Wordlist is a Ruby library and CLI for reading, combining, mutating, and building wordlists, efficiently.
.txt wordlists, and .gz, .bz2, .xz, .zip, and .7z
compressed wordlists..gz, .bz2,
.xz, .zip, and .7z compression.wordlist command.Open a wordlist for reading:
wordlist = Wordlist.open("passwords.txt")
Open a compressed wordlist for reading:
wordlist = Wordlist.open("rockyou.txt.gz")
Enumerate through a wordlist:
wordlist.each do |word|
puts word
end
Create an in-memory list of literal words:
words = Wordlist::Words["foo", "bar", "baz"]
Concat two wordlists together:
(wordlist1 + wordlist2).each do |word|
puts word
end
Union two wordlists together:
(wordlist1 | wordlist2).each do |word|
puts word
end
Subtract one wordlist from the other:
(wordlist1 - wordlist2).each do |word|
puts word
end
Combine every word from wordlist1 with the words from wordlist2:
(wordlist1 * wordlist2).each do |word|
puts word
end
Combine the wordlist with itself multiple times:
(wordslist ** 3).each do |word|
puts word
end
Filter out duplicates from multiple wordlists:
(wordlist1 + wordlist2 + wordlist3).uniq.each do |word|
puts word
end
Convert every word in a wordlist to lowercase:
wordlist.downcase.each do |word|
puts word
end
Convert every word in a wordlist to UPPERCASE:
wordlist.upcase.each do |word|
puts word
end
Capitalize every word in a wordlist:
wordlist.capitalize.each do |word|
puts word
end
Run String#tr on every word in a wordlist:
wordlist.tr('_','-').each do |word|
puts word
end
Run String#sub on every word in a wordlist:
wordlist.sub("fish","phish").each do |word|
puts word
end
Run String#gsub on every word in a wordlist:
wordlist.gsub(/\d+/,"").each do |word|
puts word
end
Performs every possible mutation of each word in a wordlist:
wordlist.mutate(/[oae]/, {'o' => '0', 'a' => '@', 'e' => '3'}).each do |word|
puts word
end
# dog
# d0g
# firefox
# fir3fox
# firef0x
# fir3f0x
# ...
Enumerates over every possible case variation of every word in a wordlist:
wordlist.mutate_case.each do |word|
puts word
end
# cat
# Cat
# cAt
# caT
# CAt
# CaT
# cAT
# CAT
# ...
Wordlist::Builder.open('path/to/file.txt.gz') do |builder|
# ...
end
Add individual words:
builder.add(word)
Adding an Array of words:
builder.append(words)
Parsing text:
builder.parse(text)
Parsing a file's content:
builder.parse_file(path)
zcat/gzip (for reading/writing .gz wordlists)bzcat/bzip2 (for reading/writing .bz2 wordlists)xzcat/xz (for reading/writing .xz wordlists)unzip/zip (for reading/writing .zip wordlists)7za (for reading/writing .7z wordlists)$ gem install wordlist
gem.add_dependency 'wordlist', '~> 1.0'
gem 'wordlist', '~> 1.0'
usage: wordlist { [options] WORDLIST ... | --build WORDLIST [FILE ...] }
Wordlist Reading Options:
-f {txt|gzip|bz2|xz|zip|7zip}, Sets the desired wordlist format
--format
--exec COMMAND Runs the command with each word from the wordlist.
The string "{}" will be replaced with each word.
Wordlist Operations:
-U, --union WORDLIST Unions the wordlist with the other WORDLIST
-I, --intersect WORDLIST Intersects the wordlist with the other WORDLIST
-S, --subtract WORDLIST Subtracts the words from the WORDLIST
-p, --product WORDLIST Combines every word with the other words from WORDLIST
-P, --power NUM Combines every word with the other words from WORDLIST
-u, --unique Filters out duplicate words
Wordlist Modifiers:
-C, --capitalize Capitalize each word
--uppercase, --upcase Converts each word to UPPERCASE
--lowercase, --downcase Converts each word to lowercase
-t, --tr CHARS:REPLACE Translates the characters of each word
-s, --sub PATTERN:SUB Replaces PATTERN with SUB in each word
-g, --gsub PATTERN:SUB Replaces all PATTERNs with SUB in each word
-m, --mutate PATTERN:SUB Performs every possible substitution on each word
-M, --mutate-case Switches the case of each letter in each word
Wordlist Building Options:
-b, --build WORDLIST Builds a wordlist
-a, --[no-]append Appends to the new wordlist instead of overwriting it
-L, --lang LANG The language to expect
--stop-words WORDS... Ignores the stop words
--ignore-words WORDS... Ignore the words
--[no-]digits Allow digits in the middle of words
--special-chars CHARS Allows the given special characters inside of words
--[no-]numbers Parses whole numbers in addition to words
--[no-]acronyms Parses acronyms in addition to words
--[no-]normalize-case Converts all words to lowercase
--[no-]normalize-apostrophes Removes "'s" from words
--[no-]normalize-acronyms Removes the dots from acronyms
General Options:
-V, --version Print the version
-h, --help Print the help output
Examples:
wordlist rockyou.txt.gz
wordlist passwords_short.txt passwords_long.txt
wordlist sport_teams.txt -p beers.txt -p digits.txt
cat *.txt | wordlist --build custom.txt
Reading a wordlist:
$ wordlist rockyou.txt.gz
Reading multiple wordlists:
$ wordlist sport_teams.txt beers.txt
Combining every word from one wordlist with another:
$ wordlist sport_teams.txt -p beers.txt -p all_four_digits.txt
coors0000
coors0001
coors0002
coors0003
...
Combining every word from one wordlist with itself, N times:
$ wordlist words.txt -P 3
Mutating every word in a wordlist:
$ wordlist passwords.txt -m o:0 -m e:3 -m a:@
dog
d0g
firefox
fir3fox
firef0x
fir3f0x
...
Executing a command on each word in the wordlist:
$ wordlist directories.txt --exec "curl -X POST -F 'user=joe&password={}' -o /dev/null -w '%{http_code} {}' https://$TARGET/login"
Building a wordlist from a directory of .txt files:
$ wordlist --build wordlist.txt dir/*.txt
Building a wordlist from STDIN:
$ cat *.txt | wordlist --build wordlist.txt
user system total real
Wordlist::Builder#parse_text (size=5.4M) 1.943605 0.003809 1.947414 ( 1.955960)
Wordlist::File#each (N=1000) 0.000544 0.000000 0.000544 ( 0.000559)
Wordlist::File#concat (N=1000) 0.001143 0.000000 0.001143 ( 0.001153)
Wordlist::File#subtract (N=1000) 0.001360 0.000000 0.001360 ( 0.001375)
Wordlist::File#product (N=1000) 0.536518 0.005959 0.542477 ( 0.545536)
Wordlist::File#power (N=1000) 0.000015 0.000001 0.000016 ( 0.000014)
Wordlist::File#intersect (N=1000) 0.001389 0.000000 0.001389 ( 0.001407)
Wordlist::File#union (N=1000) 0.001310 0.000000 0.001310 ( 0.001317)
Wordlist::File#uniq (N=1000) 0.000941 0.000000 0.000941 ( 0.000948)
Wordlist::File#tr (N=1000) 0.000725 0.000000 0.000725 ( 0.000736)
Wordlist::File#sub (N=1000) 0.000863 0.000000 0.000863 ( 0.000870)
Wordlist::File#gsub (N=1000) 0.001240 0.000000 0.001240 ( 0.001249)
Wordlist::File#capittalize (N=1000) 0.000821 0.000000 0.000821 ( 0.000828)
Wordlist::File#upcase (N=1000) 0.000760 0.000000 0.000760 ( 0.000769)
Wordlist::File#downcase (N=1000) 0.000544 0.000001 0.000545 ( 0.000545)
Wordlist::File#mutate (N=1000) 0.004656 0.000000 0.004656 ( 0.004692)
Wordlist::File#mutate_case (N=1000) 24.178521 0.000000 24.178521 ( 24.294962)
Copyright (c) 2009-2023 Hal Brodigan
See {file:LICENSE.txt} for details.
FAQs
Unknown package
We found that wordlist demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.