An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.
Frustration killer! & Customizable!
- Installation
- Basic
- COOK's Ingredients
- Methods
- Some Usecases Examples
- ULTIMATE USAGE
- Repeat Operator
*
and**
- Parsing Rules
- Flags
- Use as library
- Share your recipies/ingredients in cook-ingredients
- Contribute
Use Go or download latest builds
go install -v github.com/glitchedgitz/cook/v2/cmd/cook@latest
From version v2.2
cook save cook-ingredients at $home/.config/cook/cook-ingredients
To change create a path variable name
COOK=[YOUR PATH]
Without basics, everything is complex.
Name them anything and use them to generate the pattern. This will be more useful when you apply encoding column-wise using methods.
cook -start intigriti,bugcrowd -sep _,- -end users.rar,secret.zip / start sep end
Note: you must include parameter in the pattern, otherwise it will not print anything.
Cook depends on cook-ingredients, which are .yaml
files collections of wordsets, functions, ports, wordlists from assetnotes, seclist, fuzzdb, 15+
etc.
Category | Description |
---|---|
lists |
Array of values to directly use when called out |
files |
Array of urls |
ports |
Ranges of numbers |
raw-files |
Array of local files |
functions |
Functions are used to generate patterns |
cook -dob date[17,Sep,1994] elliot _,-, dob
Edit my.yaml
manually or use these commands.
If keyword
doesn't exist it will create it. Otherwise it will update it and add the new value in the same variable.
# Syntax
cook add [keyword]=[value1, value2, ..., valueN] in [category]
# Command
cook add unique_name=word1,word2,word3 in lists
cook delete [keyword]
use :
after param name.
cook -f: live.txt f
cook -f: https://example.com/wordlist.txt f
Cook has fetched multiple repositories and can directly use wordlist from these repos...
assetnotes, seclist, fuzzdb, etc.
Using methods you can encode, decode, reverse, split, sort, extract and can do much more...
Methods can be applied on final output or column-wise
-m/-method
to apply methods on the final output-mc/-methodcol
to apply column-wise.param.methodname
apply to any parameter-wise, will example this param thing later.
- Overlapping Encodings:
- Use dot
.
md5.b64e.urle
apply multiple methods one by one.- Output Logic:
Generated Pattern
>md5 hashing
>base 64 encoding
>URL Encoding
.
- Use dot
- Different Encodings:
- Use comma
,
md5,sha1,sha256
apply different encoding to the same generated pattern.- Output Logic:
Generated Pattern
>md5 hashing
Generated Pattern
>sha1 hashing
Generated Pattern
>sha256 hashing
- Use comma
Special focus on these 2 methods, these will be great help everytime you use any wordlist.
▶ cook adminNew,admin_new -m smart
Output:
admin
New
admin
new
It breaks and join back with the supplied character.
▶ cook adminNew,admin-old -m smartjoin[:_]
Output:
admin_New
admin_old
Apply Cases over separated
Here we applied camlecase
▶ cook suppose_this_is_long_text -m smartjoin[c:_]
Output:
suppose_This_Is_Long_Text
sort - Sort them
sortu - Sort them with unique values only
reverse - Reverse string
leet - a->4, b->8, e->3 ...
leet[0] or leet[1]
smart - Separate words with naming convensions
redirectUri, redirect_uri, redirect-uri -> [redirect, uri]
smartjoin - This will split the words from naming convensions &
param.smartjoin[c,_] (case, join)
redirect-uri, redirectUri, redirect_uri -> redirect_Uri
u upper - Uppercase
l lower - Lowercase
t title - Titlecase
split - split[char]
splitindex - splitindex[char:index]
replace - Replace All replace[this:tothis]
json - Extract JSON field
json[key] or json[key:subkey:sub-subkey]
fb filebase - Extract filename from path or url
s scheme - Extract http, https, gohper, ws, etc. from URL
user - Extract username from url
pass - Extract password from url
h host - Extract host from url
p port - Extract port from url
ph path - Extract path from url
f fragment - Extract fragment from url
q query - Extract whole query from url
k keys - Extract keys from url
v values - Extract values from url
d domain - Extract domain from url
tld - Extract tld from url
alldir - Extract all dirrectories from url's path
sub subdomain - Extract subdomain from url
allsubs - Extract subdomain from url
b64e b64encode - Base64 encode
b64d b64decode - Base64 decode
charcode - Give charcode encoding
- charcode[0]
abc
- charcode[1] with semicolon
abc
hexe hexencode - Hex string encode
hexd hexdecode - Hex string decode
jsone jsonescape - JSON escape
jsonu jsonunescape - JSON unescape
urle urlencode - URL encode reserved characters
utf16 - UTF-16 encoder (Little Endian)
utf16be - UTF-16 encoder (Big Endian)
urld urldecode - URL decode
urleall urlencodeall - URL encode all characters
xmle xmlescape - XML escape
xmlu xmlunescape - XML unescape
unicodee unicodeencodeall - Unicode escape string encode (all characters)
unicoded unicodedecode - Unicode escape string decode
md5 - MD5 sum
sha1 - SHA1 checksum
sha224 - SHA224 checksum
sha256 - SHA256 checksum
sha384 - SHA384 checksum
sha512 - SHA512 checksum
Some general usecases to grasp understanding of cook.
Use -append
flag:
cook -l: live.txt -p: payloads.txt l / p -append 2
# Multiple columns
cook col1 col2 col3 col4 col5 -append 2,5
Note: Sometime is confusing to find index of column, then use -col
If you want to start printing data for each permuation, then use -min
flag
Note: Sometime is confusing to find index of column, then use -col
Generate pattern and combine with other tools using PIPE.
cook [Generated Pattern] | [Any tool with pipe input]
▸ Basic Auth Fuzzing with FFUF
cook usernames_list : passwords_list -m b64e | ffuf -u https://target.com -w - -H "Authorization: Basic FUZZ"
cook https://target.com/**100 | ffuf -u FUZZ -w -
▸ Hidden Parameters with x8
cook [generated output] | x8 -u https://target.com
cook example.com seclists-tlds.txt | dnsx -v
Too overpower? But everyday you came accross weird BB stuff, like a big json file from target? May be you want to extract, join, merge or whatever. You can use cook smartly as per your usecase.
As BBH, we came arross JSON file often. YOu may be you read find wordlist to save in your collection.
Let's say you read this blog about IIS Shortname Vulnerabilities https://blog.assetnote.io/2020/09/18/finding-hidden-files-folders-iis-bigquery/.
Here Assetnote shared BIG ZIP FILE, Now you need something that can save this file and you can recall it when you need.
Save it like this..., this will save file in my.yaml
cook add shub_zip_files=[URL] in files
Or manually save in my.yaml
,
shub_zip_files : [https://storage.googleapis.com/zipfilesbq/zipfiles.json]
Note: cook already saved it in default wordlists, you can use
cook shub_zip_files
to access it
▸ File contains data like this, but this isn't directly useful.
{"repo_name":"cocowool/RoseCMS","ref":"refs/heads/1","path":"user_guide/_downloads/ELDocs.tmbundle.zip","mode":"33261","id":"f7a11b364ca918379b48ad525798148e7470b6b1"}
{"repo_name":"xuguanfeng/practise","ref":"refs/heads/1","path":"node_modules/selenium-webdriver/node_modules/adm-zip/test/assets/fast.zip","mode":"33188","id":"f4ed17b98c9d7bcd21efc4523ce75fbe2b071d0a"}
{"repo_name":"xuguanfeng/practise","ref":"refs/heads/1","path":"node_modules/selenium-webdriver/node_modules/adm-zip/test/assets/store.zip","mode":"33188","id":"e2add30dc0e3129dc89e20a71abe7314052d0002"}
{"repo_name":"xuguanfeng/practise","ref":"refs/heads/1","path":"node_modules/selenium-webdriver/node_modules/adm-zip/test/assets/ultra.zip","mode":"33188","id":"86a8ec776107c075ce2c7f803472aa97dc25cbf7"}
{"repo_name":"xuguanfeng/practise","ref":"refs/heads/1","path":"node_modules/selenium-webdriver/node_modules/adm-zip/test/assets/normal.zip","mode":"33188","id":"b4602c94ee000ee54c71c9302b9db956b3fd9f0e"}
{"repo_name":"xuguanfeng/practise","ref":"refs/heads/1","path":"node_modules/selenium-webdriver/node_modules/adm-zip/test/assets/fastest.zip","mode":"33188","id":"f4ed17b98c9d7bcd21efc4523ce75fbe2b071d0a"}
{"repo_name":"xuguanfeng/practise","ref":"refs/heads/1","path":"node_modules/selenium-webdriver/node_modules/adm-zip/test/assets/maximum.zip","mode":"33188","id":"86a8ec776107c075ce2c7f803472aa97dc25cbf7"}
...
Let say you need to:
▸ Extract json field path
▸ extract filebase
from path
▸ then spliting it based on naming conventions
▸ With cook not just we can extract it, we can extract filebase from path and sort unique, then use smartjoin to create diff permuataions.
cook -z shub_zip_files z.json[path].fb.sortu.smartjoin[c:_]
And this is also how cook was born, while fuzzing IIS Shortnames and later on I added other features.
- Use
*
for horizontal repeating. - Use
**
for vertical repeating. - And try this
*10-1
or this*1-10
.
Columns | Separated by space |
Values | Separated by comma |
Params | You can give param any name, use - before anything to make it param -param value |
Raw Strings | Use ` before and after the string to stop cook's parsing. Useful when you need to use any keyword as a word. |
Pipe Input | Take pipe input using - as value of any param. |
File Input | Use : after param name to take file input. cook -f: live.txt f |
Functions | Can be called using params only. |
Methods | Can be used on params or on final output |
Flag | Usage |
---|---|
-peek | Peek the output using -peek 50 for first 50 lines |
-a, -append | Append to the previous lines, instead of permutations |
-c, -col | Print column numbers and there values |
-conf, -config | Config Information |
-mc, -methodcol | Apply methods column wise -mc 0:md5,b64e; 1:reverse To all cols separate -mc md5,b64e |
-m, -method | Apply methods to final output |
-h, -help | Help |
-min | Minimum no of columns to print |
COOK := New(&COOK{
Pattern: "1-10 .example.com",
})
COOK.Generate()
fmt.Printf("Generated list: %v", COOK.Final)
Search the cook-ingredients using library
COOK := NewWithoutConfig()
results := COOK.Search("api")
fmt.Printf("Searched: %v", results)
Share your recipies and ingredients in cook-ingredients
- Share your yaml file with community
- Use concurrency and make it faster
- Autocomplete for shells
- Make append work something like this
cook file1 =/= file2
, make sure chars directly work with all terminals. - Making raw string works like as it works in programming languages. Means better parser.
- I don't know, you might use your creativity and add some awesome features.
- You can buy me a coffee☕