cred-guesser
The cred-guesser is an LLM-driven password candidate generator designed for authorized red-team engagements within Canva automated security workflows. It analyses a set of recovered credentials for a given domain and proposes per-user password variations along with domain-wide patterns, accelerating credential validation steps in offensive security operations.
Ideal Use Cases & Fit
This tool excels in authorized penetration testing and adversary-simulation scenarios where an operator already has a foothold of valid or leaked credentials and needs to expand coverage across an organisation. It is particularly effective when paired with credential-spraying tools such as hydra or login-checker, providing high-quality guesses that reflect the target organisation's observed naming and rotation patterns. It is not appropriate for unauthorised use, for environments with strict lockout policies that would be triggered by additional attempts, or when no seed credentials are available to anchor the analysis.
Value in Workflows
Integrating cred-guesser into security workflows adds an intelligence layer between credential recovery and credential validation. It fits naturally after data-leak parsing or initial-access stages, where seed credentials become available, and before brute-force or login-checker stages, where the generated candidates are validated against live services. By learning patterns from the input set (year suffixes, seasonal rotations, capitalisation conventions), it dramatically reduces the candidate space compared with generic wordlists, producing more relevant guesses with fewer attempts and lower noise on the target.
Input Data
The cred-guesser accepts the following input data:
- Format: JSON file
- Function: Provide seed credentials and the target domain for pattern analysis
- Required fields:
domain(string),credentials(array of{username, password}objects) - Example:
creds.jsoncontaining{"domain": "example.com", "credentials": [{"username": "jdoe", "password": "Summer2024!"}]}
The output is a JSON file containing per-credential suggested_passwords, a domain_analysis block with observed patterns and top domain-wide candidates, and a stats block describing the model and call counts used during generation.
Configuration
- variations-per-cred: Number of password variations to generate per input credential. Defaults to
5. Increase for broader coverage at higher LLM cost; decrease for faster, more targeted runs.
Updated: 2026-05-21