Haklistgen – Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing

Turns any junk text into a usable wordlist for brute-forcing. Installation go install github.com/hakluke/[email protected] Usage Examples Scrape all words out of an HTTP response to build a directory bruteforce wordlist: curl https://wikipedia.org | haklistgen Pipe a list of subdomains to it to generate a wordlist for bruteforcing more subdomains: subfinder -silent -d example.com | haklistgenRead More

Weakpass – Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is a combination of device/network/organizationRead More

Duplicut – Remove Duplicates From MASSIVE Wordlist, Without Sorting It (For Dictionary-Based Password Cracking)

Quickly dedupe massive wordlists, without changing the order  Created by nil0x42 and contributors Overview Modern password wordlist creation usually implies concatenating multiple data sources. Ideally, most probable passwords should stand at start of the wordlist, so most common passwords are cracked instantly. With existing dedupe tools you are forced to choose if you prefer toRead More

Cook – A Customizable Wordlist And Password Generator

Easily create permutations and combinations of words with predefined sets of extensions, words and patterns/function. You can use this tool to easily create complex endpoints and passwords. Customizing tool according to your unique secrets keywords. Easy UX, Checkout Usage Installation Using Go go get github.com/giteshnxtlvl/cook OR GO111MODULE=on go get github.com/giteshnxtlvl/cook Update go get -u github.com/giteshnxtlvl/cookRead More

Admin-Scanner – This Tool Is Design To Find Admin Panel Of Any Website By Using Custom Wordlist Or Default Wordlist Easily

Website Admin Panel Finder How To Install (Linux/pc) sudo apt install python3 sudo apt install python3-pip sudo apt install git git clone https://github.com/alienwhatever/Admin-Scanner.git cd Admin-Scanner How to Install (Termux/Android) pkg update && pkg upgrade pkg install python3 pkg install git git clone https://github.com/alienwhatever/Admin-Scanner.git cd Admin-Scanner pip3 install -r requirement.txt Usage author: alienwhatevercredit github.com/bdblackhat for list.txtorginal-source-of-list.txtRead More

Wordlist_Generator – Unique Wordlist Generator Of Unique Wordlists

wordlist_generator generates wordlists with unique words with techniques mentioned in tomnomnom’s report “Who, What, Where, When”. It takes URLs from gau and splits them to get words in URLs. Then it requests each URL to fetch all words. Finally, wordlist_generator removes from wordlist everything from “denylists” directory files to keep only unique words, which youRead More

CWFF – Create Your Custom Wordlist For Fuzzing

CWFF is a tool that creates a special High quality fuzzing/content discovery wordlist for you at the highest speed possible using concurrency and it’s heavily inspired by @tomnomnom‘s Who, What, Where, When, Wordlist #NahamCon2020.Usage CWFF [-h] [–threads] [–github] [–subdomains] [–recursive] [–js-libraries] [–connected-websites] [–juicy-files] [–use-filter-model] [-o] domainpositional arguments: domain Target website(ofc)optional arguments: -h, –help Show thisRead More

Lazybee – Wordlist Generator Tool for Termux

Lazybee tool is a python based script from which you can generate random wordlist for brutefocre attacks. This tool has a unique features like wordlist generating time calculation and direct .txt saving in current directory. This tool works on both rooted Android device and Non-rooted Android device.lazybee is available for Termux Installation and usage guideRead More

RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager,Read More

OWASP D4N155 – Intelligent And Dynamic Wordlist Using OSINT

It’s an information security audit tool that creates intelligent wordlists based on the content of the target page.Help usSee some calculations usedInstallNeed to: Python3.6, Bash (GNU Bourne-Again SHell)Optional: Git, Groff git clone https://github.com/owasp/D4N155.gitcd D4N155pip3 install -r requirements.txtbash main Or whithout git wget -qO- https://github.com/owasp/D4N155/archive/master.zip | bsdtar -xf-cd D4N155-masterpip3 install -r requirements.txtbash main Manual D4N155: ToolRead More