When you are conducting Pentesting or Bug Bounty Hunting and you are ready to fuzz, instead of always using Seclists or PayloadsAllTheThings, in real-world scenarios, sometimes you need to generate custom wordlists that reflect the business you are targeting, or a specific password policy that most likely is used in various login mechanisms.
Step 1: Character Set Creation
Begin by generating a character set that includes uppercase letters, lowercase letters, numbers, and common symbols. The character set should have a fixed length of 16 characters (Set minimum and maximum length ranges to generate wordlists). Save this set in a file named "charset.txt". The reason we do this, is we are trying to simulate real password policies commonly used on several authentication mechanisms, making it more targeted and enhancing the rate of finding.
Step 2: Real-Time Monitoring
To keep track of the ongoing generation process, use the command 'tail -f' followed by the filename ("charset.txt"). This command enables you to monitor the file's real-time updates, giving you insight into the current status of the wordlist generation.
Step 3: System Resource Monitoring
Use a monitoring tool like bpytop to observe and manage the system's resource usage. This tool offers detailed and graphical displays of real-time system statistics, including CPU, memory, disk, and network usage. Monitoring these parameters is crucial to ensure the process runs smoothly without overburdening your system.
Keep in Mind: Disk Space Management
Before starting the wordlist generation, assess the minimum required free disk space. This precaution is necessary to ensure the smooth generation of the wordlist without overwhelming your storage capacity. To prevent interruptions or data loss during the creation of wordlists, enough disk space is essential.
01-20-2025, 05:29 PM
Linear Mode
