Haklistgen turns any junk text into a usable wordlist for brute-forcing.
Installation
go install github.com/hakluke/haklistgen@latest
Usage Examples
Scrape all words out of an HTTP response to build a directory bruteforce wordlist:
curl https://wikipedia.org | haklistgen
Pipe a list of subdomains to it to generate a wordlist for bruteforcing more subdomains:
subfinder -silent -d example.com | haklistgen
Piping in a custom JavaScript file could yield some interesting results:
curl https://example.com/app.js | haklistgen
You could create a great custom wordlist for a large-scope target doing something like this:
subfinder -silent -d hakluke.com | anew subdomains.txt | httpx -silent | anew urls.txt | hakrawler | anew endpoints.txt | while read url; do curl $url –insecure | haklistgen | anew wordlist.txt; done
cat subdomains.txt urls.txt endpoints.txt | haklistgen | anew wordlist.txt;
This would save subdomains to subdomains.txt
, then save httpx output to urls.txt
, then crawl each url and save the hakrawler output to endpoints.txt
, then fetch every URL in endpoints.txt
and make a wordlist out of it, concatenating all of the wordlists to wordlist.txt
. Then it takes all of the subdomains and urls, and adds words out of the words in those too.
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…