Back to Articles
Cybersecurity

Gorilla: A Rust-Powered Wordlist Generator That Replaces Your Entire Password-Cracking Toolkit

★ 391 Rust 95/100 May 12, 2026
Rob Ragan
Rob Ragan Offensive security researcher and AI agent architect. Founder of Starlog.
[ View on GitHub ]

Gorilla: A Rust-Powered Wordlist Generator That Replaces Your Entire Password-Cracking Toolkit

Hook

Security professionals typically juggle five different tools to generate a single custom wordlist—a Python script here, a Ruby crawler there, and hashcat rules to tie it all together. Gorilla replaces that entire workflow with one Rust binary.

Context

Password cracking and penetration testing workflows have long suffered from tool sprawl. Need to generate patterns? Reach for crunch. Scraping a website? Fire up CeWL. Applying mutations? Time for hashcat rules or John the Ripper. Each tool brings its own runtime dependency—Python 2.7 for CUPP, Ruby for CeWL, compiled C for crunch—and its own syntax quirks.

This fragmentation creates friction. A typical engagement might require installing three language runtimes, learning four different command syntaxes, and chaining outputs through intermediate files. Gorilla emerged from this pain point: what if one tool could handle pattern generation, web scraping, and mutations through a unified interface? Written in Rust for performance and memory safety, it consolidates the wordlist generation pipeline into a single, dependency-free binary that ships with modern conveniences like YAML-based configuration and parallel processing.

Technical Insight

Gorilla's architecture centers on three processing modes—pattern expansion, file mutations, and web scraping—all feeding into a shared mutation engine. The pattern syntax is deceptively powerful, combining character sets, numeric ranges, and literal values into compact expressions.

A pattern like {John,Jane}{2020-2023}{!,@} expands to eight permutations: John2020!, John2020@, John2021!, and so forth. Character sets use single-letter codes: {l} for lowercase, {u} for uppercase, {d} for digits, {s} for symbols, and {a} for all printable characters. You can specify repetition counts, so {l:4} generates all four-character lowercase combinations. This approach mirrors crunch's syntax but adds the ability to mix ranges and literals in the same pattern:

# Generate passwords combining a company name, years, and common suffixes
gorilla -p "AcmeCorp{2018-2024}{!,@,#,$}"

# Create username permutations with common separators
gorilla -p "{alice,bob,charlie}{_,.,-}{admin,user,dev}"

# Four-digit PINs from a specific range
gorilla -p "{1000-9999}"

The mutation engine applies transformations via command-line flags or YAML files. CLI mutations are straightforward—-u for uppercase, -c for capitalize, -r for reverse—but the real power lives in YAML configurations. A mutation file defines a pipeline of actions with conditional logic:

mutations:
  - action: append
    value: "123"
    if_length:
      min: 6
      max: 10
  
  - action: prepend
    value: "@"
    if_contains: "admin"
  
  - action: replace
    old: "a"
    new: "@"
  
  - action: capitalize
  
  - action: duplicate

This YAML would take a wordlist, append "123" only to words between 6-10 characters, prepend "@" to any entry containing "admin", perform leet-speak substitution on the letter 'a', capitalize the first letter, and finally duplicate each entry (useful for generating pairs). The conditional filters (if_length, if_contains) let you avoid generating bloated wordlists filled with nonsensical combinations.

Web scraping mode strips HTML to extract text content, automatically filtering out script tags, style sheets, and common HTML noise. While limited to single pages, it's perfect for targeted content extraction:

# Scrape company website and apply mutations
gorilla -w https://example.com -m mutations.yaml -o wordlist.txt

# Combine scraped content with patterns
gorilla -w https://example.com -p "{2020-2024}" -u -c

Performance optimization comes through the --pattern-threads flag, which parallelizes pattern expansion across CPU cores. Since pattern generation is CPU-bound and embarrassingly parallel, this can dramatically reduce generation time for large character sets. The Rust implementation handles memory efficiently—no intermediate Python objects or Ruby string allocations bloating RAM.

The architecture keeps mutation logic separate from generation logic, allowing you to pipe standard wordlists through Gorilla's mutation engine even if they originated elsewhere. This composability means Gorilla can slot into existing workflows as a replacement for specific tools rather than requiring full adoption.

Gotcha

Gorilla's early development status shows in several areas. The documentation explicitly warns that mutation features are incomplete and subject to change—meaning YAML configurations written today might break in future versions. There's no schema validation for mutation files, so syntax errors fail silently or produce cryptic runtime errors.

Web scraping hits a hard wall at single-page extraction. There's no recursive crawling, no sitemap parsing, no JavaScript rendering. If your target requires navigating multiple pages or executing client-side code to reveal content, CeWL's recursive mode or a dedicated crawler remains necessary. The HTML parsing strips scripts and styles but doesn't offer fine-grained CSS selectors to target specific page elements—you get everything or nothing.

CLI mutations are limited to single operations. Want to capitalize, append a number, and apply leet-speak in one command? You'll need a YAML file. The command-line interface doesn't support chaining mutations, which feels like a missed opportunity for quick one-off transformations. Additionally, there's no built-in deduplication—large pattern sets with overlapping ranges can produce duplicate entries, requiring post-processing with sort -u or similar tools.

Verdict

Use if: You're tired of managing multiple language runtimes for wordlist generation, need pattern-based generation with complex mutations in a single tool, value Rust's performance for large-scale generation tasks, or want YAML-defined transformation pipelines with conditional logic. Gorilla excels at consolidating common workflows into one fast binary. Skip if: You require recursive web crawling for comprehensive site scraping, need battle-tested stability for production security workflows where tool behavior can't change unexpectedly, rely heavily on hashcat's extensive rule ecosystem and documentation, or are working in environments where introducing new tools requires significant justification. Mature tools like hashcat rules paired with crunch may be less elegant but offer proven reliability.

// RELATED

Cybersecurity

Caldera: When Your Red Team Needs a Planning Algorithm, Not Just Another C2

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Caldera: Building Adversary Emulation with Fact-Based Planning Engines

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Inside Mathias Bynens' Dotfiles: The Blueprint for 30,000 macOS Developer Environments

By Rob Ragan ★ 31.3k Unknown May 15, 2026
Cybersecurity

Glow: Why Rendering Markdown in the Terminal Shouldn't Require a Browser

By Rob Ragan ★ 25.2k Unknown May 15, 2026
Cybersecurity

Caldera: When Your Red Team Needs a Planning Algorithm, Not Just Another C2

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Caldera: Building Adversary Emulation with Fact-Based Planning Engines

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Inside Mathias Bynens' Dotfiles: The Blueprint for 30,000 macOS Developer Environments

By Rob Ragan ★ 31.3k Unknown May 15, 2026
crackinghashhashcatinfosecjohntherippersecurity
// ADD TO YOUR README
Featured on Starlog 
[![Featured on Starlog](https://starlog.is/api/badge/cybersecurity/andreiverse-gorilla.svg)](https://starlog.is/api/badge-click/cybersecurity/andreiverse-gorilla)