Merge pull request #240 from JBiggs610/passwordlist

Password List Generator
2026-02-20 13:50:45 +00:00 · 2023-05-12 17:29:10 +01:00
parent 6fc4193c1a ed53b1f3ed
commit 151745ed0e
5 changed files with 226 additions and 0 deletions
--- a/lib/resources/linelists/top_100_websites
+++ b/lib/resources/linelists/top_100_websites
@@ -0,0 +1,100 @@
+https://www.google.com
+https://www.youtube.com
+https://www.facebook.com
+https://www.amazon.com
+https://www.wikipedia.org
+https://www.twitter.com
+https://www.instagram.com
+https://www.linkedin.com
+https://www.yahoo.com
+https://www.reddit.com
+https://www.microsoft.com
+https://www.netflix.com
+https://www.sina.com
+https://www.zoom.us
+https://www.pinterest.com
+https://www.teams.microsoft.com
+https://www.apple.com
+https://www.bing.com
+https://www.github.com
+https://www.imdb.com
+https://www.aliexpress.com
+https://www.bilibili.com
+https://www.twitch.tv
+https://www.stackoverflow.com
+https://www.alibaba.com
+https://www.adobe.com
+https://www.espn.com
+https://www.office365.com
+https://www.nytimes.com
+https://www.dropbox.com
+https://www.salesforce.com
+https://www.hulu.com
+https://www.indeed.com
+https://www.wikipedia.com
+https://www.microsoftonline.com
+https://www.walmart.com
+https://www.paypal.com
+https://www.zillow.com
+https://www.ebay.com
+https://www.cnn.com
+https://www.spotify.com
+https://www.weibo.com
+https://www.roblox.com
+https://www.oracle.com
+https://www.booking.com
+https://www.quora.com
+https://www.foxnews.com
+https://www.dropboxusercontent.com
+https://www.nike.com
+https://www.adp.com
+https://www.craigslist.org
+https://www.foxsports.com
+https://www.cnbc.com
+https://www.bbc.com
+https://www.booking.com
+https://www.ups.com
+https://www.abcnews.go.com
+https://www.naver.com
+https://www.theguardian.com
+https://www.boston.com
+https://www.att.com
+https://www.medicalnewstoday.com
+https://www.ign.com
+https://www.sony.com
+https://www.stripe.com
+https://www.groupon.com
+https://www.nbcnews.com
+https://www.theverge.com
+https://www.cnet.com
+https://www.macys.com
+https://www.realtor.com
+https://www.fidelity.com
+https://www.glassdoor.com
+https://www.weather.com
+https://www.xfinity.com
+https://www.merriam-webster.com
+https://www.buzzfeed.com
+https://www.legacy.com
+https://www.usatoday.com
+https://www.fandango.com
+https://www.wellsfargo.com
+https://www.homedepot.com
+https://www.webex.com
+https://www.allrecipes.com
+https://www.weforum.org
+https://www.ca.gov
+https://www.npr.org
+https://www.ikea.com
+https://www.surveymonkey.com
+https://www.nintendo.com
+https://www.zdnet.com
+https://www.speedtest.net
+https://www.bloomberg.com
+https://www.zillow.com
+https://www.whitepages.com
+https://www.quickenloans.com
+https://www.washingtonpost.com
+https://www.dailymail.co.uk
+https://www.cbssports.com
+https://www.buzzfeednews.com
--- a/modules/generators/content/password_file/password_file.pp
+++ b/modules/generators/content/password_file/password_file.pp
--- a/modules/generators/content/password_file/secgen_local/local.rb
+++ b/modules/generators/content/password_file/secgen_local/local.rb
@@ -0,0 +1,91 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+require 'erb'
+require 'fileutils'
+class PasswordFileGenerator < StringGenerator
+  attr_accessor :website_sample
+  attr_accessor :user_list
+  attr_accessor :pass_list
+  attr_accessor :malicious
+  attr_accessor :benign
+  attr_accessor :mal_website_lines
+  attr_accessor :website_lines
+  LOCAL_DIR = File.expand_path('../../',__FILE__)
+  INTERESTS_DIR = "../../../../../lib/resources/interests"
+  TEMPLATE_PATH = "#{LOCAL_DIR}/templates/password_file.md.erb"
+  MALICIOUS_PATH = "#{INTERESTS_DIR}/malicious/"
+  BENIGN_PATH = "#{INTERESTS_DIR}/benign/"
+  def initialize
+    super
+    self.pass_list = Array.new
+    self.user_list = Array.new
+    self.malicious = ''
+    self.benign = ''
+    self.mal_website_lines = Array.new
+    self.website_lines = Array.new
+  end
+  
+  def get_options_array
+    super + [['--passwords', GetoptLong::REQUIRED_ARGUMENT],
+    ['--usernames', GetoptLong::REQUIRED_ARGUMENT],
+    ['--benign', GetoptLong::REQUIRED_ARGUMENT],
+    ['--malicious', GetoptLong::OPTIONAL_ARGUMENT]]
+  end
+
+  def process_options(opt, arg)
+    super
+    case opt
+    when '--passwords'
+      arr = arg.split(',', -1)
+      arr.each{ |pass|
+        self.pass_list << pass.delete(' ')
+      }
+    when '--usernames'
+      arr = arg.split(',', -1)
+      arr.each{ |user|
+        self.user_list << user.delete(' ')
+      }
+    when '--benign'
+      self.benign << arg;
+    when '--malicious'
+      self.malicious << arg;
+    end
+  end
+
+def generate
+
+
+  if self.malicious != "" 
+    malicious_interest = "#{MALICIOUS_PATH}#{self.malicious}"
+    self.mal_website_lines = File.readlines("#{malicious_interest}/websites").map(&:strip)
+  end
+  random_interest = "#{BENIGN_PATH}#{self.benign}"
+
+  self.website_lines = File.readlines("#{random_interest}/websites").map(&:strip)
+  
+  passLength = self.pass_list.length()
+  userLength = self.user_list.length()
+  self.website_sample = website_lines.sample(10)
+  self.website_sample << mal_website_lines.sample(10)
+  self.website_sample = self.website_sample.flatten
+  self.website_sample = self.website_sample.shuffle()
+  
+  if passLength == 0
+    warn "Empty Array"
+   exit 1
+  end
+
+  template_out = ERB.new(File.read(TEMPLATE_PATH), 0, '<>-')
+  self.outputs << template_out.result(self.get_binding)
+end
+
+
+  # Returns binding for erb files (access to variables in this classes scope)
+  # @return binding
+  def get_binding
+    binding
+  end
+end
+
+PasswordFileGenerator.new.run
+
--- a/modules/generators/content/password_file/secgen_metadata.xml
+++ b/modules/generators/content/password_file/secgen_metadata.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+
+  <name>Password List File Generator</name>
+  <author>Jack Biggs</author>
+  <module_license>MIT</module_license>
+  <description>Creates a file in which logins are contained for multiple  websites.</description>
+
+  <type>string_generator</type>
+  <type>local_calculation</type>
+  <platform>linux</platform>
+  
+  <read_fact>passwords</read_fact>
+  <read_fact>usernames</read_fact>
+  <read_fact>benign</read_fact>
+  <read_fact>malicious</read_fact>
+
+  <output_type>generated_strings</output_type>
+</generator>
--- a/modules/generators/content/password_file/templates/password_file.md.erb
+++ b/modules/generators/content/password_file/templates/password_file.md.erb
@@ -0,0 +1,13 @@
+# Password list
+
+<%
+    website_count = 0
+    pass_list.each { |pass|
+%>
+## <%= website_sample[website_count] %>
+### Username: <%= user_list[website_count] %>
+### Password: <%= pass %>
+<% website_count += 1 %>
+    <%
+    }
+%>