wordlistForger

Hello, Security Reseacher!

This tool wordlistForger is designed to help and speed up situations where you need realistic test data for security testing and automation. It will help you to create things like API keys, UUIDs, tokens, order IDs, invoice numbers, transaction IDs, coupon codes, etc. This would be super useful for testing brute-force logic, IDOR cases, and any situation where you need structured and predictable identifiers.

Install:

pip install wordlistforger

Alternate with Git

git clone https://github.com/m14r41/wordlistForger.git && cd wordlistForger && python wordlistForger.py -p ORD-2024-H2B7  --lock  ORD-  -l 20 --strict-case --live

Tools Switches And Argument Options:

Option / Flag	Description
-p, --pattern	(Required) Pattern used to generate strings. Give you word likewise have to generat (eg. aA99xx, ORD-192 api_keyxxxx
-l, --limit	(Required) Number of unique outputs to generate
--lock	Locks a fixed substring inside the pattern
--lock-mask	Mask to control fixed positions (x = random, other chars = fixed)
--strict-case	Enforces case sensitivity (lower stays lower, upper stays upper)
--match-pattern	Uses specific placeholders: n (numbers), x (hex), a (lower), A (upper)
-s, --seed	Set seed for reproducible results
-o, --output	Output file name (default: wordlist.txt)
--live	Print generate worlist live

Pattern Behavior

With vs Without --match-pattern

Pattern	Without --match-pattern	With --match-pattern	Details
xxxx	Random letters (a–Z)	Hex chars (0-9, a-f)	x becomes hex only in match mode
nnnn	Random letters (a–Z)	Digits (0-9)	n works only in match mode
aaaa	Letters (mixed case)	Lowercase only (a-z)	Match mode enforces lowercase
AAAA	Letters (mixed case)	Uppercase only (A-Z)	Match mode enforces uppercase
aA9x	Mixed letters/digits	Structured (lower + upper + digit + hex)	Precise control with match mode
1234	Digits only	Digits only	Numbers behave same in both modes
ABCD	Random case letters	Strict uppercase letters	Match mode respects pattern case

In summary :

Pattern	Without	With --match-pattern
xxxx	letters	hex
nnnn	letters	digits
aaaa	mixed case	lowercase
AAAA	mixed case	uppercase

Example of usage

Use Case	Command	What It Demonstrates
Basic generation	-p aaaa -l 10	Simple lowercase generation
Mixed case (default)	-p aaaa -l 10	Generates both lower + upper (no strict mode)
Strict case enforcement	-p aaaa -l 10 --strict-case	Forces only lowercase
Hex UUID-style	-p xxxxxxxx-xxxx -l 5 --match-pattern	Uses x as hex characters
Numeric only IDs	-p nnnnnn -l 20 --match-pattern	Uses n for digits
Fixed prefix (lock)	-p xxxx-xxxx -l 10 --lock 2026	Forces 2026 inside pattern
Position control (lock-mask)	-p AAAAAA -l 10 --lock-mask xxABxx	Forces specific positions (A, B)
Lock + mask combined	-p xxxx-xxxx -l 10 --lock 99 --lock-mask xx99xxxx	Combines both locking methods
Reproducible results	-p aaaa -l 10 -s 1234	Same output every run
Custom output file	-p aaaa -l 10 -o mylist.txt	Saves to custom file
Live output mode	-p aaaa -l 10 --live	Prints results instead of progress bar
API key generator	-p xxxxxxxxxxxxxxxxxxxxxxxx -l 5 --match-pattern -o keys.txt	Real-world API key format
MAC address	-p xx:xx:xx:xx:xx:xx -l 10 --match-pattern	Structured hardware IDs
Invoice IDs (strict format)	-p INV-AAAA-nnnn -l 20 --match-pattern --strict-case	Mixed structured format
Session tokens (reproducible)	-p xxxx-xxxx -l 10 --match-pattern -s 42	Debug-friendly generation
High-volume generation	-p nnnnnnnn -l 100000	Performance test
Live + output file	-p xxxx -l 10 --match-pattern --live -o live.txt	Console + file output
Complex enterprise ID	-p AAAA-xxxx-nnnn -l 50 --match-pattern --strict-case --seed 99 -o enterprise.txt	Combines multiple switches

Basics use case example ( i.e withut --match-pattern)

Generate API keys wordlist

python wordlistForger.py -p api_key7m9xq2kpl4 -l 10   --strict-case
python wordlistForger.py -p api_key7m9xq2kpl4 -l 10   --lock api_key --live

Generate Invoice ID

Generate ORDER ID

python wordlistForger.py -p ODER-ID-1943AC -l 10 --lock ODER-ID --live
python wordlistForger.py -p ODER-ID-1943AC -l 10 --lock ODER-ID --strict-case --live

Advance Use case: --match-pattern

Generate advance and more controlled wordlist with real types of data for pentesting in real word with switch : --match-pattern

1. Simple wordlist

python .\wordlistForger.py -p aaaa -l 5

aBcD
xYzA
mNoP
qRsT
uVwX

---

2. Lowercase words

python .\wordlistForger.py -p aaaa -l 5 --match-pattern

abcd
wxyz
lmno
pqrs
tuvw

---

3. Numbers only

wordlistForger -p nnnnnn -l 5 --match-pattern

482193
905321
118273
667200
902134

---

4. Hex strings

wordlistForger  -p xxxxxxxx -l 5 --match-pattern

a3f9c1e2
9b2c4d6f
0f1e2d3c
abcdef12
1234abcd

---

5. UUID format

wordlistForger  -p xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -l 5 --match-pattern

a3f9c1e2-9b2c-4d6f-0f1e-2d3cabcdef12
1234abcd-5678-9abc-def0-1234567890ab
deadbeef-cafe-babe-face-001122334455
abcdef12-3456-7890-abcd-ef1234567890
0f1e2d3c-4b5a-6978-8899-aabbccddeeff

---

6. Order IDs

wordlistForger -p ORD-nnnnnn -l 5 --match-pattern

ORD-482193
ORD-905321
ORD-118273
ORD-667200
ORD-902134

---

7. Invoice IDs

wordlistForger  -p INV-AAAA-nnnn -l 5 --match-pattern

INV-ABCD-1234
INV-WXYZ-5678
INV-QWER-9087
INV-ASDF-1122
INV-ZXCV-3344

---

8. API keys (short)

wordlistForger  -p xxxxxxxxxxxxxxxxxxxxxxxx -l 5 --match-pattern

a3f9c1e29b2c4d6f0f1e2d3c
abcdef1234567890deadbeef
1234abcd5678efab9abc0001
0f1e2d3c4b5a69788899aabb
ffeeddccbbaa998877665544

---

9. MAC addresses

wordlistForger  -p xx:xx:xx:xx:xx:xx -l 5 --match-pattern

a3:1f:9c:e2:4d:6f
9b:2c:4d:6f:0f:1e
de:ad:be:ef:ca:fe
ab:cd:ef:12:34:56
0f:1e:2d:3c:4b:5a

---

10. Coupon codes

wordlistForger -p SAVE-AAAA-nn -l 5 --match-pattern

SAVE-ABCD-12
SAVE-WXYZ-34
SAVE-QWER-56
SAVE-ASDF-78
SAVE-ZXCV-90

---

11. User IDs

wordlistForger -p user_nnnnn -l 5 --match-pattern

user_48219
user_90532
user_11827
user_66720
user_90213

---

12. Transaction IDs

wordlistForger -p TXN-xxxxxxxx -l 5 --match-pattern

TXN-a3f9c1e2
TXN-9b2c4d6f
TXN-deadbeef
TXN-abcdef12
TXN-1234abcd

---

13. License keys

wordlistForger  -p AAAAA-AAAAA-AAAAA -l 5

AbCdE-FgHiJ-KlMnO
XyZaB-CdEfG-HiJkL
MnOpQ-RsTuV-WxYzA
QrStU-VwXyZ-AbCdE
FgHiJ-KlMnO-PqRsT

---

14. Employee IDs

wordlistForger -p EMP-nnnn -l 5 --match-pattern

EMP-1023
EMP-4587
EMP-7765
EMP-9901
EMP-3342

---

15. Bank reference numbers

wordlistForger -p REF-nnnnnnnn -l 5 --match-pattern

REF-48219384
REF-90532177
REF-11827366
REF-66720055
REF-90213411

---

16. Tracking numbers

wordlistForger -p TRK-AAAA-nnnn -l 5 --match-pattern

TRK-ABCD-1234
TRK-WXYZ-5678
TRK-QWER-9087
TRK-ASDF-1122
TRK-ZXCV-3344

---

17. Serial numbers

wordlistForger -p SN-xxxx-xxxx -l 5 --match-pattern

SN-a3f9-c1e2
SN-9b2c-4d6f
SN-dead-beef
SN-abcd-1234
SN-0f1e-2d3c

---

18. Database IDs

wordlistForger -p ID-nnnnn -l 5 --match-pattern

ID-48219
ID-90532
ID-11827
ID-66720
ID-90213

---

19. Session tokens

wordlistForger -p xxxxxxxxxxxxxxxx -l 5 --match-pattern

a3f9c1e29b2c4d6f
9b2c4d6f0f1e2d3c
abcdef1234567890
0f1e2d3c4b5a6978
ffeeddccbbaa9988

---

20. Temporary passwords

wordlistForger -p Aaannn -l 5 --match-pattern

Abc123
Xyz456
Qwe789
Asd234
Zxc567

---

21. WiFi passwords

wordlistForger -p WIFI-xxxx-nnnn -l 5 --match-pattern

WIFI-a3f9-1234
WIFI-9b2c-5678
WIFI-dead-9087
WIFI-abcd-1122
WIFI-0f1e-3344

---

22. API tokens (long)

wordlistForger -p xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -l 5 --match-pattern

a3f9c1e29b2c4d6f0f1e2d3cabcdef12
9b2c4d6f0f1e2d3c1234abcd5678ef90
abcdef1234567890deadbeefcafebabe
0f1e2d3c4b5a69788899aabbccddeeff
ffeeddccbbaa99887766554433221100

---

23. Discount codes

wordlistForger -p SALE-AAAA-nn -l 5 --match-pattern

SALE-ABCD-12
SALE-WXYZ-34
SALE-QWER-56
SALE-ASDF-78
SALE-ZXCV-90

---

24. Gaming usernames

wordlistForger -p gamerAAA -l 5

gamerAbC
gamerXyZ
gamerQwE
gamerTyU
gamerUiO

---

25. Log filenames

wordlistForger -p log-2026-nnnn -l 5 --match-pattern

log-2026-1001
log-2026-2456
log-2026-7788
log-2026-9001
log-2026-3344

---

26. OTP codes

wordlistForger -p nnnnnn -l 5 --match-pattern

482193
905321
118273
667200
902134

---

27. Device IDs

wordlistForger -p DEV-xxxxxx -l 5 --match-pattern

DEV-a3f9c1
DEV-9b2c4d
DEV-deadbe
DEV-abcd12
DEV-0f1e2d

---

28. License plates

wordlistForger -p AA-nnnn-AA -l 5 --match-pattern

AB-1234-CD
XY-5678-ZW
QR-9087-AS
DF-1122-GH
ZX-3344-CV

---

29. Fixed prefix (lock)

wordlistForger -p xxxx-xxxx -l 5 --lock ACME

ACME-abcd
ACME-xYzA
ACME-qwer
ACME-lmno
ACME-uvwx

---

30. Mask control

wordlistForger -p AAAAAA -l 5 --lock-mask xxHRxx

abHRcd
efHRgh
ijHRkl
mnHRop
qrHRst

---

31. Reproducible dataset

wordlistForger -p nnnn -l 5 --match-pattern -s 42

1043
9275
6612
8801
3390

---

32. Live output

wordlistForger -p xxxx -l 5 --match-pattern --live

a3f9
9b2c
4d6f
0f1e
2d3c

---

33. Customer IDs

wordlistForger -p CUST-nnnnn -l 5 --match-pattern

CUST-48219
CUST-90532
CUST-11827
CUST-66720
CUST-90213

---

34. Subscription IDs

wordlistForger -p SUB-xxxx-nnnn -l 5 --match-pattern

SUB-a3f9-1234
SUB-9b2c-5678
SUB-dead-9087
SUB-abcd-1122
SUB-0f1e-3344

---

35. OAuth tokens

wordlistForger -p oauth_xxxxxxxxxx -l 5 --match-pattern

oauth_a3f9c1e2
oauth_9b2c4d6f
oauth_deadbeef
oauth_abcdef12
oauth_1234abcd

---

36. Cloud resource IDs

wordlistForger -p aws-xxxx-xxxx -l 5 --match-pattern

aws-a3f9-c1e2
aws-9b2c-4d6f
aws-dead-beef
aws-abcd-1234
aws-0f1e-2d3c

---

37. IoT device keys

wordlistForger -p iot-xxxxxxxx -l 5 --match-pattern

iot-a3f9c1e2
iot-9b2c4d6f
iot-deadbeef
iot-abcdef12
iot-1234abcd

---

38. Backup identifiers

wordlistForger -p BAK-2026-nnnn -l 5 --match-pattern

BAK-2026-1001
BAK-2026-2456
BAK-2026-7788
BAK-2026-9001
BAK-2026-3344

---

39. Audit log references

wordlistForger -p AUD-xxxx-nnnn -l 5 --match-pattern

AUD-a3f9-1234
AUD-9b2c-5678
AUD-dead-9087
AUD-abcd-1122
AUD-0f1e-3344

---

40. System session logs

wordlistForger -p SYS-nnnnnnnn -l 5 --match-pattern

SYS-48219384
SYS-90532177
SYS-11827366
SYS-66720055
SYS-90213411