• Stars
    star
    212
  • Rank 186,122 (Top 4 %)
  • Language
    Go
  • Created over 3 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Turns any junk text into a usable wordlist for brute-forcing.

haklistgen

Turns any junk text into a usable wordlist for brute-forcing.

Installation

go install github.com/hakluke/haklistgen@latest

Usage Examples

Scrape all words out of an HTTP response to build a directory bruteforce wordlist:

curl https://wikipedia.org | haklistgen

Pipe a list of subdomains to it to generate a wordlist for bruteforcing more subdomains:

subfinder -silent -d example.com | haklistgen

Piping in a custom JavaScript file could yield some interesting results:

curl https://example.com/app.js | haklistgen

You could create a great custom wordlist for a large-scope target doing something like this:

subfinder -silent -d hakluke.com | anew subdomains.txt | httpx -silent | anew urls.txt | hakrawler | anew endpoints.txt | while read url; do curl $url --insecure | haklistgen | anew wordlist.txt; done
cat subdomains.txt urls.txt endpoints.txt | haklistgen | anew wordlist.txt;

This would save subdomains to subdomains.txt, then save httpx output to urls.txt, then crawl each url and save the hakrawler output to endpoints.txt, then fetch every URL in endpoints.txt and make a wordlist out of it, concatenating all of the wordlists to wordlist.txt. Then it takes all of the subdomains and urls, and adds words out of the words in those too.

More Repositories

1

how-to-exit-vim

Below are some simple methods for exiting vim.
7,022
star
2

hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Go
4,374
star
3

hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.
Go
1,404
star
4

weaponised-XSS-payloads

XSS payloads designed to turn alert(1) into P1
JavaScript
1,338
star
5

hakoriginfinder

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
Go
831
star
6

haktrails

Golang client for querying SecurityTrails API data
Go
528
star
7

hakip2host

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
Go
416
star
8

hakcheckurl

Takes a list of URLs and returns their HTTP response codes
Go
388
star
9

bug-bounty-standards

A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.
225
star
10

hakscale

Distribute ordinary bash commands over many systems
Go
162
star
11

haktldextract

Extract domains/subdomains from URLs en masse
Go
133
star
12

hakfindinternaldomains

Feed it a list of subdomains, it will resolve them and tell you which ones are internal
Go
92
star
13

hakcron

Easily schedule commands to run multiple times at set intervals (like a cronjob, but with one command)
Go
84
star
14

hakq

A basic golang server/client for distributing tasks over multiple systems.
Go
38
star
15

hakrevshell

Shell
37
star
16

hakcertstream

Basic implementation of certstream to print new subdomains and domains
Go
37
star
17

hakstore

Go
27
star
18

hakluke

18
star
19

hakcsp

Return domains in CSP headers in http response
Go
16
star
20

hakaxfr

Attempt zone transfers on domains
Go
16
star
21

hakjoke

Gets joke from icanhazdadjoke.com, prints it
Go
13
star
22

haksecuritytxt

Takes a list of domains as the input, checks if they have a security.txt, outputs the results.
Go
13
star
23

helloworlds

hello world in different languages
Assembly
12
star
24

----svg-onload-alert---

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
HTML
11
star
25

XSS

Xss payloads
JavaScript
9
star
26

hakawshostnames

Generate a list of all AWS hostnames
Go
8
star
27

hakurlencode

(en|de)code urls from the CLI
Go
6
star
28

gzipsplit

split lines of text into multiple gzip files
Go
6
star
29

hakgzsplit

Split text files into gzip files with x lines
Go
5
star
30

vulnerable-code-examples

An unorganized batch of vulnerable code examples for use in my blogs, training, etc.
PHP
5
star
31

wordlesolver

Little python script + dictionary to help solve Wordle puzzles
Python
4
star
32

FakeKoala

3
star
33

diodb-api

Go
2
star