This script generates file variant dictionaries based on given target file paths or URLs. It creates comprehensive lists of potential file variants including backup files, temporary files, version numbers, and other common patterns. The tool can process single targets or batch process lists from a file.
-
Supports Multiple URL Formats:
- Full HTTP URL:
http://192.168.1.1/test.php - HTTPS URL:
https://example.com/admin/login.php - IP/Filename format:
192.168.1.1/test.php - Direct filename:
test.php
- Full HTTP URL:
-
Batch Processing:
- Read targets from a text file line by line
- Supports comment lines (starting with #)
- Automatically skips empty lines
- Error handling and statistics
-
Smart Grouping:
- Files from the same IP are automatically added to the same dictionary file
- Avoids duplicate entries
- Automatically generates filenames based on IP
-
Dynamic Dictionary Generation:
- Generates around 75 variants per file
- Includes backup files, temporary files, version numbers, etc.
- Supports common backup patterns
Batch Processing:
python3 file_variants_generator.py targets.txtSingle File Processing:
python3 file_variants_generator.py test.php
python3 file_variants_generator.py 192.168.1.1/test.php
python3 file_variants_generator.py http://192.168.1.1/test.phpThe script will automatically recognize the input format and correctly parse the IP address and filename, generating corresponding dynamic dictionary files.
# Process a PHP file
python3 file_variants_generator.py test.php
# Process with IP address
python3 file_variants_generator.py 192.168.1.1/admin.php
# Process with full URL
python3 file_variants_generator.py https://example.com/config.json
# Specify custom output file
python3 file_variants_generator.py test.php my_custom_dict.txtCreate a targets file (e.g., targets.txt):
# Target file list example
# Supports multiple URL formats
# Full HTTP URL format
http://192.168.1.1/test.php
https://example.com/admin/login.php
http://10.0.0.1/api/config.json
# IP/filename format
192.168.1.1/index.php
192.168.1.1/admin.php
10.0.0.1/backup.sql
localhost/upload.php
# Direct filename format
test.php
config.json
admin.html
database.db
settings.ini
# More examples
192.168.1.100/api.php
192.168.1.100/login.jsp
https://target.com/wp-config.php
http://vulnerable.site/debug.log
Then run:
python3 file_variants_generator.py targets.txtFor a file like test.php, the script generates variants including:
test.php.baktest.php.backuptest.php.oldtest.php.origtest.php.savetest.php.tmptest.php.copytest.php~test.baktest.backuptest.old
backup_test.phptest_backup.phpold_test.phptest_old.phpcopy_test.phptest_copy.phpnew_test.phptest_new.phporiginal_test.phptest_original.php
#test.php#.test.php.swptest.php.tmptest.php.temp~test.phptest.php~
test.php.1throughtest.php.9test.php_1throughtest.php_9test_1.phpthroughtest_9.php
test.php.ziptest.php.tar.gztest.php.rartest.php.logtest.php.txt
The script automatically generates dictionary files based on the target IP/domain:
dict_192_168_1_1.txtfor targets from 192.168.1.1dict_example_com.txtfor targets from example.comdict_localhost.txtfor direct filenames or localhost targets
Files from the same IP/domain are automatically appended to the same dictionary file, with duplicate detection to avoid redundancy.
- Python 3.x
- No external dependencies required
This tool is particularly useful for:
- Penetration Testing: Discovering backup files and temporary files on web servers
- Bug Bounty Hunting: Finding exposed sensitive files
- Security Assessment: Checking for common backup file patterns
- Directory Brute-forcing: Creating targeted wordlists for tools like dirb, dirbuster, or gobuster
This tool is designed for authorized security testing only. Always ensure you have proper permission before testing any systems that you do not own.