Previously, we had talked about some custom wordlists tools like Crunch & Cewl. But today we are going to discuss about a tool called twofi (Twitter words of interest), it can use to grab the contents of the user's or company's twitter feed. We can create decent wordlist from a user or brand who use Twitter heavily, then we can use our created custom wordlist for cracking passwords.
Twofi is created by Robin Wood at DigNinja, it is written in Rubi. Twofi comes preinstalled with Kali Linux, if we are using some kind of light version of Kali Linux then we can install it by using simple sudo apt install twofi command. Also we can get it directly from it's GitHub repository.
Without wasting more time let we check the help section of twofi by using following command:
In the following screenshot we can see the help menu of twofi,
First thing to use this tool we need to configure the config file. Which is located on /etc/twofi/twofi.yml we open this for edit by using following command on our terminal.In the following screenshot we can see the output of the above command:
Here we can see that we need to put our API key and API secret key. Now where to get Twitter's API ?Well, we need a Twitter developer account for this. To get a Twitter developer account we need to apply for it on Twitter Developer Platform. There after applying they will ask us some questions on mail related to how we are going to use this developer account and API keys. If they were satisfied on our answers then we can easily get our developer account along with API keys. We got it.
Now we filled our API key and secret key on the twofi config file as we can see in the following screenshot:
We don't want to show our API keys for security reasons |
Let's run twofi and create an custom wordlist against our Twitter account (Please follow us), here we need to use our Twitter username (that is @KaliLinux_in). For our password list we are targeting words having minimum length 6. So our command will be following:
In the above command we had selected -m flag to specify our minimum password length for wordlist i.e 6 (we can choose whatever we want), we have also specified the user using -u flag, if we want to select multiple users in one wordlist then we need to use -U flag with the list of users. Then we generate the output in a txt file named Twitterwordlist.txt we can choose a name as we want.
In the following screenshot we can see that our command is complete.
Now our wordlist is generated, it will be saved on our working directory (in our case it is our home directory). We can see the wordlist by using cat filename command. So in our case we use following command:
We can see our generated wordlist now, as the following screenshot:
We can see our generated wordlist on the above screenshot.
These type of wordlist will be beneficial against individuals (Did someone say Twitter addicts), because humans are generally ignorant. They don't care much about security risks.
Warning:- This tutorial is for educational purpose only. Attacking others is a serious crime. If anyone do any illegal activity then we are not responsible for that. Use the tools to gain knowledge only and use them with responsibility.
This is how we can create a wordlist based on anyone's Twitter profile using twofi on our Kali Linux system.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.