projectdiscovery / alterx Goto Github PK
View Code? Open in Web Editor NEWFast and customizable subdomain wordlist generator using DSL
License: MIT License
Fast and customizable subdomain wordlist generator using DSL
License: MIT License
The Alter example doesn't work. Have you stopped supporting the project?
echo "www1.google.com" | alterx -silent -es 400
gives no output. while removing that flag alterx works as usual
Where are the Alterx releases?
permutation.yaml
Context projectdiscovery/utils#256
Hello,
I am currently running alterx on a Debian VPS, and I have encountered an issue where the VPS quickly runs out of disk space. It seems that temporary files created during the dedupe process are not being deleted. I believe this issue is related to the problem described in ticket #3693 on the projectdiscovery/nuclei GitHub repository.
alterx-report-*
.To reproduce the issue, please follow these steps:
cat subdomains.txt | alterx -silent -enrich -limit 2000000
du -sh /tmp/nuclei-report-*
(Please note that some folders may be related to real nuclei reports)Please let me know if you need more infos.
Regards,
swdb
Subs.txt contains 15k lines
Results in 100+GB file with the enrich flag
So a max file output size and a max runtime switch would be great. Other than that the tool is awesome!!
-limit int limit the number of results to return (default 0)
When using the -pp parameter, the word variable must be overwritten, otherwise the return will be empty.
When the following command is executed, the return is empty
echo target.com |./alterx -p '{{word}}-{{fuzz}}.{{suffix}}' -pp fuzz=data
Only when the -pp parameter is used to overwrite the word variable, it will be generated normally
Based on the first command above, I just need to overwrite the fuzz variable, and the word variable uses the keywords in the default configuration file permutations.yaml. But the rewriting of the word variable must be specified at the same time in use, which may not be necessary
When using the alterx as a library to generate subdomain wordlists, it appears to be generating zero permutations. I'm using the example code provided in alterx's repository i.e., https://github.com/projectdiscovery/alterx/blob/main/examples/main.go
P.S.: I can't run with verbose mode as Options
struct doesn't have the Verbose
field.
就是像这样 识别子域中是否存在特定关键字 进行同类型的替换
xxx.apiv1.xxx.projectdiscovery.io
》
xxx.apiv2.projectdiscovery.io
xxx.apiv3.projectdiscovery.io
xxx.apiv4.projectdiscovery.io
xxx.forum.projectdiscovery.io
》
xxx.blogs.projectdiscovery.io
xxx.oa.projectdiscovery.io
xxx.mail.projectdiscovery.io
xxx.html5.projectdiscovery.io
》
xxx.ios.projectdiscovery.io
xxx.android.projectdiscovery.io
xxx.web.projectdiscovery.io
dev
flag
replace it with goflags$ ./alterx -h
Fast and customizable subdomain wordlist generator using DSL
Usage:
alterx [flags]
Flags:
INPUT:
-l, -list string file containing list of subdomains to use as base (INPUT: stdin,single,multiple,file)
-w, -word words to use with alterx permutation (optional) (INPUT: single, multiple, file)
-p, -pattern words to use with alterx permutation (optional) (INPUT: single, multiple, file)
OUTPUT:
-o, -output output file to write altered subdomain list (INPUT: file)
CONFIG:
-config alterx cli config file (default "$HOME/.config/alterx/config.yaml")
-ac alterx permutation config file (default "$HOME/.config/alterx/permutation.yaml")
-dr, -dry-run dry run and only return generated permutation counter
UPDATE:
-up, -update update alterx to latest version
-duc, -disable-update-check disable automatic alterx update check
INPUT
go run
instead of go buildgo run -race .
examples/main.go
and run it as part of Build Workflow (Refer TestMutatorResults
)Description:
The comparison was done by Six2dez, a user who compared four different permutation tools, including AlterX. The results were shared on Twitter and can be found here.
AlterX generated a total of 29,055,038 results, but only 1,665 were resolved, resulting in a resolution percentage of approximately 0.0057%.
Proposed Changes:
Pattern Generation: The number of generated patterns is quite high. While this could be seen as a positive aspect, it might also lead to unnecessary processing and storage usage. We need to focus on generating fewer, but more relevant patterns.
Resolution Percentage: The resolution percentage is currently quite low. We need to improve this by ensuring that a higher percentage of the generated patterns are resolved.
Expected Outcome:
By addressing these issues, we expect to improve the efficiency and effectiveness of AlterX. This should result in a tool that generates fewer patterns but resolves a higher percentage of them, providing more value to the users and being practical to use in the workflow.
Additional Information:
Please take a look at the original tweet and the comparison for more details. If you have any questions or if you need any more information, feel free to ask.
I've been using alterx to process the results of passive subdomain enumeration from tools like subfinder, amass, and findomain. The combined list contains approximately 7 million subdomains.
Command: alterx -l passive_subdomains.txt -en -silent
It's taking an excessively long time to complete - more than a day or two.
I'm curious if there are any optimizations or configurations that can be made to reduce the execution time and wondering if alterx supports concurrent processing to speed up the processing of large datasets like this.
Any help or guidance on this would be greatly appreciated. Thanks in advance.
Hi @projectdiscovery team,
An Awesome & Nice tool to work with : )
And It will be great and more helpful if implement support for loading wordlists file on permutations.yaml for payloads just like loading files on other yaml configs
patterns:
- "{{word}}-{{sub}}.{{suffix}}"
- "{{sub}}-{{word}}.{{suffix}}"
payloads:
word: /path/to/wordlists.txt
Thanks & Regards,
@zy9ard3
alterx
now has full support for generating subdomains/urls by using patterns with clusterbomb . It should also support Alteration
// Example
$ cat urls.txt. | alterx -a "{{qvalue}}=xss.txt". // replace all query values in urls with xss payloads
$ cat urls.txt. | alterx -a "{{qvalue}}=sqli.txt" // replace all query values in urls with sqli payloads
$ cat urls.txt. | alterx -r "{{qvalue}}=xss.txt" --alter-once // should not replace all parameters
Since your recent build there has been an intermittent issue with the core of this tool causing hangs in a call to it from an external program this was tested in diff environments and seems to have started occurring two days ago I wish you guys the best but I pulled it out. I can't even be specific it just hangs that's all we are seeing.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.