top of page
Search

Twofi - Create Custom Wordlist From Twitter

We are going to discuss about a tool called twofi (Twitter words of interest), it can use to grab the contents of the user's or company's Twitter feed. We can create decent wordlist from a user or brand who use Twitter heavily, then we can use our created custom wordlist for cracking passwords.


Twofi is created by Robin Wood at DigNinja, it is written in Rubi. Twofi comes preinstalled with Kali Linux, if we are using some kind of light version of Kali Linux then we can install it by using simple sudo apt install twofi command. Also we can get it directly from it's GitHub repository.

Without wasting more time let we check the help section of twofi by using following command:

twofi -h

In the following screenshot we can see the help menu of twofi,


First thing to use this tool we need to configure the config file. Which is located on /etc/twofi/twofi.yml we open this for edit by using following command on our terminal.


sudo nano /etc/twofi/twofi.yml

In the following screenshot we can see the output of the above command:


Here we can see that we need to put our API key and API secret key. Now where to get Twitter's API ?


Well, we need a Twitter developer account for this. To get a Twitter developer account we need to apply for it on Twitter Developer Platform. There after applying they will ask us some questions on mail related to how we are going to use this developer account and API keys. If they were satisfied on our answers then we can easily get our developer account along with API keys. We got it.

Now we filled our API key and secret key on the twofi config file as we can see in the following screenshot:


We don't want to show our API keys for security reasonsAfter that we need to save and close our nano editor (CTRL+X, Enter ↲). Now we are ready to use twofi.


Let's run twofi and create an custom wordlist against a Twitter account, here we need to use our Twitter username (that is @KaliLinux_in). For our password list we are targeting words having minimum length 6. So our command will be following:

sudo twofi -m 6 -u @KaliLinux_in > Twtterwordlist.txt

In the above command we had selected -m flag to specify our minimum password length for wordlist i.e 6 (we can choose whatever we want), we have also specified the user using -u flag, if we want to select multiple users in one wordlist then we need to use -U flag with the list of users. Then we generate the output in a txt file named Twitterwordlist.txt we can choose a name as we want.

In the following screenshot we can see that our command is complete.


Now our wordlist is generated, it will be saved on our working directory (in our case it is our home directory). We can see the wordlist by using cat filename command. So in our case we use following command:

cat Twitterwordlist.txt

We can see our generated wordlist now, as the following screenshot:


We can see our generated wordlist on the above screenshot.

These type of wordlist will be beneficial against individuals (Did someone say Twitter addicts), because humans are generally ignorant. They don't care much about security risks.

This is how we can create a wordlist based on anyone's Twitter profile using twofi on our Kali Linux system.

Comments

©2022 www.theblackthreat.in All right reserved.
bottom of page