pathgro
takes a brief list of path strings as input and "grows" them into much
larger sets. It is a tool that freely commingles pathname pieces to generate new
omnifarious string mappings. It is designed to maximize attack surface coverage
when testing software components that take pathnames as input; the technique
referred to as dirbusting as implemented by dirb
is a good example of such testing which stands to benefit from path growing abilities.
Such tactics exploit predictable resource location and are sometimes referred to as forced browsing
pathgro
has been coded as a set of GNU Guile modules that are wrapped in a command-line interface script.
General overview of the functionality:
Note that pathgro --Combos 1
and pathgro --Powerset 1
will generate equivalent lists according to their definitions.
- GNU Guile 2.x
- NOTE: you must make sure that you have both of the
guile
andguild
executables installed.
Some Linux distributions (e.g. Debian) provideguild
separately fromguile
, so simply
installing a package namedguile
with APT may not be sufficient.
(Debian providesguild
in a development package entitledguile-2.x-dev
)
- NOTE: you must make sure that you have both of the
- direnv
# π on Linux, install the required GNU Guile binaries
$ sudo apt install guile guile-2.0-dev
# π» on macOS, install Homebrew according to its site at https://brew.sh
# πΊ on Linux, optionally install the Linux version of Homebrew which might maintain a newer version of GNU Guile
$ sudo apt install linuxbrew-wrapper
# π₯ install the GNU Guile package via the default [homebrew/core](https://github.com/Homebrew/homebrew-core "Default formulae for the missing package manager for macOS") tap
$ brew install guile
# π₯οΈ on macOS, you can simply `brew install guile` after installing Homebrew from https://brew.sh
# π» on Linux, you may need to add `~/.linuxbrew/Cellar/guile/2.x.x/bin` to `PATH`
# π clone the source code repository
$ git clone https://github.com/decal/pathgro
# π change working directory to pathgro
$ cd pathgro
# β΅ compile the source using the Makefile
$ make
# βοΈ execute various tests using the Makefile
$ make test
# #οΈβ£ install pathgro using the Makefile
$ make install
# β append the above environment variable settings to the shell initialization file
$ cat ~/.pathgrorc >> ~/.bashrc
# π₯ re-assign path environment variables for Guile and the current shell process
$ . .pathgrorc
# π read the detailed program usage statement and refer to the table underneath the following screenshot
$ pathgro --help
# π
That's it--you're done! Go get 'em tiger! Grow your pathname lists!
Β Β Β CommandΒ LineΒ FlagΒ Β | Description of Grow Level |
---|---|
--Grow 0 , -G0 |
each command-line flag has a 50% chance of being enabled randomly--basename , --dirname , --extname , --filename , --generate , --macos , --saves , --vimswap , --xtdirname |
--Grow 1 , -G1 |
bases, extensions and full file names--basename , --extname , --filename |
--Grow 2 , -G2 |
file extensions as directories and standalone directories--dirname , --xtdirname |
--Grow 3 , -G3 |
bases, extensions, full file names, standalone directories and extensions as directories--basename , --extname , --filename , --dirname , --xtdirname |
--Grow 4 , -G4 |
auto-save and backup file names--macos , --saves |
--Grow 5 , -G5 |
vim swap file names, one-byte base name appendages and extensions--generate , --vimswap |
--Grow 6 , -G6 |
|
--Grow 7 , -G7 |
combinations of folders two levels deep with traversals of same depth--Combos 2 , --Traverse 2 |
--Grow 8 , -G8 |
enable each individual flag while passing the value |
Note that depending upon the command-line invocation's combined option flags, the results may still need to be uniqued by piping the output stream to
sort -u
.
ERROR: no code for module (pathgro main)
Don't forget to run
make install
and. ~/.pathgrorc
before attempting to executepathgro
Lists files and subfolders of a selected local directory
Lists all files and folders in a directory.
wfuzz, SecLists and john -based dirbusting / forceful browsing script intended to be used during web pentest assingments
A program that combines given words.
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
Fetch, install and search wordlist archives from websites and torrent peers.
A small wordlist that can be used for learning.
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Potentially dangerous files
Fetch many paths for many hosts - without killing the hosts
Automated reconnaissance wrapper β TomNomNom's meg on steroids
Web path scanner
Python version of OWASP's DirBuster Application
DirBuster for Node.js
pathgro
is licensed according to version 3 of the GNU Lesser General Public License. See COPYING.txt
for more information.
ERROR: no code for module (pathgro main)