d4rckh/gorilla d4rckh/gorilla

  • Stars
    star
    373
  • Rank 110,974 (Top 3 %)
  • Language
    Rust
  • License
    GNU General Publi...
  • Created almost 2 years ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
d4rckh/gorilla
github

d4rckh

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

tool for generating wordlists or extending an existing one using mutations.

gorilla

gorilla is the ultimate wordlist tool packing a lot of amazing utilities like:

  • building wordlists based on patterns (like crunch)
  • building wordlists based on common password/username formats (like cupp)
  • scrap a web page and build a wordlist from its words (like cewl)
  • extending existing wordlists using mutations (like hashcat's rule based attack)

building

cargo build --release
# the binary will be located in target/release folder

computing passwords

The --from-pattern/-p argument is used to tell gorilla to compute passwords based on a pattern. For example, the following command will print every single word containing 5 lowercase letters.

gorilla --from-pattern "{a-z}{a-z}{a-z}{a-z}{a-z}"

Other examples of patterns are administrator{0-9} (administrator0 -> administrator9); hello_world{a-z}{0-9} (hello_worlda0 -> hello_worldz9).

If you want to save the output to a file, you can use the --output-file/-o argument.

image

Gorilla now also supports character sets. They are defined in src/char_sets.rs. Here are some examples of patterns that use them: {l} => a b c d ... z; {u} => A B C D ... Z; {d} => 1 2 3 4 ... 9; {s} => (space) ! " # $ ... ~

modifying existing wordlists using mutations/rules

Using the command line arguments you can do any mutation that is supported but you are only limited to only 1 set of mutations. A mutation set is a set of mutations applied to a word. Via the cli, mutations are supplied via the --mutation/-m argument.

gorilla --from-pattern "administrator" --mutation "prepend:_"

image

Usually you will want to use the --from-file/-i argument instead of --from-pattern in this case to specify a wordlist instead of a single word, but to keep things simple, I will use that.

The above command takes in 1 word and outputs 1 word: _administrator. You can add multiple mutations using the same parameter.

gorilla --from-pattern "administrator" \
  -m "prepend:_" \
  -m "append:{0-9}"

This once again takes 1 single word, but will output 10 different ones. Adding the {0-9} syntax to prepend & append will result in multiple words getting generated. The above command generates the following words.

_administrator0
_administrator1
_administrator2
[.. snip ..]
_administrator8
_administrator9

If we were to supply a wordlist via the -i file, we'd get back the amount of words we had in that wordlist times 10.

So far we only applied 1 single set of mutations. Usually you will want to combine multiple of these. This is done via the yaml files. You specify one using the --mutations-file/-f argument. An example one is located in sets/simple.yml file in this repo and it looks like this:

name: simple

mutation_sets:
  - [ nothing ] # => word
  - [ reverse ] # => drow
  - [ remove_last_letter ] # => wor
  - [ remove_first_letter ] # => ord
  - [ uppercase_all ] # => WORD
  - [ "append:{0-9}" ] # => word1, word2, word3
  - [ "2 append:{0-9}" ] # => word11, word22, word33
  - [ "replace:o:0", "replace:a:4", "replace:e:3" ] # => w0rd, h3ll0

image

Each mutations file has to have a name and a mutation_sets value as shown in the example. The above mutation sets will generate, from a single word, 27 other words.

administrator
administrator
rotartsinimda
administrato
dministrator
ADMINISTRATOR
administrator0
[.. snip ..]
administrator9
administrator00
[.. snip ..]
administrator99
4dministr4t0r

If you'd like to check your mutation file for errors before using it, you can use the following syntax to parse and print the summary.

gorilla --mutations-file muts.yml

scraping web pages for words

(For now) you can only scrap a specific page for words and styles and script tags won't be removed, this wil be implemented in a future release of gorilla.

You can specify a page using the --from-website/-w argument. For example

gorilla --from-website https://example.org/

image

The above command will print every word from that website. You can add other arguments shown previously like --mutations-file/-f, --mutation/-m and of course --output-file/-o to save them (instead of printing).

conditional mutations

You can apply a set of mutations to specific words that meet certain conditions/condition. This only makes sense in yaml files.

The following mutations file will remove words that don't contain the string admin. Unlike the previous mutations, this can remove words.

name: filtering_words

mutation_sets:
  - [ "if_contains:admin" ]

Another example is the following, which will add an underscore only to words that are longer than 5 characters.

name: conditional_mutation

mutation_sets:
  - [ "if_length:>5", "append:_" ],
  - [ "! if_length:>5" ]

Notice we had to add another mutation set that begins with the negated version of the first if mutation because otherwise the words that are shorter than 6 characters will be removed.

other mutations

gorilla supports many other mutations and since the tool is in early development it would be very painful to maintain a list of them here. If you are curious about the other mutations, you can check out the Action enum from src/mutation.rs file.

using common password/username formats to build wordlists

Formats are defined in formatting sets via yaml files and are supplied to gorilla via the --from-formatting/-q argument. Currently there's only one formatting set made, it is located at sets/formatting/basic_usernames.yml. And it looks (similar) to this.

name: basic_usernames

fields:
  - [ f_name ]
  - [ l_name ]

formatting_sets:
  - [ "{f_name}_{l_name}" ]
  - [ "{l_name}{f_name}" ]
  - [ ["{f_name}", [1st_letter]], "_{l_name}" ]
  - [ ["{f_name}", [1st_letter]], "{l_name}" ]

The required fields are name, fields and formatting_sets. The fields value is the user's profile and it contains information that is later used in the formatting_sets.

If you run the set, you will be prompted for each field and the usernames will be generated.

image

(of course, you can use the other arguments normally, like --mutations-file/-f to generate new words via mutations or --output-file/-o to save the words)

Each formatting set is an array of strings that are later appended. So ["{f_name}", "{l_name}"] is equivalent to ["{f_name}{l_name}"]. Instead of a string, you can supply an array, this allows you to apply mutations that you have used before to extend wordlists.

- [ "{f_name}_", [ "{l_name}", [ reverse ] ] ]

If the f_name is joe and l_name is doe, the resulting formatting will generate joe_eod. Mutations useful in formatting sets are remove_last_letter, remove_first_letter and 1st_letter

If you want to apply a formatting sets to many user profiles, you can use the --with-csv/-c argument to supply a CSV file. For the basic_usernames formatting set, the CSV should be formatted like this:

f_name,l_name
joe,doe
james,smith
robert,smith

image

More Repositories

1

grc2

grim reaper c2
Nim
334
star
2

vaf

Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Nim
308
star
3

infosec-resources

Python
47
star
4

im-a-sandbox

make your machine look like a sandbox/vm πŸ€–
PowerShell
29
star
5

WindowsPotatoes

A list of windows potatoes!
20
star
6

http-redirector

lightweight http redirector written in nim
Nim
12
star
7

kab

kab the lab manager
HTML
11
star
8

old-hackable-software

9
star
9

wapisteal

Steal credentials on Windows by hooking several Windows API functions!
JavaScript
8
star
10

shrack

πŸš€ Fast hash dictionary attack
Python
7
star
11

nim-tlv

tlv building and parsing in nim
Nim
6
star
12

rustfuzz

basic web fuzzer
Rust
5
star
13

windows-customization-scripts

A collection of scripts to customize Windows by manipulating the registry
JavaScript
5
star
14

shlol

do common hacking tasks with a simple menu
Python
4
star
15

epicgamesfree

Epic Games Free Game Promotion Parser
Python
4
star
16

netsploit

Python
4
star
17

webility

web vulnerability scanner written in nim ⚑⚑
3
star
18

wapienum

Enumeration Tool which uses the windows api
C++
3
star
19

ngn

ngn the network scanner
Python
3
star
20

blog

idk website
HTML
3
star
21

iptk

ip toolkit
Rust
3
star
22

casto

Nodejs cast project for Linux, Mac, and Windows that uses a web interface to control, or send, things to a plain electron application, in live time
HTML
3
star
23

monito

Setup triggers for anything, gather the logs in one place and view them in a very beautiful page!
JavaScript
2
star
24

status-page

JavaScript
2
star
25

netivid

Powerful script for network recon
Python
2
star
26

shboom

sparkles Oh, life could be a dream sparkles
Python
2
star
27

Gamio

Gamio: the game library manager and launcher!
HTML
2
star
28

adfaker

fake active directory object generator
1
star
29

d4rckh

1
star
30

bhs

Python
1
star
31

processmanager

C++
1
star
32

kolog

Advanced logging util for nodejs
JavaScript
1
star
33

boomark

A selfhosted bookmark
JavaScript
1
star
34

slc

C
1
star
35

cstimer-analyzer

This is a collection of scripts I made to analyze cstimer.net exports
Python
1
star
36

h3kt1c0.github.io

My website
CSS
1
star
37

nimws-test

Nim
1
star
38

bookmarks

python3 bookmarks in the terminal
Python
1
star
39

cahey

In-memory db for caching
JavaScript
1
star
40

ytdler

JavaScript
1
star
41

shk2

Python
1
star