Pakistani Password Wordlist
This script is modular. It takes base keywords and applies "mutation rules" specific to Pakistani user behavior.
import itertools
import datetime
class PakistaniWordlistGenerator:
def __init__(self):
# Core pillars of Pakistani passwords
self.base_keywords = [
# National Identity
"pakistan", "pak", "paki", "islam", "islamabad", "karachi", "lahore",
"rawalpindi", "pindi", "multan", "quetta", "peshawar", "kashmir",
"green", "flag", "jinnah", "quaideazam",
# Religion & Spirituality
"allah", "muhammad", "bismillah", "rehman", "rahim", "malik",
# Cricket & Pop Culture
"cricket", "afridi", "babar", "rizwan", "shaheen", "wasim",
"ramiz", "shahid", "boom", "greenflag",
# Roman Urdu / Common Words
"jaanu", "jaan", "pyar", "mohabbat", "dil", "yaar", "zindagi",
"apna", "ghar", "dosti", "khush", "mehtab", "sher", "bacha",
# Tech / Generic
"password", "admin", "login", "user", "wifi", "ptcl", "jazz"
]
# Special numbers in Pakistani culture
self.sacred_numbers = ["786", "110", "92", "14"] # 92 is country code, 14 is Aug 14
# Common appendices
self.years = self.generate_years()
self.special_chars = ["!", "@", "#", "$", "."]
self.network_prefixes = ["0300", "0301", "0321", "0331", "0345"] # Common mobile prefixes
def generate_years(self):
current_year = datetime.datetime.now().year
return [str(y) for y in range(1970, current_year + 1)]
def mutate_case(self, word):
"""Generate variations of capitalization"""
return [word, word.upper(), word.capitalize(), word.lower()]
def append_numbers(self, word):
"""Append culturally relevant numbers"""
mutations = set()
# Simple numbers 0-9, 00-99
for i in range(100):
mutations.add(f"wordi")
mutations.add(f"wordi:02d") # leading zero (e.g., 01)
# Sacred Numbers
for num in self.sacred_numbers:
mutations.add(f"wordnum")
# Years
for year in self.years:
mutations.add(f"wordyear")
return mutations
def leet_speak_pak_style(self, word):
"""
Minimal leet speak (a=4, e=3) but focused on styles seen locally.
Example: pakistan -> p@kistan, pak1stan
"""
replacements =
'a': ['4', '@'],
'e': ['3'],
'i': ['1', '!'],
'o': ['0'],
's': ['$', '5'],
'h': ['#']
# Just doing simple first-level replacement for performance
leet_words = set()
for char, replacements_list in replacements.items():
if char in word:
for r in replacements_list:
leet_words.add(word.replace(char, r, 1)) # Replace first occurrence
# Common specific Pakistani l33t: P@kistan, P4kistan
if "pak" in word:
leet_words.add(word.replace("a", "@", 1))
leet_words.add(word.replace("a", "4", 1))
return leet_words
def generate_wordlist(self, output_file="pak_wordlist.txt"):
final_wordlist = set()
print(f"[*] Starting generation with len(self.base_keywords) base keywords...")
for keyword in self.base_keywords:
# 1. Case Mutations
case_variations = self.mutate_case(keyword)
for variant in case_variations:
# Add plain word
final_wordlist.add(variant)
# 2. Number Appending
num_variations = self.append_numbers(variant)
final_wordlist.update(num_variations)
# 3. Leet Speak
leet_variations = self.leet_speak_pak_style(variant)
final_wordlist.update(leet_variations)
# 4. Special Char Suffix (Common: pakistan!, pak@123)
for char in self.special_chars:
final_wordlist.add(f"variantchar")
# Combine with sacred number
final_wordlist.add(f"variantchar786")
# 5. Combinations (Two-word combos)
# Examples: "jaanu786", "pakcricket", "lovepakistan"
common_combo_keys = ["jaanu", "pyar", "dil", "pak", "love", "cricket"]
for word1 in common_combo_keys:
for word2 in self.base_keywords:
if word1 != word2:
combo = f"word1word2"
final_wordlist.add(combo)
final_wordlist.add(f"combo786") # High probability combo
# Save to file
print(f"[*] Generated len(final_wordlist) unique passwords.")
with open(output_file, "w", encoding="utf-8") as f:
for pwd in sorted(final_wordlist):
f.write(pwd + "\n")
print(f"[*] Wordlist saved to output_file")
# Run the generator
if __name__ == "__main__":
gen = PakistaniWordlistGenerator()
gen.generate_wordlist()
A Pakistani password list is most effective against weak, predictable human behavior. Here’s how to neutralize it. pakistani password wordlist
Imagine a penetration test against a large bank in Lahore. The tester uses a standard wordlist for three hours—zero hits. Then, they load a 50MB Pakistani password wordlist containing combinations like sbpkarachi, bankalhabib123, habibmetro, and johnsons456 (for Johnson & Johnson employees). Within 30 minutes, they crack 12% of the hashes, including: This script is modular
This demonstrates why ignoring localization is a critical oversight in defensive security. A Pakistani password list is most effective against
The creation of a password wordlist tailored to a specific demographic, such as Pakistani users, requires an understanding of the cultural, linguistic, and social context of the region. Password cracking tools often utilize wordlists to guess passwords by trying a large number of possibilities. A customized wordlist can be more efficient in certain contexts, but it also raises significant ethical and security concerns.
While specific lists targeting a nationality can be ethically problematic if used without authorization, security researchers analyze patterns to understand regional password behaviors. This analysis helps organizations enforce better password policies.