#!/usr/bin/env python3 """ Wordlists loader - reads all wordlists from wordlists.json This allows easy customization without touching Python code. """ import json from pathlib import Path from logger import get_app_logger class Wordlists: """Loads and provides access to wordlists from wordlists.json""" def __init__(self): self._data = self._load_config() def _load_config(self): """Load wordlists from JSON file""" config_path = Path(__file__).parent.parent / "wordlists.json" try: with open(config_path, "r") as f: return json.load(f) except FileNotFoundError: get_app_logger().warning( f"Wordlists file {config_path} not found, using default values" ) return self._get_defaults() except json.JSONDecodeError as e: get_app_logger().warning(f"Invalid JSON in {config_path}: {e}") return self._get_defaults() def _get_defaults(self): """Fallback default wordlists if JSON file is missing or invalid""" return { "usernames": { "prefixes": ["admin", "user", "root"], "suffixes": ["", "_prod", "_dev"], }, "passwords": { "prefixes": ["P@ssw0rd", "Admin"], "simple": ["test", "demo", "password"], }, "emails": {"domains": ["example.com", "test.com"]}, "api_keys": {"prefixes": ["sk_live_", "api_", ""]}, "databases": { "names": ["production", "main_db"], "hosts": ["localhost", "db.internal"], }, "applications": {"names": ["WebApp", "Dashboard"]}, "users": {"roles": ["Administrator", "User"]}, "server_headers": ["Apache/2.4.41 (Ubuntu)", "nginx/1.18.0"], } @property def username_prefixes(self): return self._data.get("usernames", {}).get("prefixes", []) @property def username_suffixes(self): return self._data.get("usernames", {}).get("suffixes", []) @property def password_prefixes(self): return self._data.get("passwords", {}).get("prefixes", []) @property def simple_passwords(self): return self._data.get("passwords", {}).get("simple", []) @property def email_domains(self): return self._data.get("emails", {}).get("domains", []) @property def api_key_prefixes(self): return self._data.get("api_keys", {}).get("prefixes", []) @property def database_names(self): return self._data.get("databases", {}).get("names", []) @property def database_hosts(self): return self._data.get("databases", {}).get("hosts", []) @property def application_names(self): return self._data.get("applications", {}).get("names", []) @property def user_roles(self): return self._data.get("users", {}).get("roles", []) @property def directory_files(self): return self._data.get("directory_listing", {}).get("files", []) @property def directory_dirs(self): return self._data.get("directory_listing", {}).get("directories", []) @property def directory_listing(self): return self._data.get("directory_listing", {}) @property def fake_passwd(self): return self._data.get("fake_passwd", {}) @property def fake_shadow(self): return self._data.get("fake_shadow", {}) @property def xxe_responses(self): return self._data.get("xxe_responses", {}) @property def command_outputs(self): return self._data.get("command_outputs", {}) @property def error_codes(self): return self._data.get("error_codes", []) @property def sql_errors(self): return self._data.get("sql_errors", {}) @property def attack_patterns(self): return self._data.get("attack_patterns", {}) @property def server_errors(self): return self._data.get("server_errors", {}) @property def server_headers(self): return self._data.get("server_headers", []) @property def suspicious_patterns(self): return self._data.get("suspicious_patterns", []) @property def username_fields(self): return self._data.get("credential_fields", {}).get("username_fields", []) @property def password_fields(self): return self._data.get("credential_fields", {}).get("password_fields", []) @property def attack_urls(self): """Deprecated: use attack_patterns instead. Returns attack_patterns for backward compatibility.""" return self._data.get("attack_patterns", {}) _wordlists_instance = None def get_wordlists(): """Get the singleton Wordlists instance""" global _wordlists_instance if _wordlists_instance is None: _wordlists_instance = Wordlists() return _wordlists_instance