Password Attackswordlisttwitterpasswordcrackingruby

twofi

twofi generates custom word lists from Twitter searches for keywords related to password cracking. It takes multiple search terms and returns words sorted by most common first.

Description

When attempting to crack passwords, custom word lists are very useful additions to standard dictionaries. twofi expands on the idea from the '7 Habits of Highly Effective Hackers' blog by using Twitter to generate those lists based on searches for keywords related to the target list.

The tool accepts multiple search terms, either as comma-separated values or from a file, and optionally filters by users or usernames. It produces a sorted word list with the most common terms first, aiding in targeted password attacks.

twofi is a Ruby-based tool requiring ruby and ruby-twitter dependencies, installed via apt on Kali Linux.

How It Works

twofi leverages the Twitter API via the ruby-twitter gem to search for specified terms or from specified users. It collects words from search results, counts their frequency, applies filters like minimum word length, and outputs a sorted list of unique words by commonality. Configuration is handled via a YAML file, with verbose output available for debugging.

Installation

bash

sudo apt install twofi

Flags

--help, -hshow help

--config <file>config file, default is twofi.yml

--count, -cinclude the count with the words

--min_word_length, -mminimum word length

--term_file, -T <file>a file containing a list of terms

--terms, -tcomma separated search terms, quote words containing spaces, no space after commas

--user_file, -U <file>a file containing a list of users

--users, -ucomma separated usernames

--verbose, -vverbose

Examples

Display the help menu and usage information for twofi

twofi --help

Generate word list from Twitter searches for 'password' and 'login' terms, sorted by commonality

twofi --terms password,login

Search for quoted phrase 'admin login' and 'security', include word counts in output

twofi --terms 'admin login',security --count

Use terms from file, filter words to minimum length of 5 characters

twofi --term_file terms.txt --min_word_length 5

Search tweets from users 'hacker' and 'admin' with verbose output

twofi --users hacker,admin --verbose

Use user list from file and custom config file for Twitter API settings

twofi --user_file users.txt --config custom.yml

Generate words related to 'wifi' and 'router' with counts and min length 4

twofi --terms wifi,router --count --min_word_length 4

Updated 2026-04-16kali.org ↗