Personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc.
If you want to add more or If you know the authorship of a dictionary, contact me.
π
Passwords
π₯
Users
π
Injections - PayloadsAllTheThings
- A list of useful payloads and bypass for Web Application Security and Pentest/CTF (CSRF, LDAP, NoSQL, XEE, etc.).
- Cross-Site Scripting (XSS)
- Cross-Site Scripting (XSS) by SecLists
- XSS swf fuzz
- XSS remote payloads HTTPS
- XSS remote payloads HTTP
- XSS payloads quick
- XSS grep
- XSS funny stored
- XSS find inject
- XSS escape chars
- XML Attacks
- Auth Bypass
- command exec
- Overflow
- Payload injectx
- SQLI error based
- SQLI time based
- SQLI union select
- SQLI escape chars
- SQL
- SQL by SecLists
- Databases by SecLists
- Path Trasversal
- Path Trasversal short
- Path Trasversal by 1N3
- URL payloads
- SSI
- SSI Jhaddix
- LFI
- LDAP
- JSON
πΉ
Languages
π·οΈ
Vendors/Software - Web content
- CMS, DB, APIs, Web Servers, etc. by SecLists.
- Vendor Default
- Tomcat
- Oracle
- ckeditor 4.7.3 (by @_devalias)
- GovCMS 7.x-2.15 (by @_devalias)
- ASP
- JSP
- PHP 1/2
- PHP 2/2
- Exploitable PHP functions
π
Domains/Subdomains - Mix Subdomains popular 2020 (incoming...)
- Mix Subdomains popular 2017
- Mix Subdomains popular 2016
- Certificate Transparency Subdomains
π
Others - Google Fuzzing Dictionaries
- Naughty Strings
- User Agents
- Google 10000 English
- This repo contains a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus.
π¨
Tools - BurpSuite
- Burp-pack with all the dictionaries available in the tool BurpSuite.
- SQLmap
- sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
- Hashcat
- World's fastest and most advanced password recovery utility.
- Dirb
- DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.
- Fuzzdb
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- DirSearch
- Web path scanner.
- Wfuzz
- Web application fuzzer http://wfuzz.io.
- Cfuzzer
- url-fuzzer.
- Pyfuzz
- URL fuzzing tool made of Python.
- CommonSpeak
- Commonspeak is a wordlist generation tool that leverages public datasets from Google's BigQuery platform.
Do you want more info? In my personal blog there are some more :
- Device search engines.
π - Links to resources.
π - 1024MEGAS.com.
π¨βπ»
Collected by @Dormidera.