Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/hakluke/haklistgen

Turns any junk text into a usable wordlist for brute-forcing.
https://github.com/hakluke/haklistgen

Last synced: 8 months ago
JSON representation

Turns any junk text into a usable wordlist for brute-forcing.

Awesome Lists containing this project

README 

          
# haklistgen

Turns any junk text into a usable wordlist for brute-forcing.



# Installation



```

go install github.com/hakluke/haklistgen@latest

```



# Usage Examples



Scrape all words out of an HTTP response to build a directory bruteforce wordlist:



```

curl https://wikipedia.org | haklistgen

```



Pipe a list of subdomains to it to generate a wordlist for bruteforcing more subdomains:



```

subfinder -silent -d example.com | haklistgen

```



Piping in a custom JavaScript file could yield some interesting results:



```

curl https://example.com/app.js | haklistgen

```



You could create a great custom wordlist for a large-scope target doing something like this:



```

subfinder -silent -d hakluke.com | anew subdomains.txt | httpx -silent | anew urls.txt | hakrawler | anew endpoints.txt | while read url; do curl $url --insecure | haklistgen | anew wordlist.txt; done

cat subdomains.txt urls.txt endpoints.txt | haklistgen | anew wordlist.txt;

```



This would save subdomains to `subdomains.txt`, then save httpx output to `urls.txt`, then crawl each url and save the hakrawler output to `endpoints.txt`, then fetch every URL in `endpoints.txt` and make a wordlist out of it, concatenating all of the wordlists to `wordlist.txt`. Then it takes all of the subdomains and urls, and adds words out of the words in those too.