I have had various discussions with other forensics folks about password dictionaries and their use with my crowbar tools. So I am doing some experimentation using Automator plus shell script and perl script. I really think a lot of forensics folks who use Mac OSX forget or underestimate Automator. In my case I am using it to draft some password extraction tests.
You can download the automator app with a sample text file to run it on. You can get it from here:PasswordExtractor Automator
Of course it is easy for you to edit the automator app in Automator and see/edit my scripts. Here is a summary of what it does. And it becomes more clear if you run it on the included text file.
It has you select a file and runs it through strings. It sorts it and drops out duplicate strings. Then it runs that base dictionary file through a perl script several times each time is a slightly different variant. It is looking for certain flag strings then grabs all the remaining text on the line after that flag text and makes it into a stack of passwords.
It looks for all case insensitive occurrences of pw, pwd, pass and password and they can be followed by any of the three symbols. = – or :
It then takes the text following those text strings and starts at the first letter and dumps that to a line as a password and increments one letter at a time till it hits the full length.
So in essence if the password you really need is embedded in say a URL with pass=supersecretpassword then you will actually get a file where ONLY supersecretpassword occurs on a line in a dictionary. Perfect for your dictionary attack tools.