Personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc.
If you want to add more or If you know the authorship of a dictionary, contact me.
- Passwords, by SecLists
- Probable-Wordlist, by Berzerk0
- Passwords mix, by Werdlists
- A list of useful payloads and bypass for Web Application Security and Pentest/CTF (CSRF, LDAP, NoSQL, XEE, etc.).
- Cross-Site Scripting (XSS)
- Cross-Site Scripting (XSS) by SecLists
- XSS swf fuzz
- XSS remote payloads HTTPS
- XSS remote payloads HTTP
- XSS payloads quick
- XSS grep
- XSS funny stored
- XSS find inject
- XSS escape chars
- XML Attacks
- Auth Bypass
- command exec
- Payload injectx
- SQLI error based
- SQLI time based
- SQLI union select
- SQLI escape chars
- SQL by SecLists
- Databases by SecLists
- Path Trasversal
- Path Trasversal short
- Path Trasversal by 1N3
- URL payloads
- SSI Jhaddix
- Web content
- CMS, DB, APIs, Web Servers, etc. by SecLists.
- Vendor Default
- ckeditor 4.7.3 (by @_devalias)
- GovCMS 7.x-2.15 (by @_devalias)
- PHP 1/2
- PHP 2/2
- Exploitable PHP functions
- Mix Subdomains popular 2020 (incoming…)
- Mix Subdomains popular 2017
- Mix Subdomains popular 2016
- Certificate Transparency Subdomains
- Naughty Strings
- User Agents
- Google 10000 English
- This repo contains a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google’s Trillion Word Corpus.
- Burp-pack with all the dictionaries available in the tool BurpSuite.
- sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
- World’s fastest and most advanced password recovery utility.
- DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- Web path scanner.
- Web application fuzzer http://wfuzz.io.
- URL fuzzing tool made of Python.
- Commonspeak is a wordlist generation tool that leverages public datasets from Google’s BigQuery platform.