Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/decal/pathgro

:seedling: combinatoric pathname wordlist expansion--it's like Miracle-Gro(tm) for your dirbusting technique!
https://github.com/decal/pathgro

attack-modeling combinatorics command-line-tool dirbuster directory-traversal dotfiles-automation filesystem generator guile kali-linux pathname paths permutation-based schemetools subsets-algorithm toolkit url vulnerability-scanner web-security wordlist-processing

Last synced: 8 days ago
JSON representation

:seedling: combinatoric pathname wordlist expansion--it's like Miracle-Gro(tm) for your dirbusting technique!

Awesome Lists containing this project

README 

        


  [ GNU Lesser General Public License ]

  [ PayPal.Me $5! ]

  [ Linux and macOS ]




  

    

      


        [ PathGro Logo | Miracle-Gro(tm) Spoof ]

      


    

  



## Introduction



`pathgro` takes a brief list of path strings as input and "grows" them into much

larger sets. It is a tool that freely commingles pathname pieces to generate new

omnifarious string mappings. It is designed to maximize attack surface coverage

when testing software components that take pathnames as input; the technique 

referred to as _dirbusting_ as implemented by [dirb](https://dirb.sf.net "DIRB is a Web Content Scanner. It looks for existing and/or hidden Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.")

is a good example of such testing which stands to benefit from path growing abilities.

Such tactics exploit [predictable resource location](http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location "Predictable Resource Location is an attack technique used to uncover hidden web site content and functionality.") and are sometimes referred to as [forced browsing](https://www.owasp.org/index.php/Forced_browsing "Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the application, but are still accessible.")

`pathgro` has been coded as a set of [GNU Guile](https://gnu.org/software/guile "GNU's programming and extension language") modules that are wrapped in a command-line interface script.



## Examples



General overview of the functionality:



[![PathGro Usage Examples](https://asciinema.org/a/InUx4vKTr0cUYyVYA5jlzVtZi.svg "Terminal Recording Demonstrating Command Line Execution of PathGro Tool")](https://asciinema.org/a/InUx4vKTr0cUYyVYA5jlzVtZi "Various Examples of Growing Path Lists")



Note that `pathgro --Combos 1` and `pathgro --Powerset 1` will generate equivalent lists according to their definitions.



## Dependencies



### Requirement



* **GNU Guile 2.x**

  - **NOTE:** you must make sure that you have both of the `guile` and `guild` executables installed.\

    Some Linux distributions (e.g. *Debian*) provide `guild` separately from `guile`, so simply\

    installing a package named `guile` with APT may not be sufficient.\

    (*Debian* provides `guild` in a development package entitled `guile-2.x-dev`)



### Optional



* **direnv**



## Installation



``` shell

# 🚊 on Linux, install the required GNU Guile binaries

$ sudo apt install guile guile-2.0-dev



# 🍻 on macOS, install Homebrew according to its site at https://brew.sh 

# 🍺 on Linux, optionally install the Linux version of Homebrew which might maintain a newer version of GNU Guile

$ sudo apt install linuxbrew-wrapper 



# πŸ₯‚ install the GNU Guile package via the default [homebrew/core](https://github.com/Homebrew/homebrew-core "Default formulae for the missing package manager for macOS") tap 

$ brew install guile 



# πŸ–₯️ on macOS, you can simply `brew install guile` after installing Homebrew from https://brew.sh

# πŸ’» on Linux, you may need to add `~/.linuxbrew/Cellar/guile/2.x.x/bin` to `PATH`



# πŸŒ€ clone the source code repository

$ git clone https://github.com/decal/pathgro



# πŸ“ change working directory to pathgro

$ cd pathgro



# β›΅ compile the source using the Makefile

$ make



# ✈️ execute various tests using the Makefile

$ make test



# #️⃣ install pathgro using the Makefile

$ make install



# βš“ append the above environment variable settings to the shell initialization file

$ cat ~/.pathgrorc >> ~/.bashrc



# πŸ₯š re-assign path environment variables for Guile and the current shell process

$ . .pathgrorc



# πŸ“— read the detailed program usage statement and refer to the table underneath the following screenshot

$ pathgro --help



# πŸ… That's it--you're done! Go get 'em tiger! Grow your pathname lists!

```



## Usage



[ PathGro Tool Usage Summary ]



* * *



|Β Β Β _CommandΒ LineΒ Flag_Β Β | _Description of Grow Level_ 

|:-------------------------------------------|-----------------------------------------------------------------------

| `--Grow 0`, `-G0` | 
each command-line flag has a 50% chance of being enabled randomly
`--basename`, `--dirname`, `--extname`, `--filename`, `--generate`, `--macos`, `--saves`, `--vimswap`, `--xtdirname`


| `--Grow 1`, `-G1` | 
bases, extensions and full file names
`--basename`, `--extname`, `--filename`


| `--Grow 2`, `-G2` | 
file extensions as directories and standalone directories
`--dirname`, `--xtdirname`


| `--Grow 3`, `-G3` | 
bases, extensions, full file names, standalone directories and extensions as directories
`--basename`, `--extname`, `--filename`, `--dirname`, `--xtdirname`


| `--Grow 4`, `-G4` | 
auto-save and backup file names
`--macos`, `--saves`


| `--Grow 5`, `-G5` | 
vim swap file names, one-byte base name appendages and extensions
`--generate`, `--vimswap`


| `--Grow 6`, `-G6` | 
`-G4` and `-G5` togther
`--macos`, `--saves`, `--generate`, `--vimswap`


| `--Grow 7`, `-G7` | 
combinations of folders two levels deep with traversals of same depth
`--Combos 2`, `--Traverse 2`


| `--Grow 8`, `-G8` | 
enable each individual flag while passing the value `1` to each set operation
`--basename`, `--extname`, `--filename`, `--dirname`, `--xtdirname`, `--macos`, `--saves`, `--generate`, `--vimswap`, `--Combos`, `--Powerset`, `--Traverse` `--basename`, `--extname`, `--filename`, `--dirname`, `--xtdirname`, `--macos`, `--saves`, `--generate`, `--vimswap`, `--Combos`, `--Powerset`, `--Traverse`



* * *



> Note that depending upon the command-line invocation's combined option flags, the results may still need to be uniqued by piping the output stream to `sort -u`. 







* * *







## Errors



* `ERROR: no code for module (pathgro main)`



> Don't forget to run `make install` and `. ~/.pathgrorc` before attempting to execute `pathgro`



* * *







## Related







### Utilities



* [mortalis13 / List-Folders](https://github.com/mortalis13/List-Folders "Lists files and subfolders of a selected local directory")



> Lists files and subfolders of a selected local directory



* [kdomasze / Folder-List](https://github.com/kdomasze/Folder-List "Lists all files and folders in a directory.")



> Lists all files and folders in a directory.







* * * 







### Listers



* [mgeeky / dirbuster](https://github.com/mgeeky/dirbuster "wfuzz, SecLists and john -based dirbusting / forceful browsing script intended to be used during web pentest assingments")



> wfuzz, SecLists and john -based dirbusting / forceful browsing script intended to be used during web pentest assingments



* [DominikSchlecht / WordLGen](https://github.com/DominikSchlecht/WordLGen "A program that combines given words.")



> A program that combines given words.



* [sc0tfree / mentalist](https://github.com/sc0tfree/mentalist "Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.")



> Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.



* [BlackArch / wordlistctl](https://github.com/BlackArch/wordlistctl "Fetch, install and search wordlist archives from websites and torrent peers.")



> Fetch, install and search wordlist archives from websites and torrent peers.



* [imkzh / webwordlist](https://github.com/imkzh/webwordlist "a small wordlist that can be used for learning.")



> A small wordlist that can be used for learning.







* * *







### Lists



* [fuzzdb-project / fuzzdb](https://github.com/fuzzdb-project/fuzzdb "Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.")



> Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.



* [danielmiessler / SecLists](https://github.com/danielmiessler/SecLists "SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.")



> SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.



* [cujanovic / Content-Bruteforcing-Wordlist](https://github.com/cujanovic/Content-Bruteforcing-Wordlist "Wordlist for content(directory) bruteforce discovering with Burp or dirsearch")



> Wordlist for content(directory) bruteforce discovering with Burp or dirsearch



* [1N3 / IntruderPayloads](https://github.com/1N3/IntruderPayloads "A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.")



> A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.



* [decal / werdlists](https://github.com/decal/werdlists "Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases")



> Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases



* [Bo0oM / fuzz.txt](https://github.com/Bo0oM/fuzz.txt "Potentially dangerous files")



> Potentially dangerous files



 







* * *







### Busters



* [TomNomNom / meg](https://github.com/tomnomnom/meg "Fetch many paths for many hosts - without killing the hosts")



> Fetch many paths for many hosts - without killing the hosts



* [EdOverflow / megplus](https://github.com/EdOverflow/megplus "Automated reconnaissance wrapper β€” TomNomNom's meg on steroids.")



> Automated reconnaissance wrapper β€” TomNomNom's meg on steroids



* [maurosoria / dirsearch](https://github.com/maurosoria/dirsearch "Web path scanner")



> Web path scanner



* [NoobieDog / Dir-Xcan](https://github.com/NoobieDog/Dir-Xcan "Python version of OWASP's DirBuster Application.")



> Python version of OWASP's DirBuster Application



* [phra / nodebuster](https://github.com/phra/nodebuster "DirBuster for Node.js")



> DirBuster for Node.js







* * *






  

## License



`pathgro` is licensed according to version 3 of the [GNU Lesser General Public License](https://www.gnu.org/licenses/lgpl.html). See [`COPYING.txt`](https://github.com/decal/pathgro/blob/master/COPYING.txt "GPLv3") for more information.




[ LGPLv3 ]
  



ERROR: no code for module (pathgro main)