Security
Headlines
HeadlinesLatestCVEs

Headline

Haklistgen - Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-tAJa4MDz_Co/YUuoLt01PoI/AAAAAAAAvSU/CkAAccSSGBI6r6apc9d3cLcmRkAjTTyCgCNcBGAsYHQ/s702/some_words.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="408" data-original-width="702" height="373" src="https://1.bp.blogspot.com/-tAJa4MDz_Co/YUuoLt01PoI/AAAAAAAAvSU/CkAAccSSGBI6r6apc9d3cLcmRkAjTTyCgCNcBGAsYHQ/w640-h373/some_words.png" width="640" /></a></div><p><br /></p> <p>Turns any junk text into a usable wordlist for brute-forcing.</p><span><a name=’more’></a></span><div><br /></div><span style="font-size: large;"><b>Installation</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="go install github.com/hakluke/haklistgen@latest “><pre><code>go install github.com/hakluke/haklistgen@latest<br /></code></pre></div> <br /><span style="font-size: large;"><b>Usage Examples</b></span><br /> <p>Scrape all words out of an HTTP response to build a directory <a href="https://www.kitploit.com/search/label/Bruteforce” target="_blank" title="bruteforce">bruteforce</a> wordlist:</p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="curl https://wikipedia.org | haklistgen “><pre><code>curl https://wikipedia.org | haklistgen<br /></code></pre></div> <p>Pipe a list of <a href="https://www.kitploit.com/search/label/Subdomains” target="_blank" title="subdomains">subdomains</a> to it to generate a wordlist for <a href="https://www.kitploit.com/search/label/Bruteforcing" target="_blank" title="bruteforcing">bruteforcing</a> more subdomains:</p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="subfinder -silent -d example.com | haklistgen “><pre><code>subfinder -silent -d example.com | haklistgen<br /></code></pre></div> <p>Piping in a custom JavaScript file could yield some interesting results:</p> <div class="snippet-clipboard-content position-relative” data-snippet-clipboard-copy-content="curl https://example.com/app.js | haklistgen “><pre><code>curl https://example.com/app.js | haklistgen<br /></code></pre></div> <p>You could create a great <a href="https://www.kitploit.com/search/label/Custom%20Wordlist” target="_blank" title="custom wordlist">custom wordlist</a> for a large-scope target doing something like this:</p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="subfinder -silent -d hakluke.com | anew subdomains.txt | httpx -silent | anew urls.txt | <a title=" hakrawler="" href="https://www.kitploit.com/search/label/Hakrawler">hakrawler | anew endpoints.txt | while read url; do curl $url --insecure | haklistgen | anew wordlist.txt; done cat subdomains.txt urls.txt endpoints.txt | haklistgen | anew wordlist.txt; “><pre><code>subfinder -silent -d hakluke.com | anew subdomains.txt | httpx -silent | anew urls.txt | hakrawler | anew endpoints.txt | while read url; do curl $url --insecure | haklistgen | anew wordlist.txt; done<br />cat subdomains.txt urls.txt endpoints.txt | haklistgen | anew wordlist.txt;<br /></code></pre></div> <p>This would save subdomains to <code>subdomains.txt</code>, then save httpx output to <code>urls.txt</code>, then crawl each url and save the hakrawler output to <code>endpoints.txt</code>, then fetch every URL in <code>endpoints.txt</code> and make a wordlist out of it, concatenating all of the wordlists to <code>wordlist.txt</code>. Then it takes all of the subdomains and urls, and adds words out of the words in those too.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download” href="https://github.com/hakluke/haklistgen" rel="nofollow" target="_blank" title="Download Haklistgen">Download Haklistgen</a></span></b></div>

kitploit
#Bruteforce#Bruteforcing#Custom Wordlist#Haklistgen#Hakrawler#Httpx#JavaScript#Subdomains#Wordlist#Wordlists

kitploit: Latest News

JadedWraith - Light-weight UNIX Backdoor