4b1e-9e27-0cf512c95988.png)\n\nThe above command will print every word from that website. You can add other arguments shown previously like `--mutations-file`/`-f`, `--mutation`/`-m` and of course `--output-file`/`-o` to save them (instead of printing).\n\n## conditional mutations\n\nYou can apply a set of mutations to specific words that meet certain conditions/condition. This only makes sense in yaml files. \n\nThe following mutations file will remove words that don't contain the string `admin`. Unlike the previous mutations, this can remove words.\n\n```yaml\nname: filtering_words\n\nmutation_sets:\n  - [ \"if_contains:admin\" ]\n```\n\nAnother example is the following, which will add an underscore only to words that are longer than 5 characters.\n\n```yaml\nname: conditional_mutation\n\nmutation_sets:\n  - [ \"if_length:\u003e5\", \"append:_\" ],\n  - [ \"! if_length:\u003e5\" ]\n```\n\nNotice we had to add another mutation set that begins with the negated version of the first if mutation because otherwise the words that are shorter than 6 characters will be removed.\n\n## other mutations\n\ngorilla supports many other mutations and since the tool is in early development it would be very painful to maintain a list of them here. If you are curious about the other mutations, you can check out the `Action` enum from `src/mutation.rs` file.\n\n## using common password/username formats to build wordlists \n\nFormats are defined in formatting sets via yaml files and are supplied to gorilla via the `--from-formatting`/`-q` argument. Currently there's only one formatting set made, it is located at `sets/formatting/basic_usernames.yml`. And it looks (similar) to this.\n\n```yaml\nname: basic_usernames\n\nfields:\n  - [ f_name ]\n  - [ l_name ]\n\nformatting_sets:\n  - [ \"{f_name}_{l_name}\" ]\n  - [ \"{l_name}{f_name}\" ]\n  - [ [\"{f_name}\", [1st_letter]], \"_{l_name}\" ]\n  - [ [\"{f_name}\", [1st_letter]], \"{l_name}\" ]\n```\n\nThe required fields are `name`, `fields` and `formatting_sets`. The `fields` value is the user's profile and it contains information that is later used in the `formatting_sets`.\n\nIf you run the set, you will be prompted for each field and the usernames will be generated.\n\n![image](https://user-images.githubusercontent.com/35298550/184354813-fd008441-3188-4ef6-98b0-9e4573956d8c.png)\n\n(of course, you can use the other arguments normally, like `--mutations-file`/`-f` to generate new words via mutations or `--output-file`/`-o` to save the words)\n\nEach formatting set is an array of strings that are later appended. So `[\"{f_name}\", \"{l_name}\"]` is equivalent to `[\"{f_name}{l_name}\"]`. Instead of a string, you can supply an array, this allows you to apply mutations that you have used before to extend wordlists.\n\n```yaml\n- [ \"{f_name}_\", [ \"{l_name}\", [ reverse ] ] ]\n```\n\nIf the `f_name` is `joe` and `l_name` is `doe`, the resulting formatting will generate `joe_eod`. Mutations useful in formatting sets are `remove_last_letter`, `remove_first_letter` and `1st_letter`\n\nIf you want to apply a formatting sets to many user profiles, you can use the `--with-csv`/`-c` argument to supply a CSV file. For the `basic_usernames` formatting set, the CSV should be formatted like this:\n\n```csv\nf_name,l_name\njoe,doe\njames,smith\nrobert,smith\n```\n\n![image](https://user-images.githubusercontent.com/35298550/184476337-f8f23f7d-0902-483c-9202-6866ad9e371d.png)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd4rckh%2Fgorilla","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd4rckh%2Fgorilla","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd4rckh%2Fgorilla/lists"}