This post is going to be more of a quickie. You know how sometimes you have a couple of wordlists for scanning subdirectories or files, and when one returns nothing, you try the next one?

Have you ever thought to yourself, “Man, this is annoying, I have to start this scan again, and there is probably a huge overlap in these wordlists!” Well… combine them!

Say you are fuzzing subdirectories and you want to use the word lists common.txt, dirsearch.txt and big.txt.

Combine them into one file:

$ cat /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt /usr/share/wordlists/seclists/Discovery/Web-Content/dirsearch.txt /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt > combined.txt
du -sh combined.txt       
344K combined.txt

Great, now you have a combined.txt and the contents are first the common.txt, then dirsearch.txt and finally big.txt. The order is important, put the word lists you think will give better results first. But now there may be some words in there that are duplicates. This wastes time when using the list. Most online resources for removing duplicates tell you to sort the list and then use uniq to remove the duplicates… but that changes the whole order of the list to alphabetical. We don’t want that! So we use this little awk command.

$ awk '!a[$0]++' combined.txt > combined_unique.txt                           
du -sh combined_unique.txt
296K combined_unique.txt

And voila, you have combined the three lists, ordered by your own priority, and removed the duplicates. Nice! Give it a good name, like “webfuzz_custom.txt” and save it somewhere.

You can do the same with passwords, for example use fasttrack.txt (a really small list that is very popular in CTF environments) and combine it with rockyou.txt and maybe even something else. Pick some smaller ones first, as the ones at the beginning should hopefully be the more popular passwords, and put the big password lists behind them.

$ cd /usr/share/wordlists/seclists/Passwords
$ cat 500-worst-passwords.txt xato-net-10-million-passwords-100.txt probable-v2-top207.txt darkweb2017-top100.txt 2023-200_most_used_passwords.txt 2020-200_most_used_passwords.txt xato-net-10-million-passwords-1000000.txt probable-v2-top12000.txt darkweb2017-top10000.txt mssql-passwords-nansh0u-guardicore.txt darkc0de.txt bt4-password.txt > ~/combined_passwords.txt                                                                                                                                                          
$ du -sh ~/combined_passwords.txt     
40M     /home/kali/combined_passwords.txt
$ awk '!a[$0]++' ~/combined_passwords.txt > ~/custom_passwordlist.txt
$ du -sh ~/custom_passwordlist.txt                         
32M     /home/kali/custom_passwordlist.txt

Create lists for subdomains, etc. Whatever you need. The sky is the limit!

I know this may not be new to you, but I hope it helps someone. ✌️