Black Hat Python — Creating Word Lists with Burp Suite

In this post, I will show how we can use Burp to spider/ scrape a website and build a wordlist from the website content. The trick to online password guessing is getting the right word list. This method is a very quick way of achieving it. Here is the Burp Extender:

Apply this extender, by navigating to “Extender” > “Extensions” and Click “Add”. You will see the compiled word list in the Output window.

My test website is http://testphp.vulnweb.com. After spidering the site, I can invoke the “Create WordList” extender from the menu:

This produced the following word list:

Here is a sample of the output:

Consectetuer!
consectetuer1
Consectetuer1
consectetuer2017
Consectetuer2017
firstchild
Firstchild
firstchild!
Firstchild!
firstchild1
Firstchild1
firstchild2017
Firstchild2017
what
What
what!
What!
what1
What1
what2017
What2017
ory
Ory
ory!
Ory!
ory1
Ory1
ory2017
Ory2017
short
Short
short!
Short!
short1
Short1
short2017
Short2017
location
Location
location!
Location!
location1
Location1
location2017
Location2017