If you want to generate a wordlist of all possible combinations of 5 characters that could be used in a Portuguese password, assuming a simplified character set:
crunch 05 05 abcdeABCDE012345 | grep -iE '[a-zA-Z0-9]'
However, for a more targeted approach, incorporating known Portuguese words:
crunch 05 15 -t %%%%% -o wordlist.txt
Then manually or programmatically add known Portuguese words, names, and common passwords to wordlist.txt.
cat portuguese.txt portuguese_noaccent.txt | sort -u > core_portuguese.txt
Let's get practical. Assume you are performing a penetration test on a Portuguese-speaking organization. Here is a step-by-step workflow using standard Linux tools.
You must tailor your wordlist to the target's password policy. Brazilian corporate policies typically require:
Filtering command:
To only keep passwords that meet complex policies, use grep:
# Keep only lines with 1 uppercase, 1 lowercase, 1 digit
grep -P '^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).8,$' final_portuguese_wordlist.txt > policy_compliant.txt
john --wordlist=portuguese_wordlist.txt --rules=portuguese --format=NT hashes.txt
Effective wordlist work begins with high-quality raw data. Do not attempt to type words manually—that is futile. Instead, focus on these sources:
When doing portuguese password wordlist work, avoid these common mistakes:
| Mistake | Why it fails | Solution |
| :--- | :--- | :--- |
| Using European PT in Brazil | "Rapariga" means girl in PT; in Brazil, it is offensive slang. Users avoid it. | Separate wordlists for PT-PT and PT-BR. |
| Ignoringão õe | The nasal diphthongs are extremely common (mão, coração, pão). | Generate numeric replacements: p4o, c0r4c40. |
| Forgetting compound words | English uses spaces (birthday cake). Portuguese uses hyphens or merging (beija-flor). | Use sed 's/ /-/g' to create hyphen variants. |
