wfh-wordlist 2.1.2__tar.gz

wfh_wordlist-2.1.2/CODE_OF_CONDUCT.md

@@ -0,0 +1,79 @@
+# Contributor Covenant Code of Conduct
+
+## Our pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement responsibilities
+
+Project maintainers are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the project maintainers responsible for enforcement at the contact
+address listed in the repository README or organization profile.
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+All project maintainers are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

wfh_wordlist-2.1.2/CONTRIBUTING.md

@@ -0,0 +1,90 @@
+# Contributing
+
+Thank you for your interest in improving **WordListsForHacking**. This guide
+explains how to contribute effectively while preserving attribution and quality.
+
+## Ground Rules
+
+- Use this project **only** for authorized security research, education, and
+  contracted penetration testing.
+- Do not submit content intended to facilitate unauthorized access.
+- Follow the [Code of Conduct](CODE_OF_CONDUCT.md) in all interactions.
+- Never include real PII, real credentials, or identifiable company data in
+  wordlists, patterns, or code.
+
+## How to Contribute
+
+1. **Open an issue first** for substantial changes (new features, large
+   refactors, new modules).
+2. **Fork** the repository and create a **feature branch** from `main`.
+3. **Keep commits focused** — one logical change per commit.
+4. **Test locally** before opening a pull request.
+5. **Open a pull request** with a clear description.
+
+## Code Style
+
+- **Type hints** on all function signatures.
+- **Docstrings** in Google style for every class and public function.
+- **Logging** via `logging` module — never `print()` in library code.
+- **No hardcoded sensitive data** — use `.env` and configuration files.
+- **No unnecessary imports** — keep modules lean.
+- Follow existing module structure in `wfh_modules/`.
+
+## Adding a New Module
+
+1. Create `wfh_modules/your_module.py` following the existing pattern.
+2. Add the CLI subcommand in `wfh.py` → `build_parser()`.
+3. Add the handler function `cmd_your_module()` in `wfh.py`.
+4. Add the interactive menu entry if appropriate.
+5. Update `requirements.txt` if new dependencies are needed.
+6. Update the README with documentation and examples.
+
+## Wordlist Contributions
+
+- **No real PII** — no real names tied to real companies.
+- **No real credentials** — no actual passwords from breaches.
+- **Structural patterns only** — abstract shapes, not raw data.
+- Deduplicate entries before submitting.
+- Follow existing file naming conventions (`*.lst`).
+
+## Pull Request Template
+
+When opening a PR, include:
+
+```
+## What changed
+<Brief description>
+
+## Why
+<Motivation / issue reference>
+
+## How to test
+<Steps to verify the change>
+
+## Checklist
+- [ ] Type hints on all new functions
+- [ ] Docstrings on all public functions
+- [ ] No hardcoded sensitive data
+- [ ] Tested locally
+- [ ] README updated (if applicable)
+```
+
+## Versioning
+
+This project follows [Semantic Versioning](https://semver.org/):
+`MAJOR.MINOR.PATCH` (e.g., `1.7.0`).
+
+- **MAJOR**: Breaking changes to CLI interface or module API.
+- **MINOR**: New features, new modules, new patterns.
+- **PATCH**: Bug fixes, documentation updates, minor improvements.
+
+## Attribution
+
+All contributions are attributed to **André Henrique**
+([@mrhenrike](https://github.com/mrhenrike)) as the project maintainer.
+Contributors are acknowledged in release notes and the GitHub contributors list.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the
+[MIT License](LICENSE).

wfh_wordlist-2.1.2/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 André Henrique (https://github.com/mrhenrike)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

wfh_wordlist-2.1.2/MANIFEST.in

@@ -0,0 +1,9 @@
+include LICENSE
+include README.md
+include README.pt-BR.md
+include requirements.txt
+include SECURITY.md
+include CONTRIBUTING.md
+include CODE_OF_CONDUCT.md
+recursive-include data *.json
+recursive-include wfh_modules *.py *.json

wfh_wordlist-2.1.2/PKG-INFO

@@ -0,0 +1,268 @@
+Metadata-Version: 2.4
+Name: wfh-wordlist
+Version: 2.1.2
+Summary: WordList For Hacking — Unified wordlist generation toolkit for pentest and red team operations
+Author-email: André Henrique <contact@safelabs.com.br>
+Maintainer-email: André Henrique <contact@safelabs.com.br>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/mrhenrike/WordListsForHacking
+Project-URL: Documentation, https://github.com/mrhenrike/WordListsForHacking/wiki
+Project-URL: Repository, https://github.com/mrhenrike/WordListsForHacking
+Project-URL: Issues, https://github.com/mrhenrike/WordListsForHacking/issues
+Project-URL: Changelog, https://github.com/mrhenrike/WordListsForHacking/releases
+Keywords: wordlist,password,pentest,red-team,security,brute-force,dictionary,hacking,cybersecurity,osint,credential,offensive-security
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Science/Research
+Classifier: Intended Audience :: System Administrators
+Classifier: Operating System :: OS Independent
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Utilities
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: colorama>=0.4.6
+Requires-Dist: tqdm>=4.66.0
+Requires-Dist: requests>=2.31.0
+Requires-Dist: beautifulsoup4>=4.12.0
+Requires-Dist: lxml>=4.9.0
+Requires-Dist: chardet>=5.2.0
+Requires-Dist: unidecode>=1.3.6
+Provides-Extra: ocr
+Requires-Dist: easyocr>=1.7.0; extra == "ocr"
+Requires-Dist: Pillow>=10.0.0; extra == "ocr"
+Provides-Extra: docs
+Requires-Dist: openpyxl>=3.1.0; extra == "docs"
+Requires-Dist: pdfplumber>=0.10.0; extra == "docs"
+Requires-Dist: python-docx>=1.1.0; extra == "docs"
+Requires-Dist: striprtf>=0.0.26; extra == "docs"
+Provides-Extra: full
+Requires-Dist: wfh-wordlist[docs,ocr]; extra == "full"
+Dynamic: license-file
+
+# WordListsForHacking (WFH)
+
+<p align="center">
+  <img src="https://img.shields.io/github/stars/mrhenrike/WordListsForHacking?style=flat-square" alt="GitHub Stars">
+  <img src="https://img.shields.io/github/license/mrhenrike/WordListsForHacking?style=flat-square" alt="License">
+  <img src="https://img.shields.io/badge/version-2.1.2-blue?style=flat-square" alt="Version">
+  <img src="https://img.shields.io/badge/python-3.8%2B-blue?style=flat-square&logo=python&logoColor=white" alt="Python 3.8+">
+  <img src="https://img.shields.io/pypi/v/wfh-wordlist?style=flat-square&logo=pypi&logoColor=white&color=green" alt="PyPI">
+</p>
+
+**Unified wordlist generation toolkit for pentest and red team operations.** Combines charset generation, target profiling, web scraping, OCR extraction, leet speak, DNS fuzzing, phone number generation, corporate user enumeration, ML-based ranking, and statistical analysis — all in a single CLI tool.
+
+> **Full documentation:** [Wiki](https://github.com/mrhenrike/WordListsForHacking/wiki)
+
+---
+
+> **DISCLAIMER:** This tool is intended **exclusively for authorized security testing, penetration testing, and educational purposes**. Unauthorized use against systems you do not own or have explicit written permission to test is **illegal** and unethical. The author assumes no liability for misuse.
+
+---
+
+## Quick Start
+
+### Install via pip (recommended)
+
+```bash
+pip install wfh-wordlist            # core
+pip install wfh-wordlist[full]      # all extras (OCR, document parsing)
+```
+
+### Or clone from source
+
+```bash
+git clone https://github.com/mrhenrike/WordListsForHacking.git
+cd WordListsForHacking
+
+# Linux / macOS / Termux
+chmod +x setup_venv.sh && ./setup_venv.sh && source .venv/bin/activate
+
+# Windows PowerShell
+.\setup_venv.ps1; .\.venv\Scripts\Activate.ps1
+```
+
+### Run
+
+```bash
+wfh                        # interactive menu (pip install)
+python wfh.py              # interactive menu (from source)
+python wfh.py --help       # full CLI help
+```
+
+> **OS prerequisites (OCR only):** see the [Installation wiki page](https://github.com/mrhenrike/WordListsForHacking/wiki/Installation).
+
+---
+
+## Subcommands
+
+| # | Command | Description |
+|---|---------|-------------|
+| 1 | `charset` | Charset/mask generation (crunch-style + hashcat masks) |
+| 2 | `pattern` | Template-based generation with variables |
+| 3 | `profile` | Personal target profiling (CUPP-style) |
+| 4 | `corp` | Corporate target profiling |
+| 5 | `corp-users` | Corporate domain user/password generation (50+ patterns) |
+| 6 | `phone` | Phone number wordlists (BR, US, UK) |
+| 7 | `scrape` | Web scraping (CeWL-style) |
+| 8 | `ocr` | OCR text extraction from images |
+| 9 | `extract` | Extract words from PDF/XLSX/DOCX |
+| 10 | `leet` | Leet speak permutations |
+| 11 | `xor` | XOR encrypt/decrypt/brute-force |
+| 12 | `analyze` | Statistical analysis (pipal-style) |
+| 13 | `merge` | Merge & deduplicate wordlists |
+| 14 | `dns` | DNS/subdomain fuzzing (alterx-style) |
+| 15 | `pharma` | Healthcare/pharmacy credential patterns |
+| 16 | `sanitize` | Clean & normalize wordlists |
+| 17 | `reverse` | Reverse line order |
+| 18 | `corp-prefixes` | Corporate prefix usernames (MSP/SOC/DevOps) |
+| 19 | `train` | Train ML pattern model |
+| 20 | `sysinfo` | Hardware & compute info |
+
+> **Detailed syntax and examples for each subcommand:** [Wiki — Subcommands](https://github.com/mrhenrike/WordListsForHacking/wiki)
+
+### Global Flags
+
+```bash
+python wfh.py --threads 20 --compute cuda --no-ml <subcommand>
+```
+
+| Flag | Default | Description |
+|------|---------|-------------|
+| `--threads N` | `5` | Thread count (1–300) |
+| `--compute MODE` | `auto` | `auto` / `cpu` / `gpu` / `cuda` / `rocm` / `mps` / `hybrid` |
+| `--no-ml` | off | Disable ML ranking |
+| `-v` | off | Verbose logging |
+
+---
+
+## Common Usage Examples
+
+### Corporate pentest — generate users + passwords
+
+```bash
+python wfh.py corp-users --domain acme.com.br --file employees.txt --passwords --combo -o acme_combo.lst
+```
+
+### Personal target profiling
+
+```bash
+python wfh.py profile --name "João Silva" --nick joao --birth 15/03/1990 --leet aggressive -o target.lst
+```
+
+### Charset with hashcat mask
+
+```bash
+python wfh.py charset 8 8 --mask "?u?l?l?l?d?d?d?s" -o passwords.lst
+```
+
+### Template-based patterns
+
+```bash
+python wfh.py pattern -t "{company}{year}!" --vars company=acme,globex year=2020-2026 -o patterns.lst
+```
+
+### DNS subdomain fuzzing
+
+```bash
+python wfh.py dns -d acme.com.br --words dev staging api admin portal -o subdomains.lst
+```
+
+### Analyze an existing wordlist
+
+```bash
+python wfh.py analyze passwords.lst --top 30 --masks --format json -o analysis.json
+```
+
+### Merge & sanitize
+
+```bash
+python wfh.py merge list1.lst list2.lst --min-len 6 --sort -o merged.lst
+python wfh.py sanitize merged.lst --inplace
+```
+
+> **More examples and scenarios:** [Wiki — Quick Start](https://github.com/mrhenrike/WordListsForHacking/wiki/Quick-Start)
+
+---
+
+## Wordlists
+
+| File | Description | Entries |
+|------|-------------|---------|
+| `passwords/wlist_brasil.lst` | Brazilian password corpus — cultural word banks, corporate patterns, leet speak, keyboard walks. Company names and CNPJs are public OSINT data. | ~3.88M |
+| `passwords/default-creds-combo.lst` | Default credential user:password combos | ~2.4K |
+| `usernames/username_br.lst` | Brazilian + global username patterns | ~1.6K |
+| `labs/*.lst` | Workshop & training wordlists | — |
+
+> **Details:** [Wiki — Brazilian Wordlist](https://github.com/mrhenrike/WordListsForHacking/wiki/Brazilian-Wordlist)
+
+---
+
+## Is My Password in This List?
+
+```bash
+# Linux/macOS
+grep -qxF 'YourPassword' passwords/wlist_brasil.lst && echo "FOUND!" || echo "Not found"
+
+# Windows PowerShell
+Select-String -Path passwords\wlist_brasil.lst -Pattern '^YourPassword$' -SimpleMatch -Quiet
+```
+
+If found: **change it immediately**, enable MFA/2FA, use a password manager, and never reuse passwords.
+
+> **Full guide:** [Wiki — Password Check](https://github.com/mrhenrike/WordListsForHacking/wiki/Password-Check)
+
+---
+
+## ML Model
+
+WFH includes a lightweight ML model that ranks generated candidates by structural pattern probability. Train it with `python wfh.py train --auto`. The model stores **only structural patterns** — no PII, passwords, or company names.
+
+> **Details:** [Wiki — ML Model](https://github.com/mrhenrike/WordListsForHacking/wiki/ML-Model)
+
+---
+
+## Credits & Inspiration
+
+| Project | Inspiration |
+|---------|-------------|
+| [CUPP](https://github.com/Mebus/cupp) | Personal target profiling |
+| [Crunch](https://github.com/jim3ma/crunch) | Charset-based generation |
+| [CeWL](https://github.com/digininja/CeWL) | Web scraping for wordlists |
+| [alterx](https://github.com/projectdiscovery/alterx) | DNS/subdomain fuzzing |
+| [pipal](https://github.com/digininja/pipal) | Statistical analysis |
+| [SecLists](https://github.com/danielmiessler/SecLists) | Curated security lists |
+| [elpscrk](https://github.com/D4Vinci/elpscrk) | Permutation-based generation |
+| [BEWGor](https://github.com/berzerk0/BEWGor) | Biographical wordlist generator |
+| [pnwgen](https://github.com/toxydose/pnwgen) | Phone number generation |
+
+---
+
+## Contributing
+
+Contributions welcome. See [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## License
+
+[MIT License](LICENSE) — Copyright (c) 2026 André Henrique ([@mrhenrike](https://github.com/mrhenrike))
+
+---
+
+<p align="center">
+  Created by <a href="https://github.com/mrhenrike">André Henrique (@mrhenrike)</a> — <a href="https://github.com/Uniao-Geek">União Geek</a>
+</p>
+
+<p align="center">
+  <a href="README.pt-BR.md">Leia em Português</a> · <a href="https://github.com/mrhenrike/WordListsForHacking/wiki">Full Documentation (Wiki)</a>
+</p>

wfh_wordlist-2.1.2/README.md

@@ -0,0 +1,215 @@
+# WordListsForHacking (WFH)
+
+<p align="center">
+  <img src="https://img.shields.io/github/stars/mrhenrike/WordListsForHacking?style=flat-square" alt="GitHub Stars">
+  <img src="https://img.shields.io/github/license/mrhenrike/WordListsForHacking?style=flat-square" alt="License">
+  <img src="https://img.shields.io/badge/version-2.1.2-blue?style=flat-square" alt="Version">
+  <img src="https://img.shields.io/badge/python-3.8%2B-blue?style=flat-square&logo=python&logoColor=white" alt="Python 3.8+">
+  <img src="https://img.shields.io/pypi/v/wfh-wordlist?style=flat-square&logo=pypi&logoColor=white&color=green" alt="PyPI">
+</p>
+
+**Unified wordlist generation toolkit for pentest and red team operations.** Combines charset generation, target profiling, web scraping, OCR extraction, leet speak, DNS fuzzing, phone number generation, corporate user enumeration, ML-based ranking, and statistical analysis — all in a single CLI tool.
+
+> **Full documentation:** [Wiki](https://github.com/mrhenrike/WordListsForHacking/wiki)
+
+---
+
+> **DISCLAIMER:** This tool is intended **exclusively for authorized security testing, penetration testing, and educational purposes**. Unauthorized use against systems you do not own or have explicit written permission to test is **illegal** and unethical. The author assumes no liability for misuse.
+
+---
+
+## Quick Start
+
+### Install via pip (recommended)
+
+```bash
+pip install wfh-wordlist            # core
+pip install wfh-wordlist[full]      # all extras (OCR, document parsing)
+```
+
+### Or clone from source
+
+```bash
+git clone https://github.com/mrhenrike/WordListsForHacking.git
+cd WordListsForHacking
+
+# Linux / macOS / Termux
+chmod +x setup_venv.sh && ./setup_venv.sh && source .venv/bin/activate
+
+# Windows PowerShell
+.\setup_venv.ps1; .\.venv\Scripts\Activate.ps1
+```
+
+### Run
+
+```bash
+wfh                        # interactive menu (pip install)
+python wfh.py              # interactive menu (from source)
+python wfh.py --help       # full CLI help
+```
+
+> **OS prerequisites (OCR only):** see the [Installation wiki page](https://github.com/mrhenrike/WordListsForHacking/wiki/Installation).
+
+---
+
+## Subcommands
+
+| # | Command | Description |
+|---|---------|-------------|
+| 1 | `charset` | Charset/mask generation (crunch-style + hashcat masks) |
+| 2 | `pattern` | Template-based generation with variables |
+| 3 | `profile` | Personal target profiling (CUPP-style) |
+| 4 | `corp` | Corporate target profiling |
+| 5 | `corp-users` | Corporate domain user/password generation (50+ patterns) |
+| 6 | `phone` | Phone number wordlists (BR, US, UK) |
+| 7 | `scrape` | Web scraping (CeWL-style) |
+| 8 | `ocr` | OCR text extraction from images |
+| 9 | `extract` | Extract words from PDF/XLSX/DOCX |
+| 10 | `leet` | Leet speak permutations |
+| 11 | `xor` | XOR encrypt/decrypt/brute-force |
+| 12 | `analyze` | Statistical analysis (pipal-style) |
+| 13 | `merge` | Merge & deduplicate wordlists |
+| 14 | `dns` | DNS/subdomain fuzzing (alterx-style) |
+| 15 | `pharma` | Healthcare/pharmacy credential patterns |
+| 16 | `sanitize` | Clean & normalize wordlists |
+| 17 | `reverse` | Reverse line order |
+| 18 | `corp-prefixes` | Corporate prefix usernames (MSP/SOC/DevOps) |
+| 19 | `train` | Train ML pattern model |
+| 20 | `sysinfo` | Hardware & compute info |
+
+> **Detailed syntax and examples for each subcommand:** [Wiki — Subcommands](https://github.com/mrhenrike/WordListsForHacking/wiki)
+
+### Global Flags
+
+```bash
+python wfh.py --threads 20 --compute cuda --no-ml <subcommand>
+```
+
+| Flag | Default | Description |
+|------|---------|-------------|
+| `--threads N` | `5` | Thread count (1–300) |
+| `--compute MODE` | `auto` | `auto` / `cpu` / `gpu` / `cuda` / `rocm` / `mps` / `hybrid` |
+| `--no-ml` | off | Disable ML ranking |
+| `-v` | off | Verbose logging |
+
+---
+
+## Common Usage Examples
+
+### Corporate pentest — generate users + passwords
+
+```bash
+python wfh.py corp-users --domain acme.com.br --file employees.txt --passwords --combo -o acme_combo.lst
+```
+
+### Personal target profiling
+
+```bash
+python wfh.py profile --name "João Silva" --nick joao --birth 15/03/1990 --leet aggressive -o target.lst
+```
+
+### Charset with hashcat mask
+
+```bash
+python wfh.py charset 8 8 --mask "?u?l?l?l?d?d?d?s" -o passwords.lst
+```
+
+### Template-based patterns
+
+```bash
+python wfh.py pattern -t "{company}{year}!" --vars company=acme,globex year=2020-2026 -o patterns.lst
+```
+
+### DNS subdomain fuzzing
+
+```bash
+python wfh.py dns -d acme.com.br --words dev staging api admin portal -o subdomains.lst
+```
+
+### Analyze an existing wordlist
+
+```bash
+python wfh.py analyze passwords.lst --top 30 --masks --format json -o analysis.json
+```
+
+### Merge & sanitize
+
+```bash
+python wfh.py merge list1.lst list2.lst --min-len 6 --sort -o merged.lst
+python wfh.py sanitize merged.lst --inplace
+```
+
+> **More examples and scenarios:** [Wiki — Quick Start](https://github.com/mrhenrike/WordListsForHacking/wiki/Quick-Start)
+
+---
+
+## Wordlists
+
+| File | Description | Entries |
+|------|-------------|---------|
+| `passwords/wlist_brasil.lst` | Brazilian password corpus — cultural word banks, corporate patterns, leet speak, keyboard walks. Company names and CNPJs are public OSINT data. | ~3.88M |
+| `passwords/default-creds-combo.lst` | Default credential user:password combos | ~2.4K |
+| `usernames/username_br.lst` | Brazilian + global username patterns | ~1.6K |
+| `labs/*.lst` | Workshop & training wordlists | — |
+
+> **Details:** [Wiki — Brazilian Wordlist](https://github.com/mrhenrike/WordListsForHacking/wiki/Brazilian-Wordlist)
+
+---
+
+## Is My Password in This List?
+
+```bash
+# Linux/macOS
+grep -qxF 'YourPassword' passwords/wlist_brasil.lst && echo "FOUND!" || echo "Not found"
+
+# Windows PowerShell
+Select-String -Path passwords\wlist_brasil.lst -Pattern '^YourPassword$' -SimpleMatch -Quiet
+```
+
+If found: **change it immediately**, enable MFA/2FA, use a password manager, and never reuse passwords.
+
+> **Full guide:** [Wiki — Password Check](https://github.com/mrhenrike/WordListsForHacking/wiki/Password-Check)
+
+---
+
+## ML Model
+
+WFH includes a lightweight ML model that ranks generated candidates by structural pattern probability. Train it with `python wfh.py train --auto`. The model stores **only structural patterns** — no PII, passwords, or company names.
+
+> **Details:** [Wiki — ML Model](https://github.com/mrhenrike/WordListsForHacking/wiki/ML-Model)
+
+---
+
+## Credits & Inspiration
+
+| Project | Inspiration |
+|---------|-------------|
+| [CUPP](https://github.com/Mebus/cupp) | Personal target profiling |
+| [Crunch](https://github.com/jim3ma/crunch) | Charset-based generation |
+| [CeWL](https://github.com/digininja/CeWL) | Web scraping for wordlists |
+| [alterx](https://github.com/projectdiscovery/alterx) | DNS/subdomain fuzzing |
+| [pipal](https://github.com/digininja/pipal) | Statistical analysis |
+| [SecLists](https://github.com/danielmiessler/SecLists) | Curated security lists |
+| [elpscrk](https://github.com/D4Vinci/elpscrk) | Permutation-based generation |
+| [BEWGor](https://github.com/berzerk0/BEWGor) | Biographical wordlist generator |
+| [pnwgen](https://github.com/toxydose/pnwgen) | Phone number generation |
+
+---
+
+## Contributing
+
+Contributions welcome. See [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## License
+
+[MIT License](LICENSE) — Copyright (c) 2026 André Henrique ([@mrhenrike](https://github.com/mrhenrike))
+
+---
+
+<p align="center">
+  Created by <a href="https://github.com/mrhenrike">André Henrique (@mrhenrike)</a> — <a href="https://github.com/Uniao-Geek">União Geek</a>
+</p>
+
+<p align="center">
+  <a href="README.pt-BR.md">Leia em Português</a> · <a href="https://github.com/mrhenrike/WordListsForHacking/wiki">Full Documentation (Wiki)</a>
+</p>