glitchedgitz / cook Goto Github PK

Pre-defined sets are working but not ranges:

$ cook a-f0-9 -config-path /usr/share/cook/cook.yaml 
a-f0-9

$ cook 10-20 -config-path /usr/share/cook/cook.yaml
10-20

$ cook a-z -config-path /usr/share/cook/cook.yaml
a-z

$ cook a -config-path /usr/share/cook/cook.yaml 
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z

On BlackArch Linux we packaged cook this way: https://github.com/BlackArch/blackarch/blob/master/packages/cook/PKGBUILD

As for all ArchLinux packages, cook binary is deployed under /usr/bin/cook and config files under /urs/share/cook (eg. /usr/share/cook/cook.yaml).

Launching cook like that just fails because cook is not able to find it's configuration file

$ cook a                                       
2021/12/04 16:31:56 Err: Parsing YAML yaml: unmarshal errors:
  line 1: cannot unmarshal !!str `Not Found` into map[string][]string

So as a workaround the user is forced to either define the conf file path with the environment variable or the parameter

$ cook a -config-path /usr/share/cook/cook.yaml

It's happening because this was implemented rather than what I suggested.

I don't really know where cook is looking for it's config file because even if you copy cook.yml under /usr/bin or in the working directory cook won't find it.

There are 2 solutions to that:

Solution 1

Implementing a XDG compliant config deployment cf. #13 (reply in thread)

Solution 2

define a go BUILD variable to defined the install path, so when the binary is build any linux distro maintainer would be able to define INSTALLDIR=/usr/bin/cook and cook would look here for it's config file.

Idea

I think any tool creator should think about "how OS maintainers/packagers will deploy my tool on their OS" rather than assume that people will just git clone the tool cd in the repo and do ./tool. Else it prevent for mass deployment on OSes or complexify the work of OS packagers.

Hi
Thank you for providing this awesome tool!!
I wanna merge 2 files with smart method but i don't know how, i have read your guide in the repository but still i'm a bit confused ....
Suppose that i have 2 wordlists (wordlist1 and wordlist2) , what is the command to merge 2 wordlists together using smart method?
Thank you!

hello
Can you support an option for a loop or a repeater
example

cook -start admin,root -sep -,. -end test,help start:sep:end

output normal

admin-test
admin-help
admin.test
admin.help
root-test
root-help
root.test
root.help

the output can you support

admin-test
admin-help
admin.test
admin.help
root-test
root-help
root.test
root.help

test-admin
test-root
test.admin
test.root
help-admin
help-root
help.admin
help.root

With the addition of an option for that, and not to be done automatically

Hello there,
firstly, thanks a lot for the tool, i am exploring and it is really good.
However, i am facing an issue with the option of 'files'
in the cook.yaml, if i change the path of files i.e the password file from my local filesystem, then i am getting error.
example command - cook -admin admin,root,superuser,su,sa,moderator -s "." -sep / https://mysite.com:sep:admin:robot_1000
i am changing the location referred in the cook.yaml file to my local filesystem. When i run the above command, then i get the error `E:\tools\wordlists\SecLists\Discovery\Web-Content\RobotsDisallowed-Top1000.txt
panic: open E:\tools\wordlists\SecLists\Discovery\Web-Content\RobotsDisallowed-Top1000.txt: no such file or directory

goroutine 1 [running]:
main.fileValues(0x84c0280, 0x4e, 0xbffa46d2, 0xa, 0x84f011c)
/home/kali/go/src/github.com/giteshnxtlvl/cook/main.go:157 +0x172
main.main()
/home/kali/go/src/github.com/giteshnxtlvl/cook/main.go:226 +0x53b
`
i even tried changing the path in the main.go file as shown in the above error but it throws out the same error.

Can you help me on where i am messing up?? or is it an issue.

Thanks in advance.

files:
  bo0m_fuzz: [https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt]
raw_files:
  bxss: [E:\tools\base\bxss.txt]

Is there a reason why the value of the wordlist is a list here ?

Should we maybe switch to:

files:
  bo0m_fuzz: "https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt"
raw_files:
  bxss: "E:\tools\base\bxss.txt"

Is there a way I can generate a double digit range like:

00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19

This is useful for server naming which usually uses conventions similar to this

run this command:
cook a,A s,S

we expectation print :

as
aS
As
AS

but output is:

a!
a#
a$
a%
a&
a(
...SNIP....
A^
A_
A`
A|
A~
A"
AS

I use cook Version 2.0

How to save a wordlist that has just been generated?

Command:
cook.exe -start first,second -end 2020,2021 start:end
or cook.exe first,second:2020,2021

Outputs:

error: yaml: line 4: found character that cannot start any tokenfirst2020
first2021
second2020
second2021

Empty lines with file mode

cook -f: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt f

Hi,
thanks for the great tool, sadly I've got some problems with it.

Version: (i do not know how to get it while downloading it with go get ..)

md5sum /root/go/bin/cook
## output:
# 55e5ae65e1dafadb32960afb301f4349  /root/go/bin/cook

I do not understand the regular expression function. I'm trying to use the regex from here

Empty responses:

echo -e 'Job[49]\njob[49]\nJob[49]\njob[50]' | cook -d - d -m regex[^[a-z]+\[[0-9]+\]]
## outputs nothing

echo 'adam[23]\neve[7]\nJob[48]\nsnakey' | cook -d - -m regex[^[a-z]+\[[0-9]+\]] d 
## output (should be adam[23] and eve[7] but is:
# adam[23]

The date function different in linux (maybe in future change it to square bracket instead of parenthesis)?

cook help usage | grep dob | cut -d '$' -f 2 | sh
## output:
# sh: 1: Syntax error: "(" unexpected

# i found the problem, should wildcard the brackets in linux:
cook help usage | grep dob | cut -d '$' -f 2 | sed -e 's/^[ \t]*//' | replace \( \\\( | replace \) \\\) | bash
elliot_17Sep1994
elliot_Sep171994
elliot_17/Sep/1994
elliot_Sep/17/1994
elliot_17-Sep-1994
elliot_Sep-17-1994
elliot_17.Sep.1994
elliot_Sep.17.1994
elliot_17.1994
elliot_Sep.1994
elliot_17.Sep
elliot-17Sep1994
elliot-Sep171994
elliot-17/Sep/1994
elliot-Sep/17/1994
elliot-17-Sep-1994
elliot-Sep-17-1994
elliot-17.Sep.1994
elliot-Sep.17.1994
elliot-17.1994
elliot-Sep.1994
elliot-17.Sep

regards,

esp0xdeadbeef.

Context

I was surprise the BA PKGBUILD for cook was using version 1.6 and 2.0 because we are using the last commit (217) from the git source and not a specific release.

Troubleshooting

While building the PKGBUILD manually I found that it was targeting version 1.6 (see screenshot)

I'm not familiar with go building process, but it seems that the following commands (https://github.com/BlackArch/blackarch/blob/cd42e3f9aa06e236bd22d18ad9a11ac5265e9895/packages/cook/PKGBUILD#L25-L34) are fetching the @latest release.
So I checked the git tags here and found they were inconsistent: 1.0, v1.5, v1.6.0, 2.0.a, 2.0. Sometimes it using x.y and sometimes x.y.z (not following semver https://semver.org/) but more importantly sometimes it has the v prepended and sometimes not. So I think the go resolver find that v1.6.0 is matching @latest because alphabetically v.1.6.0 is higher than 2.0 (ASCII order).

irb(main):001:0> ['1.0', 'v1.5', 'v1.6.0', '2.0.a', '2.0'].sort
=> ["1.0", "2.0", "2.0.a", "v1.5", "v1.6.0"]

Solution

Solution A

Remove old git tags and create new git tags that all match the same versioning convention.

Example of end result:

1.0.0
1.5.0
1.6.0
2.0.0
2.0.0-a

# or

v1.0.0
v1.5.0
v1.6.0
v2.0.0
v2.0.0-a

Solution B

If you want to keep the old references, you can create new tags following the convention with the higher precedence.

Example of end result:

1.0
2.0
2.0.a
v1.0.0
v1.5
v1.5.0
v1.6.0
v2.0.0
v2.0.0-a

About 2.0.0 and 2.0.0-a 2.0.0-a < 2.0.0 (see semver precedence) so no worry it's not alphabetically in the right order. If you want to be extra sure make the actual 2.0 become 2.0.1.

Tools look great, would be awesome to see a year, month, and season extension set added!

Can you create a cook-recipe repository so people can share their cook.yml config?