How to test passwords against a word list with fuzzing

How can I test passwords against a dictionary / word list, where the entries have been fuzzed to some degree?

By "fuzzed", I mean variants of words with "l33t" conversions and other character conversions are included in the check.

Ideally, I would like to pass in a password value, have the utility check the password, and return a yes/no value.


Solution 1:

John the Ripper has modes which can be used to test password strength against a fuzzed list. It supports creating your own fuzzing rules, and uses whatever dictionaries you provide. It comes by default with a large set of common fuzzing rules installed, including 1337 transformation, word flipping, doubling, uppercasing, simple number/symbol appending, etc.

Solution 2:

If you search google for your password and you find even 1 result, then you have chosen a weak password. NO ONE should know your password, even if they don't know that its yours.

For testing remote system for weak passwords I highly recommend THC-Hydra. I have used this software in penetration tests with great success.