explaingit

chinaran0/wujing_dic

Analysis updated 2026-06-24

18JavaScriptAudience · ops devopsComplexity · 2/5LicenseSetup · easy

TLDR

Chrome extension that builds weak-password wordlists for authorized pentests from the current domain. Strips country suffixes, supports pinyin, and offers nine pattern rules with year ranges.

Mindmap

mindmap
  root((wujing_dic))
    Inputs
      Current domain
      Custom keywords
      Year range
    Outputs
      Wordlist preview
      Copy to clipboard
      Text file
    Use Cases
      Authorized pentest
      CTF prep
      Defensive review
    Tech Stack
      JavaScript
      Chrome Extension
      Pinyin
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Generate a starter wordlist from a target's domain during an authorized pentest

USE CASE 2

Build a CTF-prep dictionary that mixes a team name with year and punctuation patterns

USE CASE 3

Audit your own organization's password policy by trying common name plus year forms

USE CASE 4

Add Chinese keywords and let the extension expand them via pinyin

What is it built with?

JavaScriptChrome

How does it compare?

chinaran0/wujing_diccyizeredev/epmsgeanofeefoundry/geanos-gdsa-qol
Stars181818
LanguageJavaScriptJavaScriptJavaScript
Setup difficultyeasymoderatemoderate
Complexity2/53/52/5
Audienceops devopsdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires loading an unpacked Chrome extension in developer mode, and use is restricted to environments where you have written permission.

MIT license, free to use, modify, and redistribute as long as the copyright notice stays.

In plain English

This repository is a Chrome browser extension that generates weak-password wordlists for use in authorized penetration testing and security assessments. The author, writing in Chinese, names it Wujing Sword and is clear in the disclaimer that it is meant for jobs where the tester has permission from the target, for capture-the-flag style exercises, and for defensive research, not for breaking into systems without consent. The core idea is that organizations often pick passwords made from their own name plus a year or a common suffix, so a tester can guess them quickly with a list built from the right starting words. The extension reads the domain the user is currently on, pulls out a short keyword from it, and then combines that keyword with years and other patterns to produce a list of candidate passwords. Domain handling has a few useful behaviors. It strips common second-level country suffixes like .com.cn.edu.cn.gov.cn.co.uk, and .co.jp, so for example lydx.edu.cn becomes the keyword lydx. Plain IP addresses are skipped. The user can also add their own custom keywords, separated by commas. Chinese keywords are automatically converted to pinyin (so the university name Linyi Daxue turns into linyidaxue), and English words are kept as-is. Duplicates are removed. The extension offers nine generation rules, each producing a different pattern such as keyword@year, Keyword@year, keyword with no separator and a year, keyword with various punctuation between it and the year, account prefixes like root@keyword or sa@keyword, the reversed year@keyword form, and patterns that add common email suffixes like @qq.com or @163.com. Every rule can be output in lowercase, with a leading capital, or all uppercase, with the all-caps form behind a global toggle. Installing it is the usual unpacked-extension flow: clone or download the project, open chrome://extensions, turn on developer mode, click Load unpacked, and pick the weak-password-dict folder. Once running, the user can adjust the year range (default 2010 to 2026), edit four lists of suffixes with a restore-defaults option, copy all results at once, and download them as a text file with duplicates already removed. The license is MIT.

Copy-paste prompts

Prompt 1
Load wujing_dic as an unpacked Chrome extension and explain each of the nine generation rules
Prompt 2
Add a tenth rule to wujing_dic that places a special character between every keyword character
Prompt 3
Modify wujing_dic to also strip newer country suffixes like .com.au and .co.nz
Prompt 4
Export wujing_dic output and feed it into hashcat for a controlled, in-scope password audit
Prompt 5
Extend wujing_dic to load a custom suffix list from a JSON file in the extension folder

Frequently asked questions

What is wujing_dic?

Chrome extension that builds weak-password wordlists for authorized pentests from the current domain. Strips country suffixes, supports pinyin, and offers nine pattern rules with year ranges.

What language is wujing_dic written in?

Mainly JavaScript. The stack also includes JavaScript, Chrome.

What license does wujing_dic use?

MIT license, free to use, modify, and redistribute as long as the copyright notice stays.

How hard is wujing_dic to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is wujing_dic for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.