I would like to discuss about an improvement I would like to make for all wordlists related packages (security related) but I’m not sure if that is a good idea or if there is another good idea, see :
If I’m using for instance wpscan/gobuster/feroxbuster/nmap/hydra (a tool that needs as an input a wordlist to bruteforce) my experience is not great during pentesting because I need to find in /nix/store/ the proper package folder containing seclists pkg and look into $out/share/wordlists
Usually under others distros wordlists installed using a package manager are stored in /usr/share/wordlists but this is not always the case (others paths proposed are /usr/share/dict or /usr/share/<whatever_name_that_feats>
I would like community feedback on this possible improvement and also know if it seems wise to other users or is there a better way to use the current package without changing anything that I’m not aware of ?
Because, when using the wordlists package, you get two extra scripts that are wordlists and wordlists_path, which respectively display the lists from disk, and give the filesystem location where the lists can be found.
Hey, I did as I said in the comment and wrote it into the package description D:
The wordlists package provides two scripts. One is called wordlists, and it will list a tree of all the wordlists installed. The other one is called wordlists_path which will print the path to the nix store location of the lists. You can for example do $(wordlists_path)/rockyou.txt to get the location of the rockyou wordlist. If you want to modify the available wordlists you can override the lists attribute`. In your nixos configuration this would look similiar to this:
you can use this with nix-shell by doing: nix-shell -p 'wordlists.override { lists = with (import <nixpkgs> {}); [ nmap ]; }' If you want to add a new package that provides wordlist/s the convention is to copy it to {file}$out/share/wordlists/myNewWordlist`.