>_ wordlistlab.com

AI-powered wordlist generation
from any web context.

Paste a URL. We crawl, extract vocabulary and build a wordlist ranked by password probability using LLMs — with cultural permutations, year suffixes, and hashcat rules.

Free tier: 3/hour · 10/day. Max output: 500 words.

How it works

  1. Crawl. We fetch the site's HTML (max 2MB), strip scripts/styles, extract text.
  2. Extract. Tokenize, filter ES/EN stopwords, count frequency. Top 200.
  3. Rank with LLM. Claude analyzes the context and re-orders by likelihood of being a real password at that organization.
  4. Permute. Capitalized variants, year suffixes (2024-2026), common suffixes (!, 123, .), natural l33tspeak.
  5. Culture. Detects language and applies local patterns (Empresa.123, Empresa2024!).

API

Coming soon: paid API key to integrate wordlistlab.com into red team pipelines.

curl -X POST https://wordlistlab.com/generate.php \
  -d "url=https://target.com" \
  -d "format=json" \
  -H "Authorization: Bearer YOUR_KEY"

Authorized use only

This tool is intended for authorized red team engagements, pentesting with explicit scope, CTFs and defensive research. Don't use it against systems you don't have permission to audit.