Description
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, including usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Installation
BASH
# Kali/Debian (pre-installed on Kali)
sudo apt install seclists
# Clone
git clone https://github.com/danielmiessler/SecLists.gitCommon Paths
BASH
# Web content discovery
/usr/share/seclists/Discovery/Web-Content/common.txt
/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
# DNS
/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
/usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
# Fuzzing
/usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt
/usr/share/seclists/Fuzzing/SQLi/
# Passwords
/usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
/usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt
# Usernames
/usr/share/seclists/Usernames/top-usernames-shortlist.txtOther Wordlist Sources
BASH
# Assetnote wordlists
https://wordlists.assetnote.io/
# OneListForAll
https://github.com/six2dez/OneListForAll
# FuzzDB
https://github.com/fuzzdb-project/fuzzdb