ScrapPY: generate wordlists that can be utilized by offensive security tools

by Nam Phong · October 17, 2025

ScrapPY: PDF Scraping Made Easy

ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools to perform brute force, forced browsing, and dictionary attacks. ScrapPY performs word frequency, entropy, and metadata analysis, and can run in full output modes to craft custom wordlists for targeted attacks. The tool dives deep to discover keywords and phrases leading to potential passwords or hidden directories, outputting to a text file that is readable by tools such as Hydra, Dirb, and Nmap. Expedite initial access, vulnerability discovery, and lateral movement with ScrapPY!

Install

$ mkdir ScrapPY
$ cd ScrapPY/
$ sudo git clone https://github.com/RoseSecurity/ScrapPY.git
$ pip3 install -r requirements.txt

Use

Output metadata of document:

$ python3 ScrapPY.py -f example.pdf -m metadata

Output the top 100 frequently used keywords to a file name Top_100_Keywords.txt:

$ python3 ScrapPY.py -f example.pdf -m word-frequency -o Top_100_Keywords.txt

Output all keywords to the default ScrapPY.txt file:

$ python3 ScrapPY.py -f example.pdf

Output the top 100 keywords with the highest entropy rating:

$ python3 ScrapPY.py -f example.pdf -m entropy

ScrapPY Output:

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”%23%20ScrapPY%20outputs%20the%20ScrapPY.txt%20file%20or%20specified%20name%20file%20to%20the%20directory%20in%20which%20the%20tool%20was%20ran.%20To%20view%20the%20first%20fifty%20lines%20of%20the%20file%2C%20run%20this%20command%3A%0A%0A%24%20head%20-50%20ScrapPY.txt%0A%0A%23%20To%20see%20how%20many%20words%20were%20generated%2C%20run%20this%20command%3A%0A%0A%24%20wc%20-l%20ScrapPY.txt”/]

Integration with Offensive Security Tools:

Easily integrate with tools such as Dirb to expedite the process of discovering hidden subdirectories:

root@RoseSecurity:~# dirb http://192.168.1.123/ /root/ScrapPY/ScrapPY.txt

Utilize ScrapPY with Hydra for advanced brute force attacks:

root@RoseSecurity:~# hydra -l root -P /root/ScrapPY/ScrapPY.txt -t 6 ssh://192.168.1.123

Enhance Nmap scripts with ScrapPY wordlists:

nmap -p445 –script smb-brute.nse –script-args userdb=users.txt,passdb=ScrapPY.txt 192.168.1.123

Source: https://github.com/RoseSecurity/

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal