LinuxCommandLibrary

kiterunner-wordlist

Generate wordlists for web content discovery

TLDR

List all cached and available Assetnote wordlists

$ kiterunner wordlist list
copy

List wordlists with JSON output
$ kiterunner wordlist list [[-o|--output]] [json]
copy

List wordlists with verbose debug output
$ kiterunner wordlist list [[-v|--verbose]] [debug]
copy

Save a specific Assetnote wordlist by alias
$ kiterunner wordlist save [apiroutes-210328]
copy

Save a specific Assetnote wordlist by full filename
$ kiterunner wordlist save [path/to/httparchive_apiroutes_2024_05_28.txt]
copy

Save multiple wordlists by alias
$ kiterunner wordlist save [apiroutes-210328,aspx-210328]
copy

Save a wordlist with quiet mode to suppress output
$ kiterunner wordlist save [apiroutes-210328] [[-q|--quiet]]
copy

SYNOPSIS

kiterunner-wordlist [options]

PARAMETERS

-d, --domain
    Specify the target domain.

-w, --words
    A comma seperated list of words to use for the wordlist, by default this is generated from the domain

-i, --input
    Read words from the file, each word should be on a new line.

-o, --output
    Output the wordlist to a file instead of standard output.

-s, --simple
    Create a simple wordlist, disabling complex permutations and combinations.

-e, --extensions
    File extensions to append to each word (comma-separated, e.g., php,html,txt).

-m, --max-length
    Maximum length of the generated words (default: unlimited).

-c, --common
    Include common words for the target.

-h, --help
    Show help message.

DESCRIPTION

The kiterunner-wordlist command is a utility, often part of the Kiterunner suite, used to create wordlists tailored for content discovery during web application security testing and reconnaissance. It intelligently generates permutations and combinations of words based on a target domain and provided keywords.

Instead of relying solely on generic, static wordlists, kiterunner-wordlist allows for the creation of dynamic wordlists, potentially uncovering hidden directories, files, and parameters specific to the target. It helps to identify potentially sensitive information, misconfigurations, and vulnerabilities that might not be found with broader, less-targeted scans.

The primary goal is to produce a wordlist that maximizes the chances of identifying live endpoints while minimizing the size of the wordlist, improving scan efficiency.

CAVEATS

The effectiveness of the generated wordlist depends heavily on the quality and relevance of the keywords provided or derived from the domain. Overly complex wordlists can significantly increase scanning time.

EXAMPLES

Basic Usage:
kiterunner-wordlist example.com > wordlist.txt

With custom keywords:
kiterunner-wordlist -w admin,login,secret example.com > wordlist.txt

With extensions:
kiterunner-wordlist -e php,html example.com > wordlist.txt

Read keywords from file:
kiterunner-wordlist -i keywords.txt example.com > wordlist.txt

SEE ALSO

ffuf(1), gobuster(1), dirb(1), dirsearch(1)

Copied to clipboard