How can I test passwords against a dictionary / word list, where the entries have been fuzzed to some degree?
By "fuzzed", I mean variants of words with "l33t" conversions and other character conversions are included in the check.
Ideally, I would like to pass in a password value, have the utility check the password, and return a yes/no value.
John the Ripper has modes which can be used to test password strength against a fuzzed list. It supports creating your own fuzzing rules, and uses whatever dictionaries you provide. It comes by default with a large set of common fuzzing rules installed, including 1337 transformation, word flipping, doubling, uppercasing, simple number/symbol appending, etc.
If you search google for your password and you find even 1 result, then you have chosen a weak password. NO ONE should know your password, even if they don't know that its yours.
For testing remote system for weak passwords I highly recommend THC-Hydra. I have used this software in penetration tests with great success.
JTR only applies to hashes, if you're looking to do a little more of a 'penetration test' across the network. Hydra by THC is widely known Network password cracker (But note, With all the extensions, You will be waiting a VERY long time to find even the simplest passwords).