Dictionary-based attack detection with advanced normalization
This guide explains how to use PWDValidator, our high-precision password auditing tool.
It detects weak passwords by scanning them against multiple dictionaries — including standard dictionaries we already provide, plus any custom dictionaries the user wishes to add.
🚀 1. What PWDValidator Does
PWDValidator checks whether a password is weak by searching for:
-
❌ Exact dictionary matches
-
❌ Case-insensitive matches
-
❌ Substring matches (if meaningful length ≥ 4)
-
❌ Reversed-password matches
-
❌ Leet-speak equivalents (e.g.,
p4ssw0rd → password) -
❌ Stripped-digits edges (
123Tiger99 → Tiger)
If any dictionary match occurs, the password is classified as WEAK.
Useful for:
-
Enterprise onboarding
-
Password policy enforcement
-
Auditing user-submitted passwords
-
Pre-flight checks before storing credentials
📦 2. Usage
Basic syntax
Exit codes
-
0→ Password OK -
1→ Invalid usage -
2→ Weak password (dictionary match detected)
🧠 3. What Dictionaries Are Included
We ship standard dictionaries by default, including:
-
🔤 English common words
-
🔤 Weak-password lists
-
🔤 Known breach wordlists
-
🔤 Common name lists
-
🔤 Basic leetspeak variants
👉 Clients may add unlimited custom dictionaries simply by specifying them in the command line.
Example:
🛠️ 4. Matching Logic (explained simply)
PWDValidator evaluates multiple transformations of the password:
| Transformation | Example | Purpose |
|---|---|---|
| Lowercase normalized | Password → password |
Case-insensitive matching |
| Digit-stripped | 123Tiger99 → Tiger |
Detect padding |
| Reversed | wolf → flow |
Reverse-based guess attacks |
| Leet normalization | p4ssw0rd → password |
Real attacker behavior |
| Substring detection | sunshine1984 → sunshine |
Embedded weak words |
Each word in each dictionary is compared against several password variants — exactly like real attackers do during dictionary cracking attempts.
🔍 5. Real Client Examples
Check a password using our standard dictionaries
Add your own corporate dictionary
Massive dictionary check (multi-GB compatible)
📊 6. Progress Indicators
Large dictionaries show a real-time progress bar:
Useful for:
-
Big corporate dictionaries
-
Multi-GB breach lists
-
Monitoring long scans
🛡️ 7. Recommended Customer Workflow
Step 1 — Choose dictionaries
Use the ones we provide + add your own sensitive-term dictionary.
Step 2 — Run the validator
Step 3 — Interpret the result
✔ Strong
❌ Weak
📘 8. Best Practices for Enterprises
-
Add dictionaries containing:
-
internal project names
-
employee names
-
company acronyms
-
common internal terms
-
-
Keep dictionary files UTF-8 encoded
-
Avoid single-character or trivial entries
-
Never store passwords in dictionaries
-
Use strong passwords generated by PWDGenerator
🧭 9. Client Summary (Executive View)
-
✔ We include standard dictionary sets
-
✔ Client may add unlimited custom dictionaries
-
✔ Detects: exact matches, substrings, leet variants, reversed text, digit padding removal
-
✔ Works with UTF-8 passwords and massive dictionaries
-
✔ Produces a clear PASS/FAIL classification
-
✔ Enterprise-grade and attacker-realistic validation
