Custom Wordlist Generator Module #1142
Replies: 3 comments 1 reply
-
|
Hi, so we actually are doing this already. There is an option in the paramminer modules There might be some room to improve the "scraping" process, but I know its had some decent success in identifying some obscure parameters which are not in the default list. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you so much Paul for this great info, I didn't know this 🙏 |
Beta Was this translation helpful? Give feedback.
-
|
Hey @liquidsec : )
Is there any way, we can get the list of those dynamic wordlist? I want to compare with other tools, but I don't have any idea how to do this, as those words are not being saved somewhere. |
Beta Was this translation helpful? Give feedback.
-
|
Sorry for the delay @amiremami , @liquidsec has been busy with engagements so he hasn't had a lot of coding time. Right now the wordlist is not being saved, but I agree that would be a good feature to have. Can you create an issue for it and I'll assign it to @liquidsec for when he has time. |
Beta Was this translation helpful? Give feedback.
-
Right now bbot is using paramminer module. Paramminer uses default wordlist or we can choose which wordlist to give in configuration. The point is it's really better that we create a target based wordlist, not only a general wordlist, especially for something like xss and x8.
I think there can be a module for bbot for generating custom wordlist while crawling the site. So, crawler also extracts the values and generate a wordlist.txt , then appends this to default wordlist for vulnerability checkers modules.
from https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf
I know these two that do this, second one is for burp though:
https://github.com/ImAyrix/fallparams
https://github.com/xnl-h4ck3r/GAP-Burp-Extension
I wrote this for brainstorming and future references.
Beta Was this translation helpful? Give feedback.
All reactions