-
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
english-words
:memo: A text file containing 479k English words for all your dictionary/word-based projects e.g: auto-completion / autosuggestion
Here's a good rule to start with - OneRuleToRuleThemAll
So looking through what you know about the password I think a combinator attack is what you might be looking for. I would set your first wordlist as a file with only "habanero" in it, and your second as all English words from this github. You will have to play around with making your own rule set since you know some specifics due to the complexity of the algorithm. OneRuleToRuleThemAll is amazing and my go to in most cases, but it is going to waste tons of time in your case. Masks are also going to waste time if you know the second "string" is a word and not a random assortment of letters. Remember as you make your rules that you can apply different rule sets to each text file.