• Stars
    star
    107
  • Rank 323,587 (Top 7 %)
  • Language
    Go
  • Created about 4 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generates target specific word lists for Fuzzing with fuff

wordlistgen

Generates target specific word lists by searching for endpoints in javascript and appends parameters for Fuzzing with other tools

Version 1.0

Install

$ go get -u github.com/ethicalhackingplayground/wordlistgen

$ go get github.com/003random/getJS

GitHub Logo

Generate wordlist

$ echo "https://www.twitter.com" | getJS -complete | ./wordlistgen -p params.txt -d "https://www.twitter.com"

GitHub Logo

The use ffuf

Then get creative with FFuF or https://github.com/tomnomnom/qsreplace


SSRF TIP2:

Generate Wordlist

$ cat <Resolved-Domains> | getJS -complete | ./wordlistgen -p params.txt -d <Un-Resolved> | tee wordlist

$ cat "https://www.twitter.com" | getJS -complete | ./wordlistgen -p params.txt -d "www.twitter.com" | tee wordlist

OUTPUT:

www.twitter.com/responsive-web-internal/sourcemaps/client-web-legacy/polyfills.525f28f5.js.map/?url=FUZZ
www.twitter.com/v/latest/72x72//?url=FUZZ
www.twitter.com/responsive-web-internal/sourcemaps/client-web-legacy/en.363b7e25.js.map/?url=FUZZ
www.twitter.com/articles/18311/?url=FUZZ
You can also use -dL to load a list of subdomains like:

$ cat <Resolved-Domains> | getJS -complete | ./wordlistgen -p params.txt -dL <Un-Resolved> | tee wordlist

Replace Variables with Payload

$ cat wordlist | qsreplace http://127.0.0.1/admin | tee -a hosts

OUTPUT:

www.twitter.com/responsive-web-internal/sourcemaps/client-web-legacy/polyfills.525f28f5.js.map/?url=http%3A%2F%2F127.0.0.1%2Fadmin
www.twitter.com/v/latest/72x72//?url=http%3A%2F%2F127.0.0.1%2Fadmin
www.twitter.com/responsive-web-internal/sourcemaps/client-web-legacy/en.363b7e25.js.map/?url=http%3A%2F%2F127.0.0.1%2Fadmin
www.twitter.com/articles/18311/?url=http%3A%2F%2F127.0.0.1%2Fadmin

Use HTTPX to keep track of the codes,titles

$ cat hosts | httpx -title -status-code

I hope you get a bounty with this technique.


If you get a bounty please support by buying me a coffee


Buy Me A Coffee

More Repositories

1

ssrf-king

SSRF plugin for burp Automates SSRF Detection in all of the Request
Java
548
star
2

bxss

Go
219
star
3

TProxer

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
Python
172
star
4

ssrf-tool

Go
141
star
5

erebus

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.
Go
130
star
6

pathbuster

A path-normalization pentesting tool.
Rust
115
star
7

Bug-Bounty-Tools

The tools I have programmed to help me with bugbounty's
Python
111
star
8

Zin

A Payload Injector for bugbounties written in go
Go
72
star
9

dnsresolver

A Lightning-Fast DNS Resolver written in Rust 🦀
Rust
62
star
10

dorkX

Pipe different tools with google dork Scanner
Go
57
star
11

linkJS

Go
57
star
12

SubNuke

Subdomain Takeover tool with web UI
HTML
56
star
13

xsspwn

Cross-Site-Scripting (XSS) Automatic Scanner
Python
43
star
14

hrekt

A really fast http prober.
Rust
38
star
15

mailsploit

Sends some one a malicious payload through smtp and starts a listener with metasploit.
Python
35
star
16

gocrawler

Go
33
star
17

tprox

TProx is a fast reverse proxy path traversal detector and directory bruteforcer.
Go
28
star
18

endzy

Endpoint monitor tool
Go
20
star
19

aem-eye

A very simple AEM detector written in rust.🦀
Rust
20
star
20

EvilPhisher

Social Media Phisher
HTML
19
star
21

erebus-templates

Community curated list of templates for the erebus engine to find security vulnerabilities.
16
star
22

recon_db_scripts

Creating a Database for Mass Recon
12
star
23

bcaem

Fast AEM scope gathering tool for all your public and private BugCrowd Programs
Go
11
star
24

pdtools

Install and upgrade projectdiscovery tools
Shell
10
star
25

hostparser

A very fast hostparser.
Rust
9
star
26

corsX

Cross Origin Resource Sharing Scanner (CORS Scanner)
Go
8
star
27

fbkiller

Brute Forces A Facebook Account
Python
6
star
28

facebookscraper

Python
3
star
29

hakku

Hakku is a android take over tool using various deployment options.
Python
2
star
30

specter

SMTP Password Bruteforcer
Python
2
star
31

subdomaintakeover

HTML
1
star
32

sha1decryper

Attempts to crack a sha1 hash
Python
1
star
33

nextjs-blog-theme

JavaScript
1
star
34

ethicalhackingplayground

1
star
35

native-mockups

HTML
1
star
36

JsX

Recon your way through java script with this tool finding subdomains, parameters, sinks & relative paths.
1
star
37

documents.uber.com

1
star
38

Electron-Boilerplate

CSS
1
star