Login
SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names.
FreshRSS ?file=../../../../../../../../home/user/.ssh/id_rsa
?file=../../../../../../../../home/user/.ssh/id_rsa-cert
This repository contains a collection of wordlists to aid in locating or brute-forcing SSH private key file names. These wordlists can be useful for penetration testers, security researchers, and anyone else interested in assessing the security of SSH configurations.
These wordlists can be used with tools such as Burp Intruder, Hydra, custom python scripts, or any other bruteforcing tool that supports custom wordlists. They can help expand the scope of your brute-forcing or enumeration efforts when targeting SSH private key files.
This wordlist repository was inspired by John Hammond in his vlog "Don't Forget This One Hacking Trick."
Please use these wordlists responsibly and only on systems you are authorized to test. Unauthorized use is illegal.
WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks.
git clone https://github.com/OsmanKandemir/web-wordlist-generator.git
cd web-wordlist-generator && pip3 install -r requirements.txt
python3 generator.py -d target-web.com
You can run this application on a container after build a Dockerfile.
docker build -t webwordlistgenerator .
docker run webwordlistgenerator -d target-web.com -o
You can run this application on a container after pulling from DockerHub.
docker pull osmankandemir/webwordlistgenerator:v1.0
docker run osmankandemir/webwordlistgenerator:v1.0 -d target-web.com -o
-d DOMAINS [DOMAINS], --domains DOMAINS [DOMAINS] Input Multi or Single Targets. --domains target-web1.com target-web2.com
-p PROXY, --proxy PROXY Use HTTP proxy. --proxy 0.0.0.0:8080
-a AGENT, --agent AGENT Use agent. --agent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'
-o PRINT, --print PRINT Use Print outputs on terminal screen.
secbutler is a utility tool made for pentesters, bug-bounty hunters and security researchers that contains all the most used and tedious stuff commonly used while performing cybersecurity activities (like installing sec-related tools, retrieving commands for revshells, serving common payloads, obtaining a working proxy, managing wordlists and so forth).
The goal is to obtain a tool that meets the requirements of the community, therefore suggestions and PRs are very welcome!
secbutler -h
This will display the help for the tool
__ __ __
________ _____/ /_ __ __/ /_/ /__ _____
/ ___/ _ \/ ___/ __ \/ / / / __/ / _ \/ ___/
(__ ) __/ /__/ /_/ / /_/ / /_/ / __/ /
/____/\___/\___/_.___/\__,_/\__/_/\___/_/
v0.1.9 - https://github.com/groundsec/secbutler
Essential utilities for pentester, bug-bounty hunters and security researchers
Usage:
secbutler [flags]
secbutler [command]
Available Commands:
cheatsheet Read common cheatsheets & payloads
help Help about any command
listener Obtain the command to start a reverse shell listener
payloads Obtain and serve common payloads
proxy Obtain a random proxy from FreeProxy
revshell Obtain the command for a reverse shell
tools Generate a install script for the most common cybersecurity tools
version Print the current version
wordlists Generate a download script for the most common wordlists
Flags:
-h, --help help for secbutler
Use "secbutler [command] --help" for more information about a command.
Run the following command to install the latest version:
go install github.com/groundsec/secbutler@latest
Or you can simply grab an executable from the Releases page.
secbutler is made with π€ by the GroundSec team and released under the MIT LICENSE.
Online tool: https://weakpass.com/generate/domains
During bug bounties, penetrations tests, red teams exercises, and other great activities, there is always a room when you need to launch amass, subfinder, sublister, or any other tool to find subdomains you can use to break through - like test.google.com, dev.admin.paypal.com or staging.ceo.twitter.com. Within this repository, you will be able to find out the answers to the following questions:
And, of course, wordlists for all of the questions above!
As sources, I used lists of subdomains from public bugbounty programs, that were collected by chaos.projectdiscovery.io, bounty-targets-data or that just had responsible disclosure programs with a total number of 4095 domains! If subdomains appear more than in 5-10 different scopes, they will be put in a certain list. For example, if dev.stg appears both in *.google.com and *.twitter.com, it will have a frequency of 2. It does not matter how often dev.stg appears in *.google.com. That's all - nothing more, nothing less< /strong>.
You can find complete list of sources here
In these lists you will find most popular subdomains as is.
| Name | Words count | Size |
|---|---|---|
| subdomains.txt.gz | 21901389 | 501MB |
| subdomains_top100.txt | 100 | 706B |
| subdomains_top1000.txt | 1000 | 7.2KB |
| subdomains_top10000.txt | 10000 | 70KB |
In these lists, you will find the most popular words from subdomains split by levels. F.E - dev.stg subdomain will be split into two words dev and stg. dev will have level = 2, stg - level = 1. You can use these wordlists for combinatory attacks for subdomain searches. There are several types of level.txt wordlists that follow the idea of subdomains.
| Name | Words count | Size |
|---|---|---|
| level_1.txt.gz | 8096054 | 153MB |
| level_2.txt.gz | 7556074 | 106MB |
| level_3.txt.gz | 1490999 | 18MB |
| level_4.txt.gz | 205969 | 3.2MB |
| level_5.txt.gz | 71716 | 849KB |
| level_1_top100.txt | 100 | 633B |
| level_1_top1000.txt | 1000 | 6.6K |
| level_2_top100.txt | 100 | 550B |
| level_2_top1000.txt | 1000 | 5.6KB |
| level_3_top100.txt | 100 | 531B |
| level_3_top1000.txt | 1000 | 5.1KB |
| level_4_top100.txt | 100 | 525B |
| level_4_top1000.txt | 1000 | 5.0KB |
| level_5_top100.txt | 100 | 449B |
| level_5_top1000.txt | 1000 | 5.0KB |
In these lists, you will find the most popular splitted words from subdomains on all levels. For example - dev.stg subdomain will be splitted in two words dev and stg.
| Name | Words count | Size |
|---|---|---|
| words.txt.gz | 17229401 | 278MB |
| words_top100.txt | 100 | 597B |
| words_top1000.txt | 1000 | 5.5KB |
| words_top10000.txt | 10000 | 62KB |
You can download all the files from Google Drive
Arsenal is a Simple shell script (Bash) used to install the most important tools and requirements for your environment and save time in installing all these tools.
| Name | description |
|---|---|
| Amass | The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques |
| ffuf | A fast web fuzzer written in Go |
| dnsX | Fast and multi-purpose DNS toolkit allow to run multiple DNS queries |
| meg | meg is a tool for fetching lots of URLs but still being 'nice' to servers |
| gf | A wrapper around grep to avoid typing common patterns |
| XnLinkFinder | This is a tool used to discover endpoints crawling a target |
| httpX | httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads |
| Gobuster | Gobuster is a tool used to brute-force (DNS,Open Amazon S3 buckets,Web Content) |
| Nuclei | Nuclei tool is Golang Language-based tool used to send requests across multiple targets based on nuclei templates leading to zero false positive or irrelevant results and provides fast scanning on various host |
| Subfinder | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well |
| Naabu | Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply |
| assetfinder | Find domains and subdomains potentially related to a given domain |
| httprobe | Take a list of domains and probe for working http and https servers |
| knockpy | Knockpy is a python3 tool designed to quickly enumerate subdomains on a target domain through dictionary attack |
| waybackurl | fetch known URLs from the Wayback Machine for *.domain and output them on stdout |
| Logsensor | A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning |
| Subzy | Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz |
| Xss-strike | Advanced XSS Detection Suite |
| Altdns | Subdomain discovery through alterations and permutations |
| Nosqlmap | NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database |
| ParamSpider | Parameter miner for humans |
| GoSpider | GoSpider - Fast web spider written in Go |
| eyewitness | EyeWitness is a Python tool written by @CptJesus and @christruncer. Itβs goal is to help you efficiently assess what assets of your target to look into first. |
| CRLFuzz | A fast tool to scan CRLF vulnerability written in Go |
| DontGO403 | dontgo403 is a tool to bypass 40X errors |
| Chameleon | Chameleon provides better content discovery by using wappalyzer's set of technology fingerprints alongside custom wordlists tailored to each detected technologies |
| uncover | uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools |
| wpscan | WordPress Security Scanner |
sudo apt-get remove -y golang-go
sudo rm -rf /usr/local/go
wget https://go.dev/dl/go1.19.1.linux-amd64.tar.gz
sudo tar -xvf go1.19.1.linux-amd64.tar.gz
sudo mv go /usr/local
nano /etc/profile or .profile
export GOPATH=$HOME/go
export PATH=$PATH:/usr/local/go/bin
export PATH=$PATH:$GOPATH/bin
source /etc/profile #to update you shell dont worry
git clone https://github.com/Micro0x00/Arsenal.git
cd Arsenal
sudo chmod +x Arsenal.sh
sudo ./Arsenal.sh
