postmodern / wordlist.rb Goto Github PK

View Code? Open in Web Editor NEW

46.0 5.0 4.0 450 KB

A Ruby library and CLI for generating and working with wordlists.

License: MIT License

Ruby 100.00%

ruby wordlist wordlist-generator wordlist-processing infosec security-tools

wordlist.rb's Introduction

Wordlist

Description

Wordlist is a Ruby library and CLI for reading, combining, mutating, and building wordlists, efficiently.

Features

Supports reading .txt wordlists, and .gz, .bz2, .xz, .zip, and .7z compressed wordlists.
Supports building wordlists from arbitrary text. Also supports .gz, .bz2, .xz, .zip, and .7z compression.
Provides an advanced lexer for parsing text into words.
- Can parse/skip digits, special characters, whole numbers, acronyms.
- Can normalize case, apostrophes, and acronyms.
Supports wordlist operations for combining multiple wordlists together.
Supports wordlist modify or mutating the words in the wordlist on the fly.
Also provides a wordlist command.
Fast-ish

Examples

Reading

Open a wordlist for reading:

wordlist = Wordlist.open("passwords.txt")

Open a compressed wordlist for reading:

wordlist = Wordlist.open("rockyou.txt.gz")

Enumerate through a wordlist:

wordlist.each do |word|
  puts word
end

Create an in-memory list of literal words:

words = Wordlist::Words["foo", "bar", "baz"]

List Operations

Concat two wordlists together:

(wordlist1 + wordlist2).each do |word|
  puts word
end

Union two wordlists together:

(wordlist1 | wordlist2).each do |word|
  puts word
end

Subtract one wordlist from the other:

(wordlist1 - wordlist2).each do |word|
  puts word
end

Combine every word from wordlist1 with the words from wordlist2:

(wordlist1 * wordlist2).each do |word|
  puts word
end

Combine the wordlist with itself multiple times:

(wordslist ** 3).each do |word|
  puts word
end

Filter out duplicates from multiple wordlists:

(wordlist1 + wordlist2 + wordlist3).uniq.each do |word|
  puts word
end

String Manipulation

Convert every word in a wordlist to lowercase:

wordlist.downcase.each do |word|
  puts word
end

Convert every word in a wordlist to UPPERCASE:

wordlist.upcase.each do |word|
  puts word
end

Capitalize every word in a wordlist:

wordlist.capitalize.each do |word|
  puts word
end

Run String#tr on every word in a wordlist:

wordlist.tr('_','-').each do |word|
  puts word
end

Run String#sub on every word in a wordlist:

wordlist.sub("fish","phish").each do |word|
  puts word
end

Run String#gsub on every word in a wordlist:

wordlist.gsub(/\d+/,"").each do |word|
  puts word
end

Performs every possible mutation of each word in a wordlist:

wordlist.mutate(/[oae]/, {'o' => '0', 'a' => '@', 'e' => '3'}).each do |word|
  puts word
end
# dog
# d0g
# firefox
# fir3fox
# firef0x
# fir3f0x
# ...

Enumerates over every possible case variation of every word in a wordlist:

wordlist.mutate_case.each do |word|
  puts word
end
# cat
# Cat
# cAt
# caT
# CAt
# CaT
# cAT
# CAT
# ...

Building a Wordlist

Wordlist::Builder.open('path/to/file.txt.gz') do |builder|
  # ...
end

Add individual words:

builder.add(word)

Adding an Array of words:

builder.append(words)

Parsing text:

builder.parse(text)

Parsing a file's content:

builder.parse_file(path)

Requirements

ruby >= 3.0.0
zcat/gzip (for reading/writing .gz wordlists)
bzcat/bzip2 (for reading/writing .bz2 wordlists)
xzcat/xz (for reading/writing .xz wordlists)
unzip/zip (for reading/writing .zip wordlists)
7za (for reading/writing .7z wordlists)

Install

$ gem install wordlist

gemspec

gem.add_dependency 'wordlist', '~> 1.0'

Gemfile

gem 'wordlist', '~> 1.0'

Synopsis

usage: wordlist { [options] WORDLIST ... | --build WORDLIST [FILE ...] }

Wordlist Reading Options:
    -f {txt|gzip|bz2|xz|zip|7zip},   Sets the desired wordlist format
        --format
        --exec COMMAND               Runs the command with each word from the wordlist.
                                     The string "{}" will be replaced with each word.

Wordlist Operations:
    -U, --union WORDLIST             Unions the wordlist with the other WORDLIST
    -I, --intersect WORDLIST         Intersects the wordlist with the other WORDLIST
    -S, --subtract WORDLIST          Subtracts the words from the WORDLIST
    -p, --product WORDLIST           Combines every word with the other words from WORDLIST
    -P, --power NUM                  Combines every word with the other words from WORDLIST
    -u, --unique                     Filters out duplicate words

Wordlist Modifiers:
    -C, --capitalize                 Capitalize each word
        --uppercase, --upcase        Converts each word to UPPERCASE
        --lowercase, --downcase      Converts each word to lowercase
    -t, --tr CHARS:REPLACE           Translates the characters of each word
    -s, --sub PATTERN:SUB            Replaces PATTERN with SUB in each word
    -g, --gsub PATTERN:SUB           Replaces all PATTERNs with SUB in each word
    -m, --mutate PATTERN:SUB         Performs every possible substitution on each word
    -M, --mutate-case                Switches the case of each letter in each word

Wordlist Building Options:
    -b, --build WORDLIST             Builds a wordlist
    -a, --[no-]append                Appends to the new wordlist instead of overwriting it
    -L, --lang LANG                  The language to expect
        --stop-words WORDS...        Ignores the stop words
        --ignore-words WORDS...      Ignore the words
        --[no-]digits                Allow digits in the middle of words
        --special-chars CHARS        Allows the given special characters inside of words
        --[no-]numbers               Parses whole numbers in addition to words
        --[no-]acronyms              Parses acronyms in addition to words
        --[no-]normalize-case        Converts all words to lowercase
        --[no-]normalize-apostrophes Removes "'s" from words
        --[no-]normalize-acronyms    Removes the dots from acronyms

General Options:
    -V, --version                    Print the version
    -h, --help                       Print the help output

Examples:
    wordlist rockyou.txt.gz
    wordlist passwords_short.txt passwords_long.txt
    wordlist sport_teams.txt -p beers.txt -p digits.txt
    cat *.txt | wordlist --build custom.txt

Reading a wordlist:

$ wordlist rockyou.txt.gz

Reading multiple wordlists:

$ wordlist sport_teams.txt beers.txt

Combining every word from one wordlist with another:

$ wordlist sport_teams.txt -p beers.txt -p all_four_digits.txt
coors0000
coors0001
coors0002
coors0003
...

Combining every word from one wordlist with itself, N times:

$ wordlist words.txt -P 3

Mutating every word in a wordlist:

$ wordlist passwords.txt -m o:0 -m e:3 -m a:@
dog
d0g
firefox
fir3fox
firef0x
fir3f0x
...

Executing a command on each word in the wordlist:

$ wordlist directories.txt --exec "curl -X POST -F 'user=joe&password={}' -o /dev/null -w '%{http_code} {}' https://$TARGET/login"

Building a wordlist from a directory of .txt files:

$ wordlist --build wordlist.txt dir/*.txt

Building a wordlist from STDIN:

$ cat *.txt | wordlist --build wordlist.txt

Benchmarks

                                               user     system      total        real
Wordlist::Builder#parse_text (size=5.4M)   1.943605   0.003809   1.947414 (  1.955960)
Wordlist::File#each (N=1000)               0.000544   0.000000   0.000544 (  0.000559)
Wordlist::File#concat (N=1000)             0.001143   0.000000   0.001143 (  0.001153)
Wordlist::File#subtract (N=1000)           0.001360   0.000000   0.001360 (  0.001375)
Wordlist::File#product (N=1000)            0.536518   0.005959   0.542477 (  0.545536)
Wordlist::File#power (N=1000)              0.000015   0.000001   0.000016 (  0.000014)
Wordlist::File#intersect (N=1000)          0.001389   0.000000   0.001389 (  0.001407)
Wordlist::File#union (N=1000)              0.001310   0.000000   0.001310 (  0.001317)
Wordlist::File#uniq (N=1000)               0.000941   0.000000   0.000941 (  0.000948)
Wordlist::File#tr (N=1000)                 0.000725   0.000000   0.000725 (  0.000736)
Wordlist::File#sub (N=1000)                0.000863   0.000000   0.000863 (  0.000870)
Wordlist::File#gsub (N=1000)               0.001240   0.000000   0.001240 (  0.001249)
Wordlist::File#capittalize (N=1000)        0.000821   0.000000   0.000821 (  0.000828)
Wordlist::File#upcase (N=1000)             0.000760   0.000000   0.000760 (  0.000769)
Wordlist::File#downcase (N=1000)           0.000544   0.000001   0.000545 (  0.000545)
Wordlist::File#mutate (N=1000)             0.004656   0.000000   0.004656 (  0.004692)
Wordlist::File#mutate_case (N=1000)       24.178521   0.000000  24.178521 ( 24.294962)

License

See {file:LICENSE.txt} for details.

wordlist.rb's People

Contributors

Stargazers

Watchers

Forkers

evoltech obnosis hughp whisprer

wordlist.rb's Issues

Switch to using `require_relative` to improve load-times

Switch to using require_relative to load other wordlist/ files to improve load-times.

`zcat` works differently on mac

Instead of:

$ zcat foo.txt.gz

it needs to be run as:

$ zcat < foo.txt.gz

Add Wordlist::List.[] for Array initialization

Add a Wordlist::List.[] method for initializing a list with literal words:

Wordlist::List["foo", "bar", "baz"]

Fix `Lexer#parse` to handle words containing unicode characters

Fix the regexes in Lexer to handle words containing unicode characters (ex: umlaut, accents, etc).

wordlist binary -P option does not work

The -P option does not combine the wordlist's own words as specified.

$ cat test.txt 
hello
world
iam
testing
aprogramm
but
ialso
love
ruby
that are
just
some
stupid
words
$ wordlist test.txt -P 3
hello
world
iam
testing
aprogramm
but
ialso
love
ruby
that are
just
some
stupid
words

$ wordlist --version
wordlist 1.0.1

Add a `--min-length` wordlist builder option

Add a --min-length option to filter words by minimum length.

Add a Wordlist.open method

Add a top-level Wordlist.open method which determines the type of file by File.extname and picks the appropriate list class to read the wordlist file (ex: GZip vs TXT).

`Wordlist::Lexer#parse` cannot parse "\u{a0}" (aka unicode 160)

Wordlist::Lexer uses \s in it's regexs which cannot match unicode spaces, such as unicode character 160. Use [[:space:]] instead.

Add support for reading zip files

Add support for reading zipped wordlists (ex: unzip -p file.txt.zip file.txt).

Add a `--only-lowercase` wordlist builder option

Add an option that only allows lowercase words.

Refactor Wordlist::List to accept an Enumerable

Refactor Wordlist::List to accept an Enumerable list of words. This will allow us to convert Arrays or Ranges of Strings into a wordlist, which has the usual wordlist operator/modifier methods.

user_names_wordlist * Wordlist::List.new("000".."999")

Add wordlist operators

Add operator methods and Operator classes for manipulating wordlists.

Concat

wordlist1 + wordlist2 (Operator::Concat): enumerates over wordlist1, then enumerates over wordlist2.

Product

wordlist1 * wordlist2 (Operator::Product): enumerates over every combination of words from wordlist1 + words from wordlist2

Power

(wordslist1 * wordlist2) ** 3 (Operator::Power): only available on Operator::Product, simply repeats the wordlist product multiple times. Equivalent to wordlist1 * wordlist2 * wordlist2 * wordlist2.

Union

wordlist1 | wordlist2 (Operator::Union): enumerate over each unique word in both wordlists.

Intersect

wordlist1 & wordlist2 (Operator::Intersect): enumerate over each word that exists in both wordlists.

Release 1.0.0

Release it!

Add support for creating 7zipped wordlists

Add support for creating 7zipped wordlist archives.

Add support for writing zipped wordlists

Add support for building a .txt wordlist and then run zip on it; because zip does not support streaming input in to an arbitrary file name inside of the zip archive.

Fixed Lexer's regexs to ignore anything that isn't a ASCII or unicode letter (aka \p{L}).

Remove Wordlist::Builders::Spider and the spidr dependency.

This could go into another gem or possibly ronin-wordlists or ronin-web. The wordlist gem should stay focused on just building wordlists from text that its given.

Refactor Wordlist::Parsers into a Lexer

Parsers should become a proper String Tokenizer. It should be capable of scrubbing input text of unwanted punctuation, then splitting the input text into individual words.

Add gzip, bzip2, xz wordlist readers

Add support for enumerating over .gz, .bz2, xz, and maybe even .zip wordlists. Use the zcat, bzcat, xzcat commands to read each line from the wordlist; as they are technically faster than doing it in Ruby and does not add additional dependencies.

Add a `--max-length` wordlist builder option

Add a --max-length option to filter words by max length.

Does not seem to work with newer version of spidr?

With the following code:

require 'wordlist/builders/website'
ws = Wordlist::Builders::Website.build( file, {
   :host => 'ronin-ruby.github.com'
})

The following error results:

<path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/session_cache.rb:78:in `[]': undefined method `[]' for nil:NilClass (NoMethodError)
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/agent.rb:683:in `prepare_request'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/agent.rb:512:in `get_page'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/agent.rb:578:in `visit_page'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/agent.rb:249:in `run'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/agent.rb:231:in `start_at'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/agent.rb:184:in `site'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/agent.rb:204:in `host'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/spidr-0.4.1/lib/spidr/spidr.rb:89:in `host'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/wordlist-0.1.0/lib/wordlist/builders/website.rb:240:in `build!'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/wordlist-0.1.0/lib/wordlist/builder.rb:83:in `block in build'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/wordlist-0.1.0/lib/wordlist/builder.rb:55:in `call'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/wordlist-0.1.0/lib/wordlist/builder.rb:55:in `initialize'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/wordlist-0.1.0/lib/wordlist/builders/website.rb:207:in `initialize'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/wordlist-0.1.0/lib/wordlist/builder.rb:81:in `new'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/wordlist-0.1.0/lib/wordlist/builder.rb:81:in `build'

I spent some time trying to trace the issue here but could not figure it out. I also assume that this lib is deprecated since the wordlist code migrated over to ronin-support, but the builders class is still really nice. Is this a user error?

tr

wordlist.tr('e','3') (Modifier::Translate): similar to String#tr.

sub

wordlist.sub(/.../,'...') (Modifier::Sub): similar to String#sub.

gsub

wordlist.gsub(/.../,'...') (Modifier::GSub): similar to String#gsub.

capitalize

wordlist.capitalize (Modifier::Capitalize): similar to String#capitalize.

upcase

worlist.upcase (Modifier::Upcase): similar to String#upcase.

downcase

wordlist.downcase (Modifier::Downcase): similar to String#downcase.

Add support for reading 7zip archives

Add support for reading 7zipped wordlists.

7za e -so wordlis.txt.7za wordlist.txt