Add support for multiple wordlist files via -w flag

irsdl · irsdl · commit 6b03f7953441 · 2025-10-21T16:33:16.000+01:00
Implemented:
- Changed Wordlist (string) to Wordlists ([]string) to support multiple -w flags
- Created loadWordlist() helper function to load individual wordlist files
  * Detects format (rainbow table vs plain text)
  * Auto-generates 8.3 filenames for plain text using Gen8dot3()
  * Returns records and format flag
- Created mergeWordlists() helper function for smart deduplication
  * Uses filename+extension as key for uniqueness
  * Prioritizes rainbow table entries over plain text
  * Tracks duplicate count for logging
- Updated main wordlist loading logic to:
  * Loop through multiple wordlist files
  * Merge with deduplication
  * Enable rainbow mode if ANY wordlist is rainbow format
  * Log informative messages (entries, files, duplicates)
- Updated README with usage examples and documentation

Features:
✅ Multiple wordlist files supported (-w file1 -w file2 -w file3)
✅ Smart deduplication (rainbow entries override plain text)
✅ Mix plain text and rainbow table formats
✅ Auto-generate 8.3 names for plain text wordlists
✅ Backward compatible (single -w still works)
✅ Informative logging at INFO level

Testing:
✅ Multiple wordlists: Works, deduplication confirmed
✅ Single wordlist: Works, backward compatible
✅ No wordlist: Default embedded wordlist works
✅ Build successful, no compilation errors
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ Additional features implemented in this fork:
 
 | Feature | Description |
 |---------|-------------|
+| Multiple Wordlists (`-w`) | Support for specifying multiple wordlist files using multiple `-w` flags. Wordlists are merged with automatic deduplication. Supports mixing plain text and rainbow table formats. Rainbow table entries take priority when duplicates are found. |
 | Relaxed Match Mode (`-R`) | Enables detection of tentative matches where the final status matches the negative marker. Useful for Jakarta/CFM files that can be loaded via their 8.3 short filenames. Tentative matches are marked with yellow color in human output and `"tentative": true` in JSON output. |
 | Case-insensitive `INDEX_ALLOCATION` | The `replaceBinALLOCATION()` function now uses case-insensitive matching for `bin::$INDEX_ALLOCATION` paths. |
 | WAF Evasion | Changed session identifier from `(S(x))` to `(S(d))` to avoid detection by sensitive WAFs. |
@@ -120,6 +121,18 @@ shortscan -R http://example.org/  # Enable relaxed match mode
 shortscan -R -v 1 http://example.org/  # With debug logging to see status details
 ```
 
+To use multiple wordlists (supports both plain text and rainbow tables):
+```
+# Use multiple wordlists - they will be merged with deduplication
+shortscan -w custom.txt -w pkg/shortscan/resources/dll.txt http://example.org/
+
+# Mix plain text and rainbow tables (rainbow entries take priority)
+shortscan -w pkg/shortscan/resources/wordlist.txt -w custom_dll.txt http://example.org/
+
+# Combine multiple specialized wordlists
+shortscan -w aspx_files.txt -w dll_files.txt -w config_files.txt http://example.org/
+```
+
 ### Advanced features
 
 The following options allow further tweaks:
diff --git a/pkg/shortscan/shortscan.go b/pkg/shortscan/shortscan.go
@@ -143,7 +143,7 @@ var requestDelay time.Duration
 // Command-line arguments and help
 type arguments struct {
 	Urls         []string `arg:"positional,required" help:"url to scan (multiple URLs can be provided; a file containing URLs can be specified with an «at» prefix, for example: @urls.txt)" placeholder:"URL"`
-	Wordlist     string   `arg:"-w" help:"combined wordlist + rainbow table generated with shortutil" placeholder:"FILE"`
+	Wordlists    []string `arg:"--wordlist,-w,separate" help:"combined wordlist + rainbow table generated with shortutil (can be specified multiple times)" placeholder:"FILE"`
 	Headers      []string `arg:"--header,-H,separate" help:"header to send with each request (use multiple times for multiple headers)"`
 	Concurrency  int      `arg:"-c" help:"number of requests to make at once" default:"20"`
 	Timeout      int      `arg:"-t" help:"per-request timeout in seconds" placeholder:"SECONDS" default:"10"`
@@ -1121,6 +1121,122 @@ func Scan(urls []string, hc *http.Client, st *httpStats, wc wordlistConfig, mk m
 
 }
 
+// loadWordlist loads a single wordlist file and returns its records and format type
+func loadWordlist(filePath string) ([]wordlistRecord, bool, error) {
+	var records []wordlistRecord
+	var isRainbow bool
+
+	// Open the file
+	fh, err := os.Open(filePath)
+	if err != nil {
+		return nil, false, err
+	}
+	defer fh.Close()
+
+	// Scan the file
+	scanner := bufio.NewScanner(fh)
+	lineNum := 0
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		// Check first line for rainbow table magic value
+		if lineNum == 0 && line == rainbowMagic {
+			isRainbow = true
+			lineNum++
+			continue
+		}
+
+		// Skip blank lines and comments
+		if len(line) == 0 || line[0] == '#' {
+			lineNum++
+			continue
+		}
+
+		// Parse based on format
+		if isRainbow {
+			// Rainbow table format: checksum\tfile83\text83\tfilename\textension
+			if strings.Count(line, "\t") != 4 {
+				return nil, false, fmt.Errorf("invalid rainbow table entry at line %d: incorrect tab count", lineNum)
+			}
+
+			parts := strings.Split(line, "\t")
+			checksum, f83, e83, filename, extension := parts[0], parts[1], parts[2], parts[3], parts[4]
+			if len(extension) > 0 {
+				extension = "." + extension
+			}
+			records = append(records, wordlistRecord{checksum, filename, extension, f83, e83})
+
+		} else {
+			// Plain text format: filename.extension
+			var r wordlistRecord
+			if p := strings.LastIndex(line, "."); p > 0 && line[0] != '.' {
+				// Has extension
+				filename, ext := line[:p], line[p:]
+				_, f83, e83 := shortutil.Gen8dot3(filename, ext)
+				r = wordlistRecord{"", filename, ext, f83, e83}
+			} else {
+				// No extension (or starts with dot)
+				_, f83, _ := shortutil.Gen8dot3(line, "")
+				r = wordlistRecord{"", line, "", f83, ""}
+			}
+			records = append(records, r)
+		}
+
+		lineNum++
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, false, err
+	}
+
+	return records, isRainbow, nil
+}
+
+// mergeWordlists merges multiple wordlists with deduplication, prioritizing rainbow table entries
+func mergeWordlists(wordlists [][]wordlistRecord, rainbowFlags []bool) ([]wordlistRecord, int, bool) {
+	// Use map for deduplication with key = filename + extension
+	recordMap := make(map[string]wordlistRecord)
+	duplicateCount := 0
+	hasRainbow := false
+
+	// Check if any wordlist is a rainbow table
+	for _, isRainbow := range rainbowFlags {
+		if isRainbow {
+			hasRainbow = true
+			break
+		}
+	}
+
+	// Merge all wordlists
+	for i, records := range wordlists {
+		isRainbow := rainbowFlags[i]
+
+		for _, record := range records {
+			key := record.filename + record.extension
+
+			if existing, exists := recordMap[key]; exists {
+				duplicateCount++
+				// Priority: rainbow table entries override plain text entries
+				if isRainbow && existing.checksums == "" {
+					// Current is rainbow, existing is plain text - override
+					recordMap[key] = record
+				}
+				// Otherwise keep existing (either both are rainbow, both are plain, or existing is rainbow)
+			} else {
+				recordMap[key] = record
+			}
+		}
+	}
+
+	// Convert map to slice
+	merged := make([]wordlistRecord, 0, len(recordMap))
+	for _, record := range recordMap {
+		merged = append(merged, record)
+	}
+
+	return merged, duplicateCount, hasRainbow
+}
+
 // Run kicks off scans from the command line
 func Run() {
 
@@ -1222,76 +1338,97 @@ func Run() {
 	// Compile the checksum detection regex
 	checksumRegex = regexp.MustCompile(".{1,2}[0-9A-F]{4}")
 
-	// Select the wordlist
-	var s *bufio.Scanner
-	if args.Wordlist != "" {
-		log.WithFields(log.Fields{"file": args.Wordlist}).Info("Using custom wordlist")
-		fh, err := os.Open(args.Wordlist)
-		if err != nil {
-			log.WithFields(log.Fields{"err": err}).Fatal("Unable to open wordlist")
-		}
-		s = bufio.NewScanner(fh)
-	} else {
-		log.Info("Using built-in wordlist")
-		fh, _ := defaultWordlist.Open("resources/wordlist.txt")
-		s = bufio.NewScanner(fh)
-	}
+	// Load wordlist(s)
+	if len(args.Wordlists) > 0 {
+		// Load multiple custom wordlists
+		var allWordlists [][]wordlistRecord
+		var rainbowFlags []bool
 
-	// Read the wordlist into memory
-	n := 0
-	for s.Scan() {
+		for _, filePath := range args.Wordlists {
+			log.WithFields(log.Fields{"file": filePath}).Info("Loading wordlist")
+			records, isRainbow, err := loadWordlist(filePath)
+			if err != nil {
+				log.WithFields(log.Fields{"file": filePath, "err": err}).Fatal("Unable to load wordlist")
+			}
+			allWordlists = append(allWordlists, records)
+			rainbowFlags = append(rainbowFlags, isRainbow)
+		}
 
-		// Read the line
-		line := s.Text()
+		// Merge wordlists with deduplication
+		merged, duplicates, hasRainbow := mergeWordlists(allWordlists, rainbowFlags)
+		wc.wordlist = merged
+		wc.isRainbow = hasRainbow
 
-		// Check the first line for the rainbow table magic value
-		if n == 0 && line == rainbowMagic {
-			wc.isRainbow = true
-			log.Info("Rainbow table provided, enabling auto dechecksumming")
-			continue
+		// Log results
+		if len(args.Wordlists) == 1 {
+			log.WithFields(log.Fields{"entries": len(merged)}).Info("Loaded wordlist")
+		} else {
+			if duplicates > 0 {
+				log.WithFields(log.Fields{"entries": len(merged), "files": len(args.Wordlists), "duplicates": duplicates}).Info("Loaded unique entries from wordlists")
+			} else {
+				log.WithFields(log.Fields{"entries": len(merged), "files": len(args.Wordlists)}).Info("Loaded entries from wordlists")
+			}
 		}
 
-		// Skip blank lines and comments
-		if l := len(line); l == 0 || line[0] == '#' {
-			continue
+		if hasRainbow {
+			log.Info("Rainbow table enabled, auto dechecksumming available")
 		}
 
-		// Add the line to the wordlist
-		if wc.isRainbow {
-
-			// Check tab count
-			if strings.Count(line, "\t") != 4 {
-				log.WithFields(log.Fields{"line": line}).Fatal("Wordlist entry invalid (incorrect tab count)")
-				log.Fatal("")
+	} else {
+		// Use embedded default wordlist
+		log.Info("Using built-in wordlist")
+		fh, _ := defaultWordlist.Open("resources/wordlist.txt")
+		scanner := bufio.NewScanner(fh)
+
+		lineNum := 0
+		for scanner.Scan() {
+			line := scanner.Text()
+
+			// Check first line for rainbow table magic value
+			if lineNum == 0 && line == rainbowMagic {
+				wc.isRainbow = true
+				log.Info("Rainbow table provided, enabling auto dechecksumming")
+				lineNum++
+				continue
 			}
 
-			// Split the line and add the word
-			c := strings.Split(line, "\t")
-			f, e, f83, e83 := c[3], c[4], c[1], c[2]
-			if len(e) > 0 {
-				e = "." + e
+			// Skip blank lines and comments
+			if len(line) == 0 || line[0] == '#' {
+				lineNum++
+				continue
 			}
-			wc.wordlist = append(wc.wordlist, wordlistRecord{c[0], f, e, f83, e83})
 
-		} else {
+			// Add the line to the wordlist
+			if wc.isRainbow {
+				// Check tab count
+				if strings.Count(line, "\t") != 4 {
+					log.WithFields(log.Fields{"line": line}).Fatal("Wordlist entry invalid (incorrect tab count)")
+				}
+
+				// Split the line and add the word
+				c := strings.Split(line, "\t")
+				f, e, f83, e83 := c[3], c[4], c[1], c[2]
+				if len(e) > 0 {
+					e = "." + e
+				}
+				wc.wordlist = append(wc.wordlist, wordlistRecord{c[0], f, e, f83, e83})
 
-			// Split the line into file and extension and generate an 8.3 version
-			var r wordlistRecord
-			if p := strings.LastIndex(line, "."); p > 0 && line[0] != '.' {
-				f, e := line[:p], line[p:]
-				_, f83, e83 := shortutil.Gen8dot3(f, e)
-				r = wordlistRecord{"", f, e, f83, e83}
 			} else {
-				_, f83, _ := shortutil.Gen8dot3(line, "")
-				r = wordlistRecord{"", line, "", f83, ""}
+				// Split the line into file and extension and generate an 8.3 version
+				var r wordlistRecord
+				if p := strings.LastIndex(line, "."); p > 0 && line[0] != '.' {
+					f, e := line[:p], line[p:]
+					_, f83, e83 := shortutil.Gen8dot3(f, e)
+					r = wordlistRecord{"", f, e, f83, e83}
+				} else {
+					_, f83, _ := shortutil.Gen8dot3(line, "")
+					r = wordlistRecord{"", line, "", f83, ""}
+				}
+				wc.wordlist = append(wc.wordlist, r)
 			}
-			wc.wordlist = append(wc.wordlist, r)
 
+			lineNum++
 		}
-
-		// Next
-		n += 1
-
 	}
 
 	// Let's go!
