This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

Twofi -- Create Custom Wordlist From Twitter


Previously, we had talked about some custom wordlists tools like Crunch & Cewl. But today we are going to discuss about a tool called twofi (Twitter words of interest), it can use to grab the contents of the user's or company's twitter feed. We can create decent wordlist from a user or brand who use Twitter heavily, then we can use our created custom wordlist for cracking passwords.

Twofi Create Custom wordlist from Twitter on Kali Linux

Twofi is created by Robin Wood at DigNinja, it is written in Rubi. Twofi comes preinstalled with Kali Linux, if we are using some kind of light version of Kali Linux then we can install it by using simple sudo apt install twofi command. Also we can get it directly from it's GitHub repository.

Without wasting more time let we check the help section of twofi by using following command:

twofi -h

In the following screenshot we can see the help menu of twofi,

twofi help on Kali Linux
First thing to use this tool we need to configure the config file. Which is located on /etc/twofi/twofi.yml we open this for edit by using following command on our terminal.

sudo nano /etc/twofi/twofi.yml

In the following screenshot we can see the output of the above command:

twofi config file default
Here we can see that we need to put our API key and API secret key. Now where to get Twitter's API ?

Well, we need a Twitter developer account for this. To get a Twitter developer account we need to apply for it on Twitter Developer Platform. There after applying they will ask us some questions on mail related to how we are going to use this developer account and API keys. If they were satisfied on our answers then we can easily get our developer account along with API keys. We got it.

Now we filled our API key and secret key on the twofi config file as we can see in the following screenshot:

twofi config api keys
We don't want to show our API keys for security reasons
After that we need to save and close our nano editor (CTRL+X, Enter ↲). Now we are ready to use twofi.

Let's run twofi and create an custom wordlist against our Twitter account (Please follow us), here we need to use our Twitter username (that is @KaliLinux_in). For our password list we are targeting words having minimum length 6. So our command will be following:

sudo twofi -m 6 -u @KaliLinux_in > Twtterwordlist.txt

In the above command we had selected -m flag to specify our minimum password length for wordlist i.e 6 (we can choose whatever we want), we have also specified the user using -u flag, if we want to select multiple users in one wordlist then we need to use -U flag with the list of users. Then we generate the output in a txt file named Twitterwordlist.txt we can choose a name as we want.

In the following screenshot we can see that our command is complete.

twofi task completed on Kali Linux

Now our wordlist is generated, it will be saved on our working directory (in our case it is our home directory). We can see the wordlist by using cat filename command. So in our case we use following command:

cat Twitterwordlist.txt

We can see our generated wordlist now, as the following screenshot:

twofi wordlist is ready

We can see our generated wordlist on the above screenshot.

These type of wordlist will be beneficial against individuals (Did someone say Twitter addicts), because humans are generally ignorant. They don't care much about security risks.

Warning:- This tutorial is for educational purpose only. Attacking others is a serious crime. If anyone do any illegal activity then we are not responsible for that. Use the tools to gain knowledge only and use them with responsibility.

This is how we can create a wordlist based on anyone's Twitter profile using twofi on our Kali Linux system.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Kali Linux


No comments
Post a Comment