COOK — THE WORDLISTS FRAMEWORK

3 years ago 236
BOOK THIS SPACE FOR AD
ARTICLE AD

Gitesh Sharma

Cook is a powerful tool to simplify wordlist generation, modification, updating, searching, and storing them.

Repo https://github.com/giteshnxtlvl/cook

You can create your unique wordlists,5500+ wordlists sets from different sources,Generate complex words permutations & combinations,Play with URLs,Use pre-defined sets,Encode/decode/hash your payloads,Integrate with other tools, and much more…Moreover, everything is customizable.

Generating Words Permutations

To generate words permutation. I use it to guess files and directories for IIS Short-names(This is the first reason I created cook).

(R)Rules

R1. Columns — Separated by space

R2. Values — Separated by comma

Ranges

Functions

Date can be written in many forms. Create and save your own functions in my.yaml

R3. Param — The user can define his/her params. This means that -dob can be -d, -db, -birth, or anything that you like, irrespective of this, it will work as it is. Params have significant uses, will explain later.

Apply different sets of operations to your wordlists or patterns.

3 ways to use:

-m/-method to apply methods on the final output-mc/-methodcol to apply column-wise.param.methodname apply to any parameter-wise, will example this param thing later.param.md5.b64e apply multiple methods, this will first md5 hash the value and then base64 encode the hashed value.

If you are familiar with methods in programming language then these are the same. And I keep the python’s simple style for these.

Some Uses:

1. Cases

l/lower, u/upper, t/title

2. Leet = 1337

a - 4, b - 6, e - 3, …

3. Basic Auth

Directly fuzz basic authentication. using -m b64e to base64 encode the final output.

4. Md5 hash

Convert values to md5 hash and fuzz directly with any fuzzing tool having pipe input.

5. Multiple methods

Suppose you have data in base64 format, and you need that data in md5 and then base64 format.

In short, we have to do: base64 decode → md5 hash → base64 encode

Here is how you do it.

6. JSON → Filepath → Filebase

In bug bounty, we usually come across JSON files. And we want to extract something from it and use it for something else.

Eg: Shubs’s zip file from his IIS vuln blog, we need filename, nothing else.

We want to extract the path from JSON and need the .zip file name from it.

zip file’s content

7. Smart and Smart Join (Break Naming Conventions)

There are lots of wordlists out there that contain mixed naming conventions.

Similarly in the above example, we extracted filenames from zip_file. And those are raw filenames, which means naming conventions of those will be different and we might need them in one or many particular formats according to our target.

smart → Give us a list of words based on their naming conventions.

smartjoin[case:join] → Separate them and join back with the value supplied. You can also use cases with these, like in the below example case of the final output is camelcase.

ALL METHODS

Cooking depends on Ingredients, those ingredients contain everything including functions, lists, extensions, files, and much more…

Ingredients

Ingredients are the building blocks of COOK. This folder contains the yaml files. There is a total of 5500+ sets.

Ingredients have their own dedicated repository here.

Currently, I will update this repo weekly. And soon I will write a script to daily update the repo. So new wordlists from all different repos will be added to it automatically. You only have to use cook update dbit will update your wordlist sets. Except for my.yaml or any other yaml file that you have created.

Contributions are most welcomes.

Currently Fetched Repos and Wordlists

Assetnote (assetnotes.yaml)Seclist (seclists.yaml)Fuzzdb (fuzzdb.yaml)Bruteforce database (bruteforce-database.yaml)Wordlists from different toolsAnd a few more…

As there are too many sets, there is a high chance of the same keyword(wordlist-name) occurring in different repos. So removing this confusion, yaml-files can have their own prefix.

Like to access set from assetnotes.yaml you have to use the prefix “an-” before any keyword. sec- for seclist and fz- for fuzzdb.

You can check info of your ingredients, using cook -conf

Categories in Yaml Files

Yaml files contain categories and each category has different rules for parsing its value.

It is not necessary that each yaml file must have all categories.

There is a total of 5 categories, files, raw-files, functions, lists, and ports.

1. files:

Save multiple wordlists under the same keyword and COOK will do this. You can call the wordlist set using that keyword.

2. raw-files:

Custom wordlists don’t need a cache, so COOK will use those wordlists as raw. You can also put URLs in raw-files and cook will fetch it every time.

3. functions:

Use functions for different variations of values.

Variations…

4. lists:

Sometimes we have to save few words in the wordlist. And updating them later, so instead of creating multiple small wordlists save them here.

Also, these words might be good to use as grep as well. You can use ck to grep using cook’s sets.

5. ports:

Easily save your fav ports, ports can use ranges like 1–100 will parse 1,2,3,….100

Nmap top 100 and top 1000 are already added.

How to customize?

Add your custom sets in my.yaml. You can also create new yaml files in cook-ingredients.

There are lots of wordlists out there, the famous ones would be seclists, fuzzdb, and commonspeak2 (assetnote) and they frequently update those wordlists or add new ones. And there are lots of wordlists that are not in these repos may be due to the license or nobody updated them there.

You probably think you don’t need these sets or using these many wordlists is pointless. But it isn’t if you use it wisely. For example, there is not a single JWT secret wordlist out there in seclist or fuzzdb? Now EITHER you can google it and save it for use later(obviously if able to recall that) and maybe update it(probably not) OR you can just cook search jwt and use the wordlistcook jwt_secrets . And update all your previously fetched wordlist using thiscook update cache. And also updating the database with latest wordlist cook update db.

[Upcoming Feature] Soon I will create a feature to clean wordlists. Eg: cook clean [keyword] -rext png,css , once you run it will clean the wordlist and save the settings for later, so after every update, it will automatically clean that wordlist.

Append Flag [-append flag]

Appending one file to another line by line.

TODO f1[0]/f2[0], f1[1]/f2[1], f1[2]/f2[2], …

Minimum Flag [-min flag]

Minimum number of columns to print -min <columns>

[-col flag]

Print the columns with their indexes. While creating patterns we might get confused about columns index numbers.

Also releasing some of my utility scripts to increase productivity. Enjoy!~

Repo: https://github.com/giteshnxtlvl/life-hacks-scripts

A simple python script to take pipe input and copy line by line to clipboard.

Easy Github & Shodan Dorking

You can use any dork list that you like.

Now paste in Github’s search bar or you can directly generate URLs like Gitdorker. You can do the same for shodan dorks.

Paste wordlist easily in burp

You can just copy and paste any wordlist in burp. Without going through browse > selecting folder > select file. This process becomes irritated when we have to change folders back and forth to select wordlists.

cpycat -a This flags copy everything instead of line by line.

A simple python script to take pipe input and run the command. Mainly useful to run single-threaded tools in multiple threads.

Multi-thread any single-thread tool

There are lots of single-threaded tools and scripts. And you can't rely on modifying them yourself to make them multi-threaded.

COOK helps to create commands that we want to generate.

Example: waybackrobots.py by mhmdiaa

This script fetches all the URLs from all robots.txt found on wayback machine. wbrobots domain.com wbrobots is alias for script.

Multiple domain list with multithreading

This will make this script multi-thread. btw Mind the API.

Automating using cook & runcat [windows users]

As I use only windows for hacking. I automate my workflow by saving commands in cook’s functions and use runcat for running the commands. I barely use WSL.

Might be useful to use any set as grep…

pipe input | ck [keyword]

Fetch open redirect URLs cat urls.txt | ck or, or is the keyword for open redirect.

Read Entire Article