{"id":14069352,"url":"https://github.com/decal/pathgro","last_synced_at":"2026-01-21T13:39:00.252Z","repository":{"id":69750995,"uuid":"146161978","full_name":"decal/pathgro","owner":"decal","description":":seedling: combinatoric pathname wordlist expansion--it's like Miracle-Gro(tm) for your dirbusting technique!","archived":false,"fork":false,"pushed_at":"2020-04-28T06:04:31.000Z","size":7475,"stargazers_count":13,"open_issues_count":2,"forks_count":7,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-04T10:39:39.828Z","etag":null,"topics":["attack-modeling","combinatorics","command-line-tool","dirbuster","directory-traversal","dotfiles-automation","filesystem","generator","guile","kali-linux","pathname","paths","permutation-based","schemetools","subsets-algorithm","toolkit","url","vulnerability-scanner","web-security","wordlist-processing"],"latest_commit_sha":null,"homepage":null,"language":"Scheme","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/decal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-26T07:53:17.000Z","updated_at":"2023-09-08T17:44:19.000Z","dependencies_parsed_at":"2023-07-06T21:33:39.848Z","dependency_job_id":null,"html_url":"https://github.com/decal/pathgro","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/decal/pathgro","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decal%2Fpathgro","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decal%2Fpathgro/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decal%2Fpathgro/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decal%2Fpathgro/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/decal","download_url":"https://codeload.github.com/decal/pathgro/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decal%2Fpathgro/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267815187,"owners_count":24148356,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack-modeling","combinatorics","command-line-tool","dirbuster","directory-traversal","dotfiles-automation","filesystem","generator","guile","kali-linux","pathname","paths","permutation-based","schemetools","subsets-algorithm","toolkit","url","vulnerability-scanner","web-security","wordlist-processing"],"created_at":"2024-08-13T07:06:53.300Z","updated_at":"2026-01-21T13:39:00.202Z","avatar_url":"https://github.com/decal.png","language":"Scheme","funding_links":["https://paypal.me/decal/5"],"categories":["Scheme"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/decal/pathgro/blob/master/COPYING.txt\" name=\"pathgro-copying\" id=\"license-link\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-LGPLv3-yellow.svg?maxAge=2592000\" name=\"pathgro-license\" id=\"license-image\" title=\"LGPLv3\" alt=\"[ GNU Lesser General Public License ]\" crossorigin=\"anonymous\" integrity=\"sha512-LglCDw+0y0npKqEXzPJQc74NiCCphVtNICdc61slXEiZbt3j6RAwHf52ysL4Eg7B0mbss1VlsL10GdvAZ+82zA==\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://paypal.me/decal/5\" name=\"pathgro-paypal\" id=\"paypal-me\"\u003e\u003cimg src=\"https://github.com/decal/pathgro/blob/master/assets/donate-paypal.svg\" name=\"paypal-pathgro\" id=\"donate-paypal\" title=\"PayPal Donate\" alt=\"[ PayPal.Me $5! ]\" crossorigin=\"anonymous\" integrity=\"\"sha512-JL3EaZQoPmVEcrg15sjbf6i2vpkqi4zByTa6SiCe2+lQM63jiCbs+EikSp+aKRs3KGOSyzF3OMsfUe6gewF7wg==\" /\u003e\u003c/a\u003e\n  \u003ca href=\"#\" name=\"macos-linux\" id=\"maclin-link\"\u003e\u003cimg src=\"https://github.com/decal/pathgro/blob/master/assets/macos-linux.svg\" name=\"pathgro-maclin\" id=\"maclin-image\" title=\"Linux and macOS\" alt=\"[ Linux and macOS ]\" crossorigin=\"anonymous\" integrity=\"sha512-JL3EaZQoPmVEcrg15sjbf6i2vpkqi4zByTa6SiCe2+lQM63jiCbs+EikSp+aKRs3KGOSyzF3OMsfUe6gewF7wg==\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003ctable translate=\"no\" title=\"PathGro\" name=\"pathgro-table\" id=\"pgtable\" style=\"border-color: yellow; border-collapse: separate; border-spacing: 8px; display: table\"\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\n      \u003cp align=\"center\"\u003e\n        \u003cimg height=\"32%\" width=\"32%\" src=\"https://raw.githubusercontent.com/decal/pathgro/master/assets/pathgro-logo.png\" alt=\"[ PathGro Logo | Miracle-Gro(tm) Spoof ]\" title=\"DirBuster Path Food\" crossorigin=\"anonymous\" integrity=\"sha512-yswWY4vXXS8vCMTN6yMEVjwpsEb/mbl0KEFVbONI7k/diS1nXz9JEd4VtCzbcTsBpkS+cX+0cr/FKz5U8dqe6w==\" /\u003e\n      \u003c/p\u003e\n    \u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n## Introduction\n\n`pathgro` takes a brief list of path strings as input and \"grows\" them into much\nlarger sets. It is a tool that freely commingles pathname pieces to generate new\nomnifarious string mappings. It is designed to maximize attack surface coverage\nwhen testing software components that take pathnames as input; the technique \nreferred to as _dirbusting_ as implemented by [dirb](https://dirb.sf.net \"DIRB is a Web Content Scanner. It looks for existing and/or hidden Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.\")\nis a good example of such testing which stands to benefit from path growing abilities.\nSuch tactics exploit [predictable resource location](http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location \"Predictable Resource Location is an attack technique used to uncover hidden web site content and functionality.\") and are sometimes referred to as [forced browsing](https://www.owasp.org/index.php/Forced_browsing \"Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the application, but are still accessible.\")\n`pathgro` has been coded as a set of [GNU Guile](https://gnu.org/software/guile \"GNU's programming and extension language\") modules that are wrapped in a command-line interface script.\n\n## Examples\n\nGeneral overview of the functionality:\n\n[![PathGro Usage Examples](https://asciinema.org/a/InUx4vKTr0cUYyVYA5jlzVtZi.svg \"Terminal Recording Demonstrating Command Line Execution of PathGro Tool\")](https://asciinema.org/a/InUx4vKTr0cUYyVYA5jlzVtZi \"Various Examples of Growing Path Lists\")\n\nNote that `pathgro --Combos 1` and `pathgro --Powerset 1` will generate equivalent lists according to their definitions.\n\n## Dependencies\n\n### Requirement\n\n* **GNU Guile 2.x**\n  - **NOTE:** you must make sure that you have both of the `guile` and `guild` executables installed.\\\n    Some Linux distributions (e.g. *Debian*) provide `guild` separately from `guile`, so simply\\\n    installing a package named `guile` with APT may not be sufficient.\\\n    (*Debian* provides `guild` in a development package entitled `guile-2.x-dev`)\n\n### Optional\n\n* **direnv**\n\n## Installation\n\n``` shell\n# 🚊 on Linux, install the required GNU Guile binaries\n$ sudo apt install guile guile-2.0-dev\n\n# 🍻 on macOS, install Homebrew according to its site at https://brew.sh \n# 🍺 on Linux, optionally install the Linux version of Homebrew which might maintain a newer version of GNU Guile\n$ sudo apt install linuxbrew-wrapper \n\n# 🥂 install the GNU Guile package via the default [homebrew/core](https://github.com/Homebrew/homebrew-core \"Default formulae for the missing package manager for macOS\") tap \n$ brew install guile \n\n# 🖥️ on macOS, you can simply `brew install guile` after installing Homebrew from https://brew.sh\n# 💻 on Linux, you may need to add `~/.linuxbrew/Cellar/guile/2.x.x/bin` to `PATH`\n\n# 🌀 clone the source code repository\n$ git clone https://github.com/decal/pathgro\n\n# 📁 change working directory to pathgro\n$ cd pathgro\n\n# ⛵ compile the source using the Makefile\n$ make\n\n# ✈️ execute various tests using the Makefile\n$ make test\n\n# #️⃣ install pathgro using the Makefile\n$ make install\n\n# ⚓ append the above environment variable settings to the shell initialization file\n$ cat ~/.pathgrorc \u003e\u003e ~/.bashrc\n\n# 🥚 re-assign path environment variables for Guile and the current shell process\n$ . .pathgrorc\n\n# 📗 read the detailed program usage statement and refer to the table underneath the following screenshot\n$ pathgro --help\n\n# 🐅 That's it--you're done! Go get 'em tiger! Grow your pathname lists!\n```\n\n## Usage\n\n\u003cimg height=\"80%\" width=\"80%\" src=\"https://raw.githubusercontent.com/decal/pathgro/master/assets/pathgro-usage.png\" name=\"pathgro-usage\" id=\"usage-image\" alt=\"[ PathGro Tool Usage Summary ]\" title=\"PathGro Command Line Options\" crossorigin=\"anonymous\" integrity=\"sha512-s7kpnmVa9y542pl1a2BZZhU524sWBx9KdgUTFud9Ld10oDxb/h30/v8HF0wj3OIKsx+7Oq771/ayOSF1sZ2ZAw==\" /\u003e\n\n* * *\n\n|\u0026nbsp;\u0026nbsp;\u0026nbsp;_Command\u0026nbsp;Line\u0026nbsp;Flag_\u0026nbsp;\u0026nbsp;| _Description of Grow Level_ \n|:-------------------------------------------|-----------------------------------------------------------------------\n| `--Grow 0`, `-G0` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003eeach command-line flag has a 50% chance of being enabled randomly\u003c/summary\u003e\u003cbr /\u003e`--basename`, `--dirname`, `--extname`, `--filename`, `--generate`, `--macos`, `--saves`, `--vimswap`, `--xtdirname`\u003c/details\u003e\u003cbr /\u003e\n| `--Grow 1`, `-G1` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003ebases, extensions and full file names\u003c/summary\u003e\u003cbr /\u003e`--basename`, `--extname`, `--filename`\u003c/details\u003e\u003cbr /\u003e\n| `--Grow 2`, `-G2` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003efile extensions as directories and standalone directories\u003c/summary\u003e\u003cbr /\u003e`--dirname`, `--xtdirname`\u003c/details\u003e\u003cbr /\u003e\n| `--Grow 3`, `-G3` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003ebases, extensions, full file names, standalone directories and extensions as directories\u003c/summary\u003e\u003cbr /\u003e`--basename`, `--extname`, `--filename`, `--dirname`, `--xtdirname`\u003c/details\u003e\u003cbr /\u003e\n| `--Grow 4`, `-G4` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003eauto-save and backup file names\u003c/summary\u003e\u003cbr /\u003e`--macos`, `--saves`\u003c/details\u003e\u003cbr /\u003e\n| `--Grow 5`, `-G5` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003evim swap file names, one-byte base name appendages and extensions\u003c/summary\u003e\u003cbr /\u003e`--generate`, `--vimswap`\u003c/details\u003e\u003cbr /\u003e\n| `--Grow 6`, `-G6` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003e`-G4` and `-G5` togther\u003c/summary\u003e\u003cbr /\u003e`--macos`, `--saves`, `--generate`, `--vimswap`\u003c/details\u003e\u003cbr /\u003e\n| `--Grow 7`, `-G7` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003ecombinations of folders two levels deep with traversals of same depth\u003c/summary\u003e\u003cbr /\u003e`--Combos 2`, `--Traverse 2`\u003c/details\u003e\u003cbr /\u003e\n| `--Grow 8`, `-G8` | \u003cbr /\u003e\u003cdetails\u003e\u003csummary\u003eenable each individual flag while passing the value `1` to each set operation\u003c/summary\u003e\u003cbr /\u003e`--basename`, `--extname`, `--filename`, `--dirname`, `--xtdirname`, `--macos`, `--saves`, `--generate`, `--vimswap`, `--Combos`, `--Powerset`, `--Traverse`\u003c/summary\u003e `--basename`, `--extname`, `--filename`, `--dirname`, `--xtdirname`, `--macos`, `--saves`, `--generate`, `--vimswap`, `--Combos`, `--Powerset`, `--Traverse`\u003c/details\u003e\u003cbr /\u003e\n\n* * *\n\n\u003e Note that depending upon the command-line invocation's combined option flags, the results may still need to be uniqued by piping the output stream to `sort -u`. \n\n\u003cbr /\u003e\n\n* * *\n\n\u003cbr /\u003e\n\n## Errors\n\n* `ERROR: no code for module (pathgro main)`\n\n\u003e Don't forget to run `make install` and `. ~/.pathgrorc` before attempting to execute `pathgro`\n\n* * *\n\n\u003cbr /\u003e\n\n## Related\n\n\u003cbr /\u003e\n\n### Utilities\n\n* [mortalis13 / List-Folders](https://github.com/mortalis13/List-Folders \"Lists files and subfolders of a selected local directory\")\n\n\u003e Lists files and subfolders of a selected local directory\n\n* [kdomasze / Folder-List](https://github.com/kdomasze/Folder-List \"Lists all files and folders in a directory.\")\n\n\u003e Lists all files and folders in a directory.\n\n\u003cbr /\u003e\n\n* * * \n\n\u003cbr /\u003e\n\n### Listers\n\n* [mgeeky / dirbuster](https://github.com/mgeeky/dirbuster \"wfuzz, SecLists and john -based dirbusting / forceful browsing script intended to be used during web pentest assingments\")\n\n\u003e wfuzz, SecLists and john -based dirbusting / forceful browsing script intended to be used during web pentest assingments\n\n* [DominikSchlecht / WordLGen](https://github.com/DominikSchlecht/WordLGen \"A program that combines given words.\")\n\n\u003e A program that combines given words.\n\n* [sc0tfree / mentalist](https://github.com/sc0tfree/mentalist \"Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.\")\n\n\u003e Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.\n\n* [BlackArch / wordlistctl](https://github.com/BlackArch/wordlistctl \"Fetch, install and search wordlist archives from websites and torrent peers.\")\n\n\u003e Fetch, install and search wordlist archives from websites and torrent peers.\n\n* [imkzh / webwordlist](https://github.com/imkzh/webwordlist \"a small wordlist that can be used for learning.\")\n\n\u003e A small wordlist that can be used for learning.\n\n\u003cbr /\u003e\n\n* * *\n\n\u003cbr /\u003e\n\n### Lists\n\n* [fuzzdb-project / fuzzdb](https://github.com/fuzzdb-project/fuzzdb \"Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.\")\n\n\u003e Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.\n\n* [danielmiessler / SecLists](https://github.com/danielmiessler/SecLists \"SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.\")\n\n\u003e SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.\n\n* [cujanovic / Content-Bruteforcing-Wordlist](https://github.com/cujanovic/Content-Bruteforcing-Wordlist \"Wordlist for content(directory) bruteforce discovering with Burp or dirsearch\")\n\n\u003e Wordlist for content(directory) bruteforce discovering with Burp or dirsearch\n\n* [1N3 / IntruderPayloads](https://github.com/1N3/IntruderPayloads \"A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.\")\n\n\u003e A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.\n\n* [decal / werdlists](https://github.com/decal/werdlists \"Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases\")\n\n\u003e Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases\n\n* [Bo0oM / fuzz.txt](https://github.com/Bo0oM/fuzz.txt \"Potentially dangerous files\")\n\n\u003e Potentially dangerous files\n\n\u003c!-- Commenting this one out since it's a gist and not a repository --\u003e\n\u003c!-- * [samduy / path_traversal_payloads.txt](https://gist.github.com/samduy/8034b3227d472968e23f3817612a6729 \"List of common path traversal attacks (can be used with BurpSuite Instruder)\")\n\n\u003e List of common path traversal attacks (can be used with BurpSuite Intruder) --\u003e \n\n\u003cbr /\u003e\n\n* * *\n\n\u003cbr /\u003e\n\n### Busters\n\n* [TomNomNom / meg](https://github.com/tomnomnom/meg \"Fetch many paths for many hosts - without killing the hosts\")\n\n\u003e Fetch many paths for many hosts - without killing the hosts\n\n* [EdOverflow / megplus](https://github.com/EdOverflow/megplus \"Automated reconnaissance wrapper — TomNomNom's meg on steroids.\")\n\n\u003e Automated reconnaissance wrapper — TomNomNom's meg on steroids\n\n* [maurosoria / dirsearch](https://github.com/maurosoria/dirsearch \"Web path scanner\")\n\n\u003e Web path scanner\n\n* [NoobieDog / Dir-Xcan](https://github.com/NoobieDog/Dir-Xcan \"Python version of OWASP's DirBuster Application.\")\n\n\u003e Python version of OWASP's DirBuster Application\n\n* [phra / nodebuster](https://github.com/phra/nodebuster \"DirBuster for Node.js\")\n\n\u003e DirBuster for Node.js\n\n\u003cbr /\u003e\n\n* * *\n\n\u003cbr /\u003e\n  \n## License\n\n`pathgro` is licensed according to version 3 of the [GNU Lesser General Public License](https://www.gnu.org/licenses/lgpl.html). See [`COPYING.txt`](https://github.com/decal/pathgro/blob/master/COPYING.txt \"GPLv3\") for more information.\n\n\u003cbr /\u003e\u003cp align=\"right\"\u003e\u003cimg height=\"20%\" width=\"20%\" src=\"https://raw.githubusercontent.com/decal/pathgro/master/assets/lgplv3-logo.png\" name=\"lgplv3-logo\" id=\"license-logo\" alt=\"[ LGPLv3 ]\" title=\"GNU Lesser General Public License\" crossorigin=\"anonymous\" integrity=\"sha512-P07UklyWF125WUM4hD18LQNbAfeAL4oSqsQhtaNQsWYZpgtsDaUfo4HIIX9OFQepwodXN2w+XA+oVS5LjQfGrA==\" /\u003e\u003c/p\u003e  \n\nERROR: no code for module (pathgro main)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdecal%2Fpathgro","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdecal%2Fpathgro","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdecal%2Fpathgro/lists"}