Skip to content
/ wordListHub Public

A secure Django-based web interface for browsing, navigating, and viewing wordlists stored on a server, with safe path handling and directory traversal protection.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NakuTenshi/wordListHub

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
app
app
 
 
static
static
 
 
templates
templates
 
 
wordListHub
wordListHub
 
 
wordlist
wordlist
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
manage.py
manage.py
 
 

Repository files navigation

WordListHub

WordListHub is a lightweight Django-based web application for browsing, viewing, uploading, and downloading wordlists stored on a server.
It is designed mainly for bug bounty hunters, recon workflows, and payload management, with strong focus on secure path handling.

🚀 Features

  • Browse wordlist directories via a web interface
  • View wordlist files directly in the browser (raw text)
  • Upload wordlists (staff users only)
  • Download all wordlists as a ZIP archive
  • Simple API endpoint to list directories (staff only)
  • Protection against directory traversal attacks

📁 Required Project Structure

Your wordlists must be placed inside the wordlist/ directory in the project root.

Expected structure:

Desktop/wordListHub
├── db.sqlite3
├── Downloader
├── manage.py
├── static
├── templates
├── wordlist        <-- ⚠️ PLACE YOUR WORDLISTS HERE
└── wordListHub

Only files and directories inside wordlist/ will be accessible through the application.

⚙️ Important Configuration

1️⃣ MEDIA_ROOT

MEDIA_ROOT in wordListHub/settings.py must point to the wordlist/ directory.

Example:

MEDIA_ROOT = "/home/username/Desktop/wordListHub/wordlist"

2️⃣ SECRET_KEY (Required)

You must change the Django SECRET_KEY before running the project.

File:

wordListHub/settings.py

Recommended approach (environment variable):

import os
SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "dev-secret-key")

⚠️ Never commit your real SECRET_KEY to a public repository.

▶️ Running the Project (Local)

  1. Clone the repository:
git clone https://github.com/yourusername/wordlisthub.git
cd wordlisthub
  1. Create and activate virtual environment:
python3 -m venv venv
source venv/bin/activate
  1. Install dependencies:
pip install django
  1. Apply migrations and run server:
python manage.py migrate
python manage.py runserver

Open in browser:

http://127.0.0.1:8000/?path=/

🔎 Available Endpoints

  • /
    Browse directories using the path parameter
    Example:

    /?path=/subdir/

  • /show?file=...
    View wordlist file content

  • /upload
    Upload wordlists (authenticated staff users only)

  • /api/get_dirs/
    Returns directory list as JSON (staff users only)

  • /api/download
    Download all wordlists as a ZIP file

🔐 Security Notes

  • All user-supplied paths are sanitized using Path.resolve() and is_relative_to()
  • Access outside MEDIA_ROOT is blocked
  • Upload and API access are restricted to staff users
  • Designed for local or trusted environments
  • Add authentication and HTTPS before public deployment

🧠 Common Use Cases

  • Bug bounty payload management
  • Recon wordlist hosting
  • Internal security tooling
  • Centralized wordlist server

Created By: ehsan

About

A secure Django-based web interface for browsing, navigating, and viewing wordlists stored on a server, with safe path handling and directory traversal protection.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages