Pathgro
:seedling: combinatoric pathname wordlist expansion--it's like Miracle-Gro(tm) for your dirbusting technique!
Install / Use
/learn @decal/PathgroREADME
Introduction
pathgro takes a brief list of path strings as input and "grows" them into much
larger sets. It is a tool that freely commingles pathname pieces to generate new
omnifarious string mappings. It is designed to maximize attack surface coverage
when testing software components that take pathnames as input; the technique
referred to as dirbusting as implemented by dirb
is a good example of such testing which stands to benefit from path growing abilities.
Such tactics exploit predictable resource location and are sometimes referred to as forced browsing
pathgro has been coded as a set of GNU Guile modules that are wrapped in a command-line interface script.
Examples
General overview of the functionality:
Note that pathgro --Combos 1 and pathgro --Powerset 1 will generate equivalent lists according to their definitions.
Dependencies
Requirement
- GNU Guile 2.x
- NOTE: you must make sure that you have both of the
guileandguildexecutables installed.
Some Linux distributions (e.g. Debian) provideguildseparately fromguile, so simply
installing a package namedguilewith APT may not be sufficient.
(Debian providesguildin a development package entitledguile-2.x-dev)
- NOTE: you must make sure that you have both of the
Optional
- direnv
Installation
# 🚊 on Linux, install the required GNU Guile binaries
$ sudo apt install guile guile-2.0-dev
# 🍻 on macOS, install Homebrew according to its site at https://brew.sh
# 🍺 on Linux, optionally install the Linux version of Homebrew which might maintain a newer version of GNU Guile
$ sudo apt install linuxbrew-wrapper
# 🥂 install the GNU Guile package via the default [homebrew/core](https://github.com/Homebrew/homebrew-core "Default formulae for the missing package manager for macOS") tap
$ brew install guile
# 🖥️ on macOS, you can simply `brew install guile` after installing Homebrew from https://brew.sh
# 💻 on Linux, you may need to add `~/.linuxbrew/Cellar/guile/2.x.x/bin` to `PATH`
# 🌀 clone the source code repository
$ git clone https://github.com/decal/pathgro
# 📁 change working directory to pathgro
$ cd pathgro
# ⛵ compile the source using the Makefile
$ make
# ✈️ execute various tests using the Makefile
$ make test
# #️⃣ install pathgro using the Makefile
$ make install
# ⚓ append the above environment variable settings to the shell initialization file
$ cat ~/.pathgrorc >> ~/.bashrc
# 🥚 re-assign path environment variables for Guile and the current shell process
$ . .pathgrorc
# 📗 read the detailed program usage statement and refer to the table underneath the following screenshot
$ pathgro --help
# 🐅 That's it--you're done! Go get 'em tiger! Grow your pathname lists!
Usage
<img height="80%" width="80%" src="https://raw.githubusercontent.com/decal/pathgro/master/assets/pathgro-usage.png" name="pathgro-usage" id="usage-image" alt="[ PathGro Tool Usage Summary ]" title="PathGro Command Line Options" crossorigin="anonymous" integrity="sha512-s7kpnmVa9y542pl1a2BZZhU524sWBx9KdgUTFud9Ld10oDxb/h30/v8HF0wj3OIKsx+7Oq771/ayOSF1sZ2ZAw==" />| Command Line Flag | Description of Grow Level
|:-------------------------------------------|-----------------------------------------------------------------------
| --Grow 0, -G0 | <br /><details><summary>each command-line flag has a 50% chance of being enabled randomly</summary><br />--basename, --dirname, --extname, --filename, --generate, --macos, --saves, --vimswap, --xtdirname</details><br />
| --Grow 1, -G1 | <br /><details><summary>bases, extensions and full file names</summary><br />--basename, --extname, --filename</details><br />
| --Grow 2, -G2 | <br /><details><summary>file extensions as directories and standalone directories</summary><br />--dirname, --xtdirname</details><br />
| --Grow 3, -G3 | <br /><details><summary>bases, extensions, full file names, standalone directories and extensions as directories</summary><br />--basename, --extname, --filename, --dirname, --xtdirname</details><br />
| --Grow 4, -G4 | <br /><details><summary>auto-save and backup file names</summary><br />--macos, --saves</details><br />
| --Grow 5, -G5 | <br /><details><summary>vim swap file names, one-byte base name appendages and extensions</summary><br />--generate, --vimswap</details><br />
| --Grow 6, -G6 | <br /><details><summary>-G4 and -G5 togther</summary><br />--macos, --saves, --generate, --vimswap</details><br />
| --Grow 7, -G7 | <br /><details><summary>combinations of folders two levels deep with traversals of same depth</summary><br />--Combos 2, --Traverse 2</details><br />
| --Grow 8, -G8 | <br /><details><summary>enable each individual flag while passing the value 1 to each set operation</summary><br />--basename, --extname, --filename, --dirname, --xtdirname, --macos, --saves, --generate, --vimswap, --Combos, --Powerset, --Traverse</summary> --basename, --extname, --filename, --dirname, --xtdirname, --macos, --saves, --generate, --vimswap, --Combos, --Powerset, --Traverse</details><br />
<br />Note that depending upon the command-line invocation's combined option flags, the results may still need to be uniqued by piping the output stream to
sort -u.
<br />
Errors
ERROR: no code for module (pathgro main)
Don't forget to run
make installand. ~/.pathgrorcbefore attempting to executepathgro
<br />
Related
<br />Utilities
Lists files and subfolders of a selected local directory
<br />Lists all files and folders in a directory.
<br />
Listers
wfuzz, SecLists and john -based dirbusting / forceful browsing script intended to be used during web pentest assingments
A program that combines given words.
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
Fetch, install and search wordlist archives from websites and torrent peers.
- [imkzh / webwordlist](https://gith
