v0x

command module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2026 License: MIT Imports: 1 Imported by: 0

README

v0x

A modern web wordlist generator written in Go. Conceptually similar to CeWL but with headless browser support, structured output formats, and optional authentication.

Install

go install github.com/RowanDark/v0x@latest

Browser binary setup (headless mode)

Headless mode requires Chromium managed by playwright-go. Run once after installing:

playwright install chromium

Or via the Makefile:

make install-browsers

Usage examples

# Basic crawl — words printed to stdout, one per line (CeWL-compatible)
v0x --url https://target.com

# Headless crawl, depth 3, JSON output to file
v0x --url https://target.com --depth 3 --format json --output wordlist.json

# Form-based login (headless only)
v0x --url https://target.com/dashboard \
    --auth-form-url https://target.com/login \
    --auth-form-user admin --auth-form-pass hunter2

# Cookie injection
v0x --url https://target.com --auth-cookie "session=abc123; csrf=xyz"

# Bearer token
v0x --url https://app.target.com --auth-bearer eyJhbGci...

# Static mode (no headless), markdown report
v0x --url https://target.com --no-headless --format md --output report.md

All flags

Flag Default Description
--url (required) Target URL to start crawling from
--depth 2 Maximum crawl depth
--delay 500 Delay in milliseconds between requests
--min-word-length 3 Minimum word length to collect
--format txt Output format: txt, json, csv, md
--output (stdout) Output file path
--headless true Use headless Chromium via playwright-go
--no-headless Disable headless; use net/http instead
--user-agent v0x/1.0 Custom User-Agent string
--verbose false Log pages visited, word counts, and auth strategy
--timeout 5m Max crawl duration; 0 disables the timeout
--auth-form-url URL of the login form page (headless only)
--auth-form-user Username to fill in the login form
--auth-form-pass Password to fill in the login form
--auth-form-user-field username name attribute of the username input
--auth-form-pass-field password name attribute of the password input
--auth-form-submit [type=submit] CSS selector for the submit button
--auth-verify-selector CSS selector that must be present after login to confirm authentication succeeded
--auth-basic-user HTTP Basic auth username
--auth-basic-pass HTTP Basic auth password
--auth-cookie Cookie string, e.g. "session=abc; token=xyz"
--auth-bearer Bearer token for the Authorization header
--auth-header Custom header in "Name: Value" format

Auth examples

Form-based login (headless only)

Navigates to the login page, fills credentials, submits the form, then crawls the authenticated session.

v0x --url https://target.com/dashboard \
    --auth-form-url https://target.com/login \
    --auth-form-user admin \
    --auth-form-pass hunter2 \
    --auth-form-user-field email \
    --auth-form-pass-field password \
    --auth-form-submit "button[type=submit]"
Form login with post-login verification

Use --auth-verify-selector to confirm authentication succeeded before crawling begins. Provide a CSS selector that only appears when authenticated (e.g. a nav item, account menu, or dashboard element). This is especially useful when the login redirects to a different domain (SSO) or uses the same URL path on success.

v0x --url https://target.com/dashboard \
    --auth-form-url https://target.com/login \
    --auth-form-user admin \
    --auth-form-pass hunter2 \
    --auth-verify-selector "#account-menu"
HTTP Basic auth
v0x --url https://target.com \
    --auth-basic-user admin \
    --auth-basic-pass hunter2

Inject one or more cookies from an existing authenticated session.

v0x --url https://target.com \
    --auth-cookie "session=abc123; csrf=xyz789"
Bearer token
v0x --url https://app.target.com \
    --auth-bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Custom header
v0x --url https://app.target.com \
    --auth-header "X-Api-Key: my-secret-key"

Output formats

Format Description
txt One word per line, sorted — compatible with tools that consume CeWL output
json Structured JSON with words, emails, metadata, and crawl stats
csv Word, length, and source columns
md Human-readable Markdown report with wordlist, email, and metadata sections

Build from source

git clone https://github.com/RowanDark/v0x
cd v0x
make build
./v0x --url https://example.com

Testing

# Unit tests
make test

# Integration smoke test (spins up an in-process HTTP server)
make integration

Project layout

v0x/
├── cmd/
│   ├── root.go              # Cobra root command, flag binding, crawl pipeline
│   └── integration_test.go  # Integration smoke test (build tag: integration)
├── internal/
│   ├── auth/                # Auth strategies: form, basic, cookie, bearer
│   ├── config/              # Config struct
│   ├── crawler/             # Crawler interface, playwright + net/http impls
│   ├── extractor/           # Word, email, and metadata extraction
│   └── output/              # Output formatters: txt, json, csv, md
├── main.go
├── go.mod
└── Makefile

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
auth
Package auth provides authentication strategies for both headless (playwright) and HTTP crawl modes.
 Package auth provides authentication strategies for both headless (playwright) and HTTP crawl modes.
config
crawler
extractor
output

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.