When doing penetration testing, security professionals regularly have to deal with words that are specific to the task at hand, and many are not found in common wordlists. Another problem comes from popular tools, many of which are challenging to customize.
The OWASP Basic Expression & Lexicon Variation Algorithms Project (pyOwaspBELVA) is a custom dictionary builder that enables the user to import data from proxies such as ZAP and Burp, substitute letters/numbers/special characters, apply policies to select and remove words, as well as write plugins for extendability. The app also allows the pen tester to create a custom username-based on policy.
Leave a reply