Users can extract all the possible words(parameters, values, endpoints) by piping the URLs from Burp project to few linux commands.
- Data Collection: Collect URLs in Burpsuite Project
- Words Extraction: Pipe the URLs to linux commands to extract words
- Cleaning: Remove researcher and program related words.
- Send a Pull Request.
- Hack at the organization for few days atleast and collect URLs with most of the application covered.
- Save the Burpsuite Project, Copy all URLs from HTTP history or Sitemap.
- Sort the URLs and Save in a text file.
cat burp_urls.txt| cut -d'/' -f4-100 | tr '/' '\n' | tr '?' '\n' | tr '&' '\n' | tr '=' '\n' | sort -u | tee wordlist.txt
cat wordlist.txt | grep -v <words-t-remove> | tee final_wordlist.txt
Please clean the wordlist after removing your personal data and program related data (program name, sensitive words that can reveal program info).
After completing all previous phases, create a PR and the team will accept your PR within a week.