An advanced wordlist/password generator combining CeWL-style web crawling, CUPP-style target profiling, Hashcat-compatible mutations, OSINT scraping, Markov generation, and more โ all in pure Python with a beautiful interactive TUI.
| Feature | Description |
|---|---|
| ๐ท Web Crawling | Static HTTP + optional headless JS rendering (Playwright). Configurable depth, delay, proxy |
| ๐ฏ Target Profiling | CUPP-style โ name, DOB, partner, pet, company โ personalized wordlists |
| ๐งฌ Mutation Engine | Leet speak, case variants, append numbers/symbols/years, reverse, duplicate |
| ๐ Hashcat Rules | Full .rule file parser: :, l, u, c, C, r, d, $X, ^X, sXY, TN |
| ๐ง Email Harvesting | RFC-compliant email extraction during crawl |
| ๐ OSINT Scraper | Extract keywords from Instagram, X (Twitter), LinkedIn, and GitHub profiles |
| ๐ Combo Attack | Merge two wordlists by concatenating every pair |
| ๐ญ Mask Generator | Pattern-based generation (?u?l?l?d?d โ Ab3c12) |
| ๐ก Wi-Fi Wordlist | ESSID/vendor-based password generation with common patterns |
| ๐ Locale Packs | Language-specific common passwords (EN, TR, DE, ES, FR, AR) |
| ๏ฟฝ Wordlist Analysis | Length histograms, charset breakdown, entropy, pattern detection |
| ๐ Chain Pipeline | Multi-step mutations: leet -> numbers(0-99) -> policy(min:8) |
| ๐ Recipe System | YAML-based automation: crawl โ profile โ mutate โ filter โ export |
| ๐งฌ Markov Generator | Train on wordlists, generate statistically probable passwords |
| ๐ก Policy Filter | Filter output by password requirements (min/max length, upper, digit, special) |
| ๏ฟฝ Alecto DB | Bundled default device credentials (routers, IoT, network gear) |
| ๐ฅ Dict Downloader | Fetch curated wordlists from SecLists by category |
| ๐ Dict Improver | Feed existing wordlists through the mutation engine |
| ๐ Deduplication | Exact + fuzzy (Levenshtein-based) dedup |
| ๐ค Multi-Format | Output: plaintext, JSON (with frequency), Hashcat rules |
| ๐จ Rich TUI | Beautiful colored interface powered by Rich โ no raw ANSI escape codes |
| ๐ Interactive REPL | Tab-complete shell โ mutate, export, analyze, profile without restarting |
git clone https://github.com/Azazelx0/grimoire.git
cd grimoire
pip install -r requirements.txt
pip install -e .grimoire # Interactive wizard (14 modes)
grimoire --help # Full flag referenceRunning grimoire without flags launches the interactive mode selector:
? Select mode
โฏ ๐ท Web Crawl โ Extract words from a URL
๐ฏ Profile Target โ CUPP-style personal profiling
๐ Improve Dict โ Mutate an existing wordlist
๐ฅ Download Lists โ Fetch curated wordlists
๐ Default Creds โ Dynamic default credentials database
๐ Combo Attack โ Merge two wordlists
๐ญ Mask Generator โ Pattern-based generation
๐ OSINT Scraper โ Social media profiling
๐ก Wi-Fi Wordlist โ ESSID/vendor-based passwords
๐ Locale Packs โ Language-specific passwords
๐ Analyze Wordlist โ Statistics & analysis
๐ Chain Pipeline โ Multi-step mutations
๐ Run Recipe โ Execute YAML recipe
๐งฌ Markov Generator โ Statistical password generation
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Update GRIMOIRE โ Pull latest from GitHub
# Basic crawl
grimoire --url https://example.com --depth 2 -o wordlist.txt
# With mutations + emails
grimoire --url https://target.com --depth 3 --emails --mutate --leet -o mutated.txt
# JS-heavy site (requires: pip install playwright && playwright install chromium)
grimoire --url https://spa-app.com --mode headless -o js-words.txt
# Authenticated + stealth
grimoire --url https://intranet.corp.com \
--cookie "PHPSESSID=abc123" \
--proxy socks5://127.0.0.1:9050 \
--random-ua --delay 1000 -o stealth.txt# Interactive
grimoire # โ select "Profile Target"
# Scripted
grimoire --profile "name=John last=Smith dob=1990 pet=Rex company=Acme" -o john.txt# Generate all ?u?l?l?d?d combinations (Aaa00-Zzz99)
grimoire --mask "?u?l?l?d?d" -o mask.txt
# Charsets: ?l=lower ?u=upper ?d=digit ?s=special ?a=allgrimoire --combo wordlist1.txt wordlist2.txt -o combined.txt# Scrape all platforms (Instagram, X, LinkedIn, GitHub)
grimoire --osint username -o keywords.txt
# Specify platforms
grimoire --osint username --osint-platforms github,xgrimoire --wifi-essid "NETGEAR42" --wifi-vendor netgear -o wifi.txtgrimoire --chain "leet -> case -> numbers(0-99) -> policy(min:8)" \
--file input.txt -o chained.txt# recipe.yml
name: corporate-pentest
steps:
- crawl: {url: "https://corp.com", depth: 3}
- profile: {name: John, company: Acme}
- mutate: [leet, case, numbers]
- policy: {min: 8, upper: 1, digit: 1}
- export: corporate-wordlist.txtgrimoire --recipe recipe.ymlgrimoire --markov-train wordlist.txt --markov-count 50000 -o markov.txtgrimoire --default-creds "cisco" # Search by vendor
grimoire --default-creds "" # Dump allgrimoire --stats wordlist.txtgrimoire --locale en,tr,de -o locale-words.txtgrimoire --mask "?l?l?l?l?d?d" --policy "min:6 upper:0 digit:1" -o filtered.txtgrimoire update # Automatically pulls latest from GitHub and reinstallsAfter any operation, GRIMOIRE drops into an interactive REPL with tab-completion:
grimoireโฏ help
| Command | Description |
|---|---|
help |
Show all commands |
stats / analyze |
Wordlist statistics + histogram |
export <file> |
Export wordlist |
mutate [--leet] [--case] [--numbers] |
Apply mutations |
profile |
Launch target profiling |
defcreds [search <vendor>] |
Browse default credentials |
download <category> |
Download wordlist category |
improve <file> |
Improve existing wordlist |
dedup [--fuzzy] |
Deduplicate |
policy min:8 upper:1 ... |
Filter by password policy |
load <file> |
Load wordlist from file |
save <file> |
Save wordlist |
set <key> <value> |
Change session setting |
clear |
Reset wordlist |
exit |
Quit |
| Feature | CeWL | CUPP | GRIMOIRE |
|---|---|---|---|
| Web crawling | โ | โ | โ (static + headless) |
| Target profiling | โ | โ | โ (enhanced) |
| Mutation engine | โ | Basic | โ (full + Hashcat rules) |
| Combo attack | โ | โ | โ |
| Mask generator | โ | โ | โ |
| OSINT scraping | โ | โ | โ |
| Wi-Fi wordlists | โ | โ | โ |
| Locale packs | โ | โ | โ (6 languages) |
| Wordlist analysis | โ | โ | โ (entropy, histograms) |
| Chain mutations | โ | โ | โ |
| Recipe system | โ | โ | โ (YAML automation) |
| Markov generator | โ | โ | โ |
| Policy filter | โ | โ | โ |
| Email harvesting | โ | โ | โ |
| Default creds DB | โ | โ | โ (dynamic fetcher) |
| Interactive REPL | โ | โ | โ (tab-complete) |
| Multi-format output | text | text | โ (txt/JSON/Hashcat) |
| Cross-platform | Ruby | Python | โ (Python, any OS) |
| No compilation | โ | โ | โ |
grimoire/
โโโ pyproject.toml # Package config โ `grimoire` command
โโโ requirements.txt # Core dependencies
โโโ grimoire/
โ โโโ cli.py # Click CLI with 40+ flags
โ โโโ banner.py # Rich Panel ASCII banner
โ โโโ wizard.py # 14-mode interactive selector
โ โโโ repl.py # Tab-complete REPL shell
โ โโโ crawler/ # Static + headless crawlers
โ โโโ extractor.py # Word/email/meta/JS extraction
โ โโโ mutator/ # Basic + Hashcat rules + combo
โ โโโ profiler.py # CUPP-style target profiling
โ โโโ default_creds.py # Default credentials dynamic DB
โ โโโ mask.py # Mask/pattern generator
โ โโโ osint.py # OSINT social scraper
โ โโโ wifi.py # Wi-Fi ESSID generator
โ โโโ locale_packs.py # Language packs
โ โโโ stats.py # Wordlist analysis
โ โโโ chain.py # Pipeline mutations
โ โโโ recipe.py # YAML recipe system
โ โโโ policy.py # Password policy filter
โ โโโ markov.py # Markov chain generator
โ โโโ dedup.py # Exact + fuzzy dedup
โ โโโ output.py # txt/json/hashcat writers
โ โโโ data/ # Locale packs + fallback data
โโโ docs/ # Reference documentation
โโโ examples/ # Usage scripts + rule files
MIT License. See LICENSE for details.
See CONTRIBUTING.md for guidelines.
GRIMOIRE โ Where words are forged into weapons. ๐ฎ